166 lines
5.4 KiB
Python
166 lines
5.4 KiB
Python
|
|
import logging
|
|
|
|
import webob.exc
|
|
|
|
from glance import api
|
|
from glance.common import exception
|
|
from glance.common import wsgi
|
|
from glance import registry
|
|
|
|
|
|
logger = logging.getLogger('glance.api.v1.members')
|
|
|
|
|
|
class Controller(object):
|
|
|
|
def __init__(self, conf):
|
|
self.conf = conf
|
|
|
|
def index(self, req, image_id):
|
|
"""
|
|
Return a list of dictionaries indicating the members of the
|
|
image, i.e., those tenants the image is shared with.
|
|
|
|
:param req: the Request object coming from the wsgi layer
|
|
:param image_id: The opaque image identifier
|
|
:retval The response body is a mapping of the following form::
|
|
|
|
{'members': [
|
|
{'member_id': <MEMBER>,
|
|
'can_share': <SHARE_PERMISSION>, ...}, ...
|
|
]}
|
|
"""
|
|
try:
|
|
members = registry.get_image_members(req.context, image_id)
|
|
except exception.NotFound:
|
|
msg = _("Image with identifier %s not found") % image_id
|
|
logger.debug(msg)
|
|
raise webob.exc.HTTPNotFound(msg)
|
|
except exception.NotAuthorized:
|
|
msg = _("Unauthorized image access")
|
|
logger.debug(msg)
|
|
raise webob.exc.HTTPForbidden(msg)
|
|
return dict(members=members)
|
|
|
|
def delete(self, req, image_id, id):
|
|
"""
|
|
Removes a membership from the image.
|
|
"""
|
|
if req.context.read_only:
|
|
raise webob.exc.HTTPForbidden()
|
|
elif req.context.owner is None:
|
|
raise webob.exc.HTTPUnauthorized(_("No authenticated user"))
|
|
|
|
try:
|
|
registry.delete_member(req.context, image_id, id)
|
|
except exception.NotFound, e:
|
|
msg = "%s" % e
|
|
logger.debug(msg)
|
|
raise webob.exc.HTTPNotFound(msg)
|
|
except exception.NotAuthorized, e:
|
|
msg = "%s" % e
|
|
logger.debug(msg)
|
|
raise webob.exc.HTTPNotFound(msg)
|
|
|
|
return webob.exc.HTTPNoContent()
|
|
|
|
def default(self, req, image_id, id, body=None):
|
|
"""This will cover the missing 'show' and 'create' actions"""
|
|
raise webob.exc.HTTPMethodNotAllowed()
|
|
|
|
def update(self, req, image_id, id, body=None):
|
|
"""
|
|
Adds a membership to the image, or updates an existing one.
|
|
If a body is present, it is a dict with the following format::
|
|
|
|
{"member": {
|
|
"can_share": [True|False]
|
|
}}
|
|
|
|
If "can_share" is provided, the member's ability to share is
|
|
set accordingly. If it is not provided, existing memberships
|
|
remain unchanged and new memberships default to False.
|
|
"""
|
|
if req.context.read_only:
|
|
raise webob.exc.HTTPForbidden()
|
|
elif req.context.owner is None:
|
|
raise webob.exc.HTTPUnauthorized(_("No authenticated user"))
|
|
|
|
# Figure out can_share
|
|
can_share = None
|
|
if body and 'member' in body and 'can_share' in body['member']:
|
|
can_share = bool(body['member']['can_share'])
|
|
try:
|
|
registry.add_member(req.context, image_id, id, can_share)
|
|
except exception.NotFound, e:
|
|
msg = "%s" % e
|
|
logger.debug(msg)
|
|
raise webob.exc.HTTPNotFound(msg)
|
|
except exception.NotAuthorized, e:
|
|
msg = "%s" % e
|
|
logger.debug(msg)
|
|
raise webob.exc.HTTPNotFound(msg)
|
|
|
|
return webob.exc.HTTPNoContent()
|
|
|
|
def update_all(self, req, image_id, body):
|
|
"""
|
|
Replaces the members of the image with those specified in the
|
|
body. The body is a dict with the following format::
|
|
|
|
{"memberships": [
|
|
{"member_id": <MEMBER_ID>,
|
|
["can_share": [True|False]]}, ...
|
|
]}
|
|
"""
|
|
if req.context.read_only:
|
|
raise webob.exc.HTTPForbidden()
|
|
elif req.context.owner is None:
|
|
raise webob.exc.HTTPUnauthorized(_("No authenticated user"))
|
|
|
|
try:
|
|
registry.replace_members(req.context, image_id, body)
|
|
except exception.NotFound, e:
|
|
msg = "%s" % e
|
|
logger.debug(msg)
|
|
raise webob.exc.HTTPNotFound(msg)
|
|
except exception.NotAuthorized, e:
|
|
msg = "%s" % e
|
|
logger.debug(msg)
|
|
raise webob.exc.HTTPNotFound(msg)
|
|
|
|
return webob.exc.HTTPNoContent()
|
|
|
|
def index_shared_images(self, req, id):
|
|
"""
|
|
Retrieves list of image memberships for the given member.
|
|
|
|
:param req: the Request object coming from the wsgi layer
|
|
:param id: the opaque member identifier
|
|
:retval The response body is a mapping of the following form::
|
|
|
|
{'shared_images': [
|
|
{'image_id': <IMAGE>,
|
|
'can_share': <SHARE_PERMISSION>, ...}, ...
|
|
]}
|
|
"""
|
|
try:
|
|
members = registry.get_member_images(req.context, id)
|
|
except exception.NotFound, e:
|
|
msg = "%s" % e
|
|
logger.debug(msg)
|
|
raise webob.exc.HTTPNotFound(msg)
|
|
except exception.NotAuthorized, e:
|
|
msg = "%s" % e
|
|
logger.debug(msg)
|
|
raise webob.exc.HTTPForbidden(msg)
|
|
return dict(shared_images=members)
|
|
|
|
|
|
def create_resource(conf):
|
|
"""Image members resource factory method"""
|
|
deserializer = wsgi.JSONRequestDeserializer()
|
|
serializer = wsgi.JSONResponseSerializer()
|
|
return wsgi.Resource(Controller(conf), deserializer, serializer)
|