Skip to content

Commit

Permalink
Merge pull request #925 from lpabon/credential-ownership
Browse files Browse the repository at this point in the history
Ownership support in credentials
  • Loading branch information
lpabon authored Mar 14, 2019
2 parents 261030e + edb4d0c commit 0d87fce
Show file tree
Hide file tree
Showing 11 changed files with 1,531 additions and 1,099 deletions.
4 changes: 4 additions & 0 deletions SDK_CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

## Releases

### v0.43.0 - Tech Preview (3/12/2019)

* Add ownership support to OpenStorageCredential service APIs

### v0.42.0 - Tech Preview (2/20/2019)

* SnapEnumerate REST endpoint now accepts empty volume ids
Expand Down
16 changes: 3 additions & 13 deletions api/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,8 @@ const (
// OptOptCredAzureAccountKey is the accountkey for
// azure as the cloud provider
OptCredAzureAccountKey = "CredAccountKey"
// Credential ownership key in params
OptCredOwnership = "CredOwnership"
// OptCloudBackupID is the backID in the cloud
OptCloudBackupID = "CloudBackID"
// OptSrcVolID is the source volume ID of the backup
Expand Down Expand Up @@ -966,19 +968,7 @@ func (v *Volume) IsPermitted(ctx context.Context, accessType Ownership_AccessTyp
}

func (v *VolumeSpec) IsPermitted(ctx context.Context, accessType Ownership_AccessType) bool {
if v.IsPublic() {
return true
}

// Volume is not public, check permission
if userinfo, ok := auth.NewUserInfoFromContext(ctx); ok {
// Check Access
return v.IsPermittedFromUserInfo(userinfo, accessType)
} else {
// There is no user information in the context so
// authorization is not running
return true
}
return v.GetOwnership().IsPermittedByContext(ctx, accessType)
}

func (v *VolumeSpec) IsPermittedFromUserInfo(user *auth.UserInfo, accessType Ownership_AccessType) bool {
Expand Down
Loading

0 comments on commit 0d87fce

Please sign in to comment.