Skip to content

Commit

Permalink
lxd/storage-volumes: Add entitlements for 'storage-volume' entities
Browse files Browse the repository at this point in the history
Signed-off-by: Gabriel Mougard <gabriel.mougard@canonical.com>
  • Loading branch information
gabrielmougard committed Nov 19, 2024
1 parent 5733f0f commit 826ef24
Showing 1 changed file with 28 additions and 1 deletion.
29 changes: 28 additions & 1 deletion lxd/storage_volumes.go
Original file line number Diff line number Diff line change
Expand Up @@ -625,6 +625,9 @@ func storagePoolVolumesGet(d *Daemon, r *http.Request) response.Response {
return response.SmartError(err)
}

// Detect if we want to also returns entitlements for each volume.
withEntitlements := request.QueryParam(r, "with-entitlements") == "true"

// Check if current route is in /1.0/storage-volumes
allPools := poolName == ""

Expand Down Expand Up @@ -816,7 +819,8 @@ func storagePoolVolumesGet(d *Daemon, r *http.Request) response.Response {

if util.IsRecursionRequest(r) {
volumes := make([]*api.StorageVolume, 0, len(dbVolumes))
for _, dbVol := range dbVolumes {
openfgaURLs := make([]*api.URL, len(dbVolumes))
for i, dbVol := range dbVolumes {
vol := &dbVol.StorageVolume

volumeName, _, _ := api.GetParentAndSnapshotName(vol.Name)
Expand All @@ -835,6 +839,19 @@ func storagePoolVolumesGet(d *Daemon, r *http.Request) response.Response {
}

volumes = append(volumes, vol)
openfgaURLs[i] = entity.StorageVolumeURL(vol.Project, vol.Location, vol.Pool, vol.Type, vol.Name)
}

if withEntitlements {
entitiesWithEntitlements := make([]entity.EntityWithEntitlements, len(volumes))
for i, v := range volumes {
entitiesWithEntitlements[i] = v
}

err = d.authorizer.AddEntitlementsToEntities(r.Context(), entity.TypeStorageVolume, openfgaURLs, entitiesWithEntitlements)
if err != nil {
return response.SmartError(err)
}
}

return response.SyncResponse(true, volumes)
Expand Down Expand Up @@ -2013,6 +2030,9 @@ func storagePoolVolumeGet(d *Daemon, r *http.Request) response.Response {
return response.SmartError(err)
}

// Detect if we want to also returns entitlements for each volume.
withEntitlements := request.QueryParam(r, "with-entitlements") == "true"

resp := forwardedResponseIfTargetIsRemote(s, r)
if resp != nil {
return resp
Expand Down Expand Up @@ -2043,6 +2063,13 @@ func storagePoolVolumeGet(d *Daemon, r *http.Request) response.Response {

etag := []any{details.volumeName, dbVolume.Type, dbVolume.Config}

if withEntitlements {
err = d.authorizer.AddEntitlements(r.Context(), entity.TypeProject, entity.StorageVolumeURL(dbVolume.Project, dbVolume.Location, dbVolume.Pool, dbVolume.Type, dbVolume.Name), &dbVolume.StorageVolume)
if err != nil {
return response.SmartError(err)
}
}

return response.SyncResponseETag(true, dbVolume.StorageVolume, etag)
}

Expand Down

0 comments on commit 826ef24

Please sign in to comment.