OpenStack Shared File Systems Service (Manila)

Refactor openstack.wsgi's authorize method as a decorator to reuse for all Manila APIs

Bug #1515397 reported by Goutham Pacha Ravi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Shared File Systems Service (Manila)
Fix Released
Undecided
Goutham Pacha Ravi

Bug Description

There is a method in manila/api/openstack/wsgi.py to check policy.json to authorize API use based on the context of the controller:

https://github.com/openstack/manila/blob/e4428f/manila/api/openstack/wsgi.py#L1114

I would like a simple refactor to the code to use it as a decorator in all of the APIs that currently either use this policy checking functionality.

Currently, APIs implement policy checking either from the function in manila/api/openstack/wsgi.py or locally implement their own policy checks leading to heavy inconsistency.

Some examples:

Use from manila/api/openstack/wsgi.py
https://github.com/openstack/manila/blob/e4428f5/manila/api/v1/availability_zones.py
https://github.com/openstack/manila/blob/0a6b19c/manila/api/v1/share_manage.py#L42

Local policy checks:
https://github.com/openstack/manila/blob/e4428f5/manila/api/v1/scheduler_stats.py#L44
https://github.com/openstack/manila/blob/e4428f5/manila/api/v1/security_service.py#L48

Goutham Pacha Ravi (gouthamr)
Changed in manila:
assignee: nobody → Goutham Pacha Ravi (gouthamr)
Goutham Pacha Ravi (gouthamr)
Changed in manila:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to manila (master)

Fix proposed to branch: master
Review: https://review.openstack.org/246555

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manila (master)

Reviewed: https://review.openstack.org/246555
Committed: https://git.openstack.org/cgit/openstack/manila/commit/?id=379ee2f31ca62fba16609b7aaf5ecb3670791463
Submitter: Jenkins
Branch: master

commit 379ee2f31ca62fba16609b7aaf5ecb3670791463
Author: Goutham Pacha Ravi <email address hidden>
Date: Sun Nov 15 21:56:35 2015 -0500

    Refactor authorize() method in wsgi.py

    Almost every API method written in Manila performs
    a policy check against relevant policies in etc/policy.json.
    A method - authorize() was introduced in
    manila/api/openstack/wsgi.py
    in commit e4428f5e6c324a674c76f81340e1c94a956b4c6c
    to perform these policy checks.

    This patch refactors the authorize() method as a decorator
    for consistency and easy usage in APIs that choose to
    implement the policy check prior to any core logic.

    Prior unit tests are modified for the APIs impacted through
    this change.

    The Cgsnapshots controller's policies are corrected for
    name consistency without impacting behavior.

    Change-Id: Ib34e166ab65513f8f02215c6569175fc9a913244
    Closes-Bug: #1515397

Changed in manila:
status: In Progress → Fix Committed
Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/manila 2.0.0.0b1

This issue was fixed in the openstack/manila 2.0.0.0b1 development milestone.

Changed in manila:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.