baha/skyline-apiserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "fix: Check project_id when supply uuid filter"

Browse Source
This commit is contained in:
Zuul 2022-08-24 12:06:21 +00:00 committed by Gerrit Code Review
commit f097842c86
2 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
skyline_apiserver/api/v1/extension.py
View File

@ -20,6 +20,7 @@ from asyncio import gather
from functools import reduce from functools import reduce
from typing import Any, Dict, List from typing import Any, Dict, List
from cinderclient.exceptions import NotFound
from cinderclient.v3.volumes import Volume as CinderVolume from cinderclient.v3.volumes import Volume as CinderVolume
from dateutil import parser from dateutil import parser
from fastapi import APIRouter, Depends, Header, Query, status from fastapi import APIRouter, Depends, Header, Query, status
@ -34,6 +35,7 @@ from skyline_apiserver.client import utils
from skyline_apiserver.client.openstack import cinder, glance, keystone, neutron, nova from skyline_apiserver.client.openstack import cinder, glance, keystone, neutron, nova
from skyline_apiserver.client.utils import generate_session, get_system_session from skyline_apiserver.client.utils import generate_session, get_system_session
from skyline_apiserver.config import CONF from skyline_apiserver.config import CONF
from skyline_apiserver.log import LOG
from skyline_apiserver.types import constants from skyline_apiserver.types import constants
from skyline_apiserver.utils.roles import assert_system_admin_or_reader, is_system_reader_no_admin from skyline_apiserver.utils.roles import assert_system_admin_or_reader, is_system_reader_no_admin
@ -774,6 +776,25 @@ async def list_volume_snapshots(
snapshot_session = current_session snapshot_session = current_session
if uuid: if uuid:
if not all_projects:
# We need to check the project_id of volume snapshot is the same
# of current project id.
try:
volume_snapshot = await cinder.get_volume_snapshot(
session=current_session,
region=profile.region,
global_request_id=x_openstack_request_id,
snapshot_id=uuid,
)
except NotFound as ex:
LOG.debug(f"Not found volume snapshot with id '{uuid}': {ex}")
return schemas.VolumeSnapshotsResponse(**{"count": 0, "volume_snapshots": []})
if volume_snapshot.project_id != profile.project.id:
LOG.debug(
f"Volume snapshot with id '{uuid}' is in project "
f"'{volume_snapshot.project_id}', not in '{profile.project.id}'"
)
return schemas.VolumeSnapshotsResponse(**{"count": 0, "volume_snapshots": []})
snapshot_session = get_system_session() snapshot_session = get_system_session()
search_opts["all_tenants"] = True search_opts["all_tenants"] = True

21
skyline_apiserver/client/openstack/cinder.py
View File

@ -16,6 +16,7 @@ from __future__ import annotations
from typing import Any, Dict, Optional from typing import Any, Dict, Optional
from cinderclient.exceptions import NotFound
from fastapi import HTTPException, status from fastapi import HTTPException, status
from keystoneauth1.exceptions.http import Unauthorized from keystoneauth1.exceptions.http import Unauthorized
from keystoneauth1.session import Session from keystoneauth1.session import Session
@ -91,3 +92,23 @@ async def list_volume_snapshots(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=str(e), detail=str(e),
) )
async def get_volume_snapshot(
session: Session,
region: str,
global_request_id: str,
snapshot_id: str,
) -> Any:
try:
cc = await utils.cinder_client(
session=session, region=region, global_request_id=global_request_id
)
return await run_in_threadpool(cc.volume_snapshots.get, snapshot_id)
except Unauthorized as e:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=str(e),
)
except NotFound as e:
raise e