Source code for keystone.common.resource_options.options.immutable

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

# Implement the "Immutable" resource option
from keystone.common.resource_options import core as ro_core
from keystone.common.validation import parameter_types
from keystone import exception

IMMUTABLE_OPT = (
    ro_core.ResourceOption(
        option_id='IMMU',
        option_name='immutable',
        validator=ro_core.boolean_validator,
        json_schema_validation=parameter_types.boolean
    ))


[docs]def check_resource_immutable(resource_ref): """Check to see if a resource is immutable. :param resource_ref: a dict reference of a resource to inspect """ return resource_ref.get('options', {}).get( IMMUTABLE_OPT.option_name, False)
[docs]def check_immutable_update(original_resource_ref, new_resource_ref, type, resource_id): """Check if an update is allowed to an immutable resource. Valid cases where an update is allowed: * Resource is not immutable * Resource is immutable, and update to set immutable to False or None :param original_resource_ref: a dict resource reference representing the current resource :param new_resource_ref: a dict reference of the updates to perform :param type: the resource type, e.g. 'project' :param resource_id: the id of the resource (e.g. project['id']), usually a UUID :raises: ResourceUpdateForbidden """ immutable = check_resource_immutable(original_resource_ref) if immutable: new_options = new_resource_ref.get('options', {}) if ((len(new_resource_ref.keys()) > 1) or (IMMUTABLE_OPT.option_name not in new_options) or (new_options[IMMUTABLE_OPT.option_name] not in (False, None))): raise exception.ResourceUpdateForbidden( type=type, resource_id=resource_id)
[docs]def check_immutable_delete(resource_ref, resource_type, resource_id): """Check if a delete is allowed on a resource. :param resource_ref: dict reference of the resource :param resource_type: resource type (str) e.g. 'project' :param resource_id: id of the resource (str) e.g. project['id'] :raises: ResourceDeleteForbidden """ if check_resource_immutable(resource_ref): raise exception.ResourceDeleteForbidden( type=resource_type, resource_id=resource_id)