Add missing initiators in api calling providers
followup for Iae525ee13dec72af6a7d70db2bb59a77c682a177 some more mutating API methods were found not providing an audit initiator to the underlying providers' methods. These include deletion of project tags, ec2 creds api and os-inherit api. Change-Id: If7474a90aa545760d2dd4eadf1e4d7d7a7f35a06
This commit is contained in:
parent
8ca73f758b
commit
f5dab591b7
|
@ -102,7 +102,7 @@ def _build_enforcement_target_attr(role_id=None, user_id=None, group_id=None,
|
|||
return target
|
||||
|
||||
|
||||
class OSInheritDomainGroupRolesResource(flask_restful.Resource):
|
||||
class OSInheritDomainGroupRolesResource(ks_flask.ResourceBase):
|
||||
def get(self, domain_id, group_id, role_id):
|
||||
"""Check for an inherited grant for a group on a domain.
|
||||
|
||||
|
@ -134,7 +134,7 @@ class OSInheritDomainGroupRolesResource(flask_restful.Resource):
|
|||
role_id=role_id))
|
||||
PROVIDERS.assignment_api.create_grant(
|
||||
domain_id=domain_id, group_id=group_id, role_id=role_id,
|
||||
inherited_to_projects=True)
|
||||
inherited_to_projects=True, initiator=self.audit_initiator)
|
||||
return None, http.client.NO_CONTENT
|
||||
|
||||
def delete(self, domain_id, group_id, role_id):
|
||||
|
@ -151,7 +151,7 @@ class OSInheritDomainGroupRolesResource(flask_restful.Resource):
|
|||
role_id=role_id))
|
||||
PROVIDERS.assignment_api.delete_grant(
|
||||
domain_id=domain_id, group_id=group_id, role_id=role_id,
|
||||
inherited_to_projects=True)
|
||||
inherited_to_projects=True, initiator=self.audit_initiator)
|
||||
return None, http.client.NO_CONTENT
|
||||
|
||||
|
||||
|
@ -173,7 +173,7 @@ class OSInheritDomainGroupRolesListResource(flask_restful.Resource):
|
|||
refs, collection_name='roles')
|
||||
|
||||
|
||||
class OSInheritDomainUserRolesResource(flask_restful.Resource):
|
||||
class OSInheritDomainUserRolesResource(ks_flask.ResourceBase):
|
||||
def get(self, domain_id, user_id, role_id):
|
||||
"""Check for an inherited grant for a user on a domain.
|
||||
|
||||
|
@ -205,7 +205,7 @@ class OSInheritDomainUserRolesResource(flask_restful.Resource):
|
|||
role_id=role_id))
|
||||
PROVIDERS.assignment_api.create_grant(
|
||||
domain_id=domain_id, user_id=user_id, role_id=role_id,
|
||||
inherited_to_projects=True)
|
||||
inherited_to_projects=True, initiator=self.audit_initiator)
|
||||
return None, http.client.NO_CONTENT
|
||||
|
||||
def delete(self, domain_id, user_id, role_id):
|
||||
|
@ -222,7 +222,7 @@ class OSInheritDomainUserRolesResource(flask_restful.Resource):
|
|||
role_id=role_id))
|
||||
PROVIDERS.assignment_api.delete_grant(
|
||||
domain_id=domain_id, user_id=user_id, role_id=role_id,
|
||||
inherited_to_projects=True)
|
||||
inherited_to_projects=True, initiator=self.audit_initiator)
|
||||
return None, http.client.NO_CONTENT
|
||||
|
||||
|
||||
|
@ -244,7 +244,7 @@ class OSInheritDomainUserRolesListResource(flask_restful.Resource):
|
|||
refs, collection_name='roles')
|
||||
|
||||
|
||||
class OSInheritProjectUserResource(flask_restful.Resource):
|
||||
class OSInheritProjectUserResource(ks_flask.ResourceBase):
|
||||
def get(self, project_id, user_id, role_id):
|
||||
"""Check for an inherited grant for a user on a project.
|
||||
|
||||
|
@ -276,7 +276,7 @@ class OSInheritProjectUserResource(flask_restful.Resource):
|
|||
role_id=role_id))
|
||||
PROVIDERS.assignment_api.create_grant(
|
||||
project_id=project_id, user_id=user_id, role_id=role_id,
|
||||
inherited_to_projects=True)
|
||||
inherited_to_projects=True, initiator=self.audit_initiator)
|
||||
return None, http.client.NO_CONTENT
|
||||
|
||||
def delete(self, project_id, user_id, role_id):
|
||||
|
@ -293,11 +293,11 @@ class OSInheritProjectUserResource(flask_restful.Resource):
|
|||
role_id=role_id))
|
||||
PROVIDERS.assignment_api.delete_grant(
|
||||
project_id=project_id, user_id=user_id, role_id=role_id,
|
||||
inherited_to_projects=True)
|
||||
inherited_to_projects=True, initiator=self.audit_initiator)
|
||||
return None, http.client.NO_CONTENT
|
||||
|
||||
|
||||
class OSInheritProjectGroupResource(flask_restful.Resource):
|
||||
class OSInheritProjectGroupResource(ks_flask.ResourceBase):
|
||||
def get(self, project_id, group_id, role_id):
|
||||
"""Check for an inherited grant for a group on a project.
|
||||
|
||||
|
@ -329,7 +329,7 @@ class OSInheritProjectGroupResource(flask_restful.Resource):
|
|||
role_id=role_id))
|
||||
PROVIDERS.assignment_api.create_grant(
|
||||
project_id=project_id, group_id=group_id, role_id=role_id,
|
||||
inherited_to_projects=True)
|
||||
inherited_to_projects=True, initiator=self.audit_initiator)
|
||||
return None, http.client.NO_CONTENT
|
||||
|
||||
def delete(self, project_id, group_id, role_id):
|
||||
|
@ -346,7 +346,7 @@ class OSInheritProjectGroupResource(flask_restful.Resource):
|
|||
role_id=role_id))
|
||||
PROVIDERS.assignment_api.delete_grant(
|
||||
project_id=project_id, group_id=group_id, role_id=role_id,
|
||||
inherited_to_projects=True)
|
||||
inherited_to_projects=True, initiator=self.audit_initiator)
|
||||
return None, http.client.NO_CONTENT
|
||||
|
||||
|
||||
|
|
|
@ -267,7 +267,8 @@ class ProjectTagsResource(_ProjectTagResourceBase):
|
|||
action='identity:delete_project_tags',
|
||||
build_target=_build_project_target_enforcement
|
||||
)
|
||||
PROVIDERS.resource_api.update_project_tags(project_id, [])
|
||||
PROVIDERS.resource_api.update_project_tags(
|
||||
project_id, [], initiator=self.audit_initiator)
|
||||
return None, http.client.NO_CONTENT
|
||||
|
||||
|
||||
|
|
|
@ -404,7 +404,8 @@ class UserOSEC2CredentialsResourceListCreate(_UserOSEC2CredBaseResource):
|
|||
id=credential_id,
|
||||
type=CRED_TYPE_EC2
|
||||
)
|
||||
PROVIDERS.credential_api.create_credential(credential_id, cred_data)
|
||||
PROVIDERS.credential_api.create_credential(
|
||||
credential_id, cred_data, initiator=self.audit_initiator)
|
||||
ref = _convert_v3_to_ec2_credential(cred_data)
|
||||
return self.wrap_member(ref), http.client.CREATED
|
||||
|
||||
|
@ -443,7 +444,8 @@ class UserOSEC2CredentialsResourceGetDelete(_UserOSEC2CredBaseResource):
|
|||
PROVIDERS.identity_api.get_user(user_id)
|
||||
ec2_cred_id = utils.hash_access_key(credential_id)
|
||||
self._get_cred_data(ec2_cred_id)
|
||||
PROVIDERS.credential_api.delete_credential(ec2_cred_id)
|
||||
PROVIDERS.credential_api.delete_credential(
|
||||
ec2_cred_id, initiator=self.audit_initiator)
|
||||
return None, http.client.NO_CONTENT
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue