Volume targets/connectors Project Scoped RBAC

This patch adds project scoped access, as part of the work to delineate system and project scope access. Adds policies: * baremetal:volume:list_all * baremetal:volume:list * baremetal:volume:view_target_properties Change-Id: I898310b515195b7065a3b1c7998ef3f29f5e8747
author: Julia Kreger <juliaashleykreger@gmail.com> 2021-02-17 21:01:47 -0800
committer: Julia Kreger <juliaashleykreger@gmail.com> 2021-03-04 09:47:36 -0800
commit: e870bd34d0ccacbaef7f4e4def2535eb28f822b9 (patch)
tree: b92287d93bd5f4eb3f7e4295a59f63a8d1cc0eb5 /ironic/db/sqlalchemy/api.py
parent: e9dfe5ddaad7324d8d89fef0661f41f18542028f (diff)
download: ironic-e870bd34d0ccacbaef7f4e4def2535eb28f822b9.tar.gz
1 files changed, 34 insertions, 7 deletions
diff --git a/ironic/db/sqlalchemy/api.py b/ironic/db/sqlalchemy/api.py
index 7b5f1731b..6f38c4b8f 100644
--- a/ironic/db/sqlalchemy/api.py
+++ b/ironic/db/sqlalchemy/api.py
@@ -169,6 +169,20 @@ def add_portgroup_filter_by_node_project(query, value):
                         | (models.Node.lessee == value))
 
 
+def add_volume_conn_filter_by_node_project(query, value):
+    query = query.join(models.Node,
+                       models.VolumeConnector.node_id == models.Node.id)
+    return query.filter((models.Node.owner == value)
+                        | (models.Node.lessee == value))
+
+
+def add_volume_target_filter_by_node_project(query, value):
+    query = query.join(models.Node,
+                       models.VolumeTarget.node_id == models.Node.id)
+    return query.filter((models.Node.owner == value)
+                        | (models.Node.lessee == value))
+
+
 def add_portgroup_filter(query, value):
     """Adds a portgroup-specific filter to a query.
 
@@ -1235,9 +1249,12 @@ class Connection(api.Connection):
                 % addresses)
 
     def get_volume_connector_list(self, limit=None, marker=None,
-                                  sort_key=None, sort_dir=None):
+                                  sort_key=None, sort_dir=None, project=None):
+        query = model_query(models.VolumeConnector)
+        if project:
+            query = add_volume_conn_filter_by_node_project(query, project)
         return _paginate_query(models.VolumeConnector, limit, marker,
-                               sort_key, sort_dir)
+                               sort_key, sort_dir, query)
 
     def get_volume_connector_by_id(self, db_id):
         query = model_query(models.VolumeConnector).filter_by(id=db_id)
@@ -1256,8 +1273,10 @@ class Connection(api.Connection):
 
     def get_volume_connectors_by_node_id(self, node_id, limit=None,
                                          marker=None, sort_key=None,
-                                         sort_dir=None):
+                                         sort_dir=None, project=None):
         query = model_query(models.VolumeConnector).filter_by(node_id=node_id)
+        if project:
+            add_volume_conn_filter_by_node_project(query, project)
         return _paginate_query(models.VolumeConnector, limit, marker,
                                sort_key, sort_dir, query)
 
@@ -1315,9 +1334,12 @@ class Connection(api.Connection):
                 raise exception.VolumeConnectorNotFound(connector=ident)
 
     def get_volume_target_list(self, limit=None, marker=None,
-                               sort_key=None, sort_dir=None):
+                               sort_key=None, sort_dir=None, project=None):
+        query = model_query(models.VolumeTarget)
+        if project:
+            query = add_volume_target_filter_by_node_project(query, project)
         return _paginate_query(models.VolumeTarget, limit, marker,
-                               sort_key, sort_dir)
+                               sort_key, sort_dir, query)
 
     def get_volume_target_by_id(self, db_id):
         query = model_query(models.VolumeTarget).filter_by(id=db_id)
@@ -1334,15 +1356,20 @@ class Connection(api.Connection):
             raise exception.VolumeTargetNotFound(target=uuid)
 
     def get_volume_targets_by_node_id(self, node_id, limit=None, marker=None,
-                                      sort_key=None, sort_dir=None):
+                                      sort_key=None, sort_dir=None,
+                                      project=None):
         query = model_query(models.VolumeTarget).filter_by(node_id=node_id)
+        if project:
+            add_volume_target_filter_by_node_project(query, project)
         return _paginate_query(models.VolumeTarget, limit, marker, sort_key,
                                sort_dir, query)
 
     def get_volume_targets_by_volume_id(self, volume_id, limit=None,
                                         marker=None, sort_key=None,
-                                        sort_dir=None):
+                                        sort_dir=None, project=None):
         query = model_query(models.VolumeTarget).filter_by(volume_id=volume_id)
+        if project:
+            query = add_volume_target_filter_by_node_project(query, project)
         return _paginate_query(models.VolumeTarget, limit, marker, sort_key,
                                sort_dir, query)
author	Julia Kreger <juliaashleykreger@gmail.com>	2021-02-17 21:01:47 -0800
committer	Julia Kreger <juliaashleykreger@gmail.com>	2021-03-04 09:47:36 -0800
commit	e870bd34d0ccacbaef7f4e4def2535eb28f822b9 (patch)
tree	b92287d93bd5f4eb3f7e4295a59f63a8d1cc0eb5 /ironic/db/sqlalchemy/api.py
parent	e9dfe5ddaad7324d8d89fef0661f41f18542028f (diff)
download	ironic-e870bd34d0ccacbaef7f4e4def2535eb28f822b9.tar.gz