How to use the ceilometer.api.rbac.enforce function in ceilometer

To help you get started, we’ve selected a few ceilometer examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github openstack / ceilometer / ceilometer / api / controllers / v2 / meters.py View on Github external
def get_all(self, q=None, limit=None):
        """Return samples for the meter.

        :param q: Filter rules for the data to be returned.
        :param limit: Maximum number of samples to return.
        """

        rbac.enforce('get_samples', pecan.request)

        q = q or []
        limit = v2_utils.enforce_limit(limit)
        kwargs = v2_utils.query_to_kwargs(q, storage.SampleFilter.__init__)
        kwargs['meter'] = self.meter_name
        f = storage.SampleFilter(**kwargs)
        return [OldSample.from_db_model(e)
                for e in pecan.request.storage_conn.get_samples(f, limit=limit)
                ]
github openstack / ceilometer / ceilometer / api / controllers / v2.py View on Github external
def get_all(self, q=None, limit=None):
        """Return all known samples, based on the data recorded so far.

        :param q: Filter rules for the samples to be returned.
        :param limit: Maximum number of samples to be returned.
        """

        rbac.enforce('get_samples', pecan.request)

        q = q or []

        if limit and limit < 0:
            raise ClientSideError(_("Limit must be positive"))
        kwargs = _query_to_kwargs(q, storage.SampleFilter.__init__)
        f = storage.SampleFilter(**kwargs)
        return map(Sample.from_db_model,
                   pecan.request.storage_conn.get_samples(f, limit=limit))
github openstack / ceilometer / ceilometer / api / controllers / v2 / meters.py View on Github external
def post(self, direct='', samples=None):
        """Post a list of new Samples to Telemetry.

        :param direct: a flag indicates whether the samples will be posted
                       directly to storage or not.
        :param samples: a list of samples within the request body.
        """
        rbac.enforce('create_samples', pecan.request)

        direct = strutils.bool_from_string(direct)
        if not samples:
            msg = _('Samples should be included in request body')
            raise base.ClientSideError(msg)

        now = timeutils.utcnow()
        auth_project = rbac.get_limited_to_project(pecan.request.headers)
        def_source = pecan.request.cfg.sample_source
        def_project_id = pecan.request.headers.get('X-Project-Id')
        def_user_id = pecan.request.headers.get('X-User-Id')

        published_samples = []
        for s in samples:
            if self.meter_name != s.counter_name:
                raise wsme.exc.InvalidInput('counter_name', s.counter_name,
github openstack / ceilometer / ceilometer / api / controllers / v2.py View on Github external
def get_one(self, resource_id):
        """Retrieve details about one resource.

        :param resource_id: The UUID of the resource.
        """

        rbac.enforce('get_resource', pecan.request)

        authorized_project = rbac.get_limited_to_project(pecan.request.headers)
        resources = list(pecan.request.storage_conn.get_resources(
            resource=resource_id, project=authorized_project))
        if not resources:
            raise EntityNotFound(_('Resource'), resource_id)
        return Resource.from_db_and_links(resources[0],
                                          self._resource_links(resource_id))
github openstack / ceilometer / ceilometer / api / controllers / v2.py View on Github external
def post(self, body):
        """Define query for retrieving AlarmChange data.

        :param body: Query rules for the alarm history to be returned.
        """

        rbac.enforce('query_alarm_history', pecan.request)

        query = ValidatedComplexQuery(body,
                                      alarm_models.AlarmChange)
        query.validate(visibility_field="on_behalf_of")
        conn = pecan.request.alarm_storage_conn
        return [AlarmChange.from_db_model(s)
                for s in conn.query_alarm_history(query.filter_expr,
                                                  query.orderby,
                                                  query.limit)]
github openstack / ceilometer / ceilometer / api / controllers / v2.py View on Github external
def post(self, body):
        """Define query for retrieving Sample data.

        :param body: Query rules for the samples to be returned.
        """

        rbac.enforce('query_sample', pecan.request)

        sample_name_mapping = {"resource": "resource_id",
                               "meter": "counter_name",
                               "type": "counter_type",
                               "unit": "counter_unit",
                               "volume": "counter_volume"}

        query = ValidatedComplexQuery(body,
                                      storage.models.Sample,
                                      sample_name_mapping,
                                      metadata_allowed=True)
        query.validate(visibility_field="project_id")
        conn = pecan.request.storage_conn
        return [Sample.from_db_model(s)
                for s in conn.query_samples(query.filter_expr,
                                            query.orderby,
github openstack / ceilometer / ceilometer / api / controllers / v2.py View on Github external
def get(self):
        """Return this alarm."""

        rbac.enforce('get_alarm', pecan.request)

        return Alarm.from_db_model(self._alarm())
github openstack / ceilometer / ceilometer / api / controllers / v2 / alarms.py View on Github external
def get_all(self, q=None):
        """Return all alarms, based on the query provided.

        :param q: Filter rules for the alarms to be returned.
        """

        rbac.enforce('get_alarms', pecan.request)

        q = q or []
        # Timestamp is not supported field for Simple Alarm queries
        kwargs = v2_utils.query_to_kwargs(
            q, pecan.request.alarm_storage_conn.get_alarms,
            allow_timestamps=False)
        return [Alarm.from_db_model(m)
                for m in pecan.request.alarm_storage_conn.get_alarms(**kwargs)]
github openstack / ceilometer / ceilometer / api / controllers / v2 / alarms.py View on Github external
def put_state(self, state):
        """Set the state of this alarm.

        :param state: an alarm state within the request body.
        """

        rbac.enforce('change_alarm_state', pecan.request)

        # note(sileht): body are not validated by wsme
        # Workaround for https://bugs.launchpad.net/wsme/+bug/1227229
        if state not in state_kind:
            raise base.ClientSideError(_("state invalid"))
        now = timeutils.utcnow()
        alarm = self._alarm()
        alarm.state = state
        alarm.state_timestamp = now
        alarm = self.conn.update_alarm(alarm)
        change = {'state': alarm.state}
        self._record_change(change, now, on_behalf_of=alarm.project_id,
                            type=alarm_models.AlarmChange.STATE_TRANSITION)
        return alarm.state
github openstack / ceilometer / ceilometer / api / controllers / v2.py View on Github external
def put(self, data):
        """Modify this alarm.

        :param data: an alarm within the request body.
        """

        rbac.enforce('change_alarm', pecan.request)

        # Ensure alarm exists
        alarm_in = self._alarm()

        now = timeutils.utcnow()

        data.alarm_id = self._id
        user, project = rbac.get_limited_to(pecan.request.headers)
        if user:
            data.user_id = user
        elif data.user_id == wtypes.Unset:
            data.user_id = alarm_in.user_id
        if project:
            data.project_id = project
        elif data.project_id == wtypes.Unset:
            data.project_id = alarm_in.project_id