diff options
| author | Jason Dillaman <dillaman@redhat.com> | 2019-10-14 16:39:54 +0200 |
|---|---|---|
| committer | Jason Dillaman <dillaman@redhat.com> | 2019-10-29 13:35:03 +0100 |
| commit | 282c31c383856b45caadcefb876a71e39fe4b219 (patch) | |
| tree | 5b76b6468b44ed5be181ed7772609ed8c1bc59e1 /src/mgr/PyModuleRegistry.cc | |
| parent | mgr: validate that profile caps are actually valid (diff) | |
| download | ceph-282c31c383856b45caadcefb876a71e39fe4b219.tar.xz ceph-282c31c383856b45caadcefb876a71e39fe4b219.zip | |
mgr: python modules can now perform authorization tests
In cases where the python service or individual python modules are
enabled via caps, the module might want to perform finer grained
tests to ensure specific commands are allowed. An example of this is
the 'rbd_support' module limiting access by pools and namespaces.
Signed-off-by: Jason Dillaman <dillaman@redhat.com>
Diffstat (limited to 'src/mgr/PyModuleRegistry.cc')
| -rw-r--r-- | src/mgr/PyModuleRegistry.cc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/mgr/PyModuleRegistry.cc b/src/mgr/PyModuleRegistry.cc index f7105b87a70..2897684c4ae 100644 --- a/src/mgr/PyModuleRegistry.cc +++ b/src/mgr/PyModuleRegistry.cc @@ -286,14 +286,16 @@ std::set<std::string> PyModuleRegistry::probe_modules(const std::string &path) c } int PyModuleRegistry::handle_command( - std::string const &module_name, + const ModuleCommand& module_command, + const MgrSession& session, const cmdmap_t &cmdmap, const bufferlist &inbuf, std::stringstream *ds, std::stringstream *ss) { if (active_modules) { - return active_modules->handle_command(module_name, cmdmap, inbuf, ds, ss); + return active_modules->handle_command(module_command, session, cmdmap, + inbuf, ds, ss); } else { // We do not expect to be called before active modules is up, but // it's straightfoward to handle this case so let's do it. |