Skip to content
Snippets Groups Projects

[cern] Allow OS magnum admin to get cluster certificate

Merged Diogo Filipe Tomas Guerra requested to merge allow-admin-get-cluster-cert into cern/train
Files
2
@@ -142,6 +142,10 @@ class CertificateController(base.Controller):
@@ -142,6 +142,10 @@ class CertificateController(base.Controller):
logical name of the cluster.
logical name of the cluster.
"""
"""
context = pecan.request.context
context = pecan.request.context
 
if context.is_admin:
 
policy.enforce(context, "certificate:get_one_all_projects",
 
action="certificate:get_one_all_projects")
 
context.all_tenants = True
cluster = api_utils.get_resource('Cluster', cluster_ident)
cluster = api_utils.get_resource('Cluster', cluster_ident)
policy.enforce(context, 'certificate:get', cluster.as_dict(),
policy.enforce(context, 'certificate:get', cluster.as_dict(),
action='certificate:get')
action='certificate:get')
@@ -170,6 +174,10 @@ class CertificateController(base.Controller):
@@ -170,6 +174,10 @@ class CertificateController(base.Controller):
@expose.expose(None, types.uuid_or_name, status_code=202)
@expose.expose(None, types.uuid_or_name, status_code=202)
def patch(self, cluster_ident):
def patch(self, cluster_ident):
context = pecan.request.context
context = pecan.request.context
 
if context.is_admin:
 
policy.enforce(context, "certificate:rotate_one_ca_all_projects",
 
action="certificate:rotate_one_ca_all_projects")
 
context.all_tenants = True
cluster = api_utils.get_resource('Cluster', cluster_ident)
cluster = api_utils.get_resource('Cluster', cluster_ident)
policy.enforce(context, 'certificate:rotate_ca', cluster.as_dict(),
policy.enforce(context, 'certificate:rotate_ca', cluster.as_dict(),
action='certificate:rotate_ca')
action='certificate:rotate_ca')
Loading