Ownership support for volumes

Ownership adds the management of the Ownership object in the volume spec, which is used to determine permissions on access to a volume. Signed-off-by: Luis Pabón <[email protected]>
libopenstorage · Jan 13, 2019 · 233c32a · 233c32a
1 parent 573c33b
commit 233c32a
Show file tree

Hide file tree

Showing 27 changed files with 2,456 additions and 1,090 deletions.
diff --git a/SDK_CHANGELOG.md b/SDK_CHANGELOG.md
@@ -1,10 +1,11 @@
 # Changelog
 
-> NOTE: The SDK is still in tech preview. Once officially released, this changelog will also
-> use the SDK version numbers.
-
 ## Releases
 
+### v0.37.0 - Tech Preview (1/16/2019)
+
+* Ownership support in the VolumeSpec
+
 ### v0.36.0 - Tech Preview (1/7/2019)
 
 * Refactor confusing labels.

diff --git a/api/api.go b/api/api.go
@@ -1,13 +1,15 @@
 package api
 
 import (
+	"context"
 	"fmt"
 	"math"
 	"strconv"
 	"strings"
 	"time"
 
 	"github.com/golang/protobuf/ptypes"
+	"github.com/libopenstorage/openstorage/pkg/auth"
 
 	"github.com/mohae/deepcopy"
 )
@@ -943,3 +945,30 @@ func (l *VolumeLocator) MergeVolumeSpecLabels(s *VolumeSpec) *VolumeLocator {
 
 	return l
 }
+
+func (v *Volume) IsPermitted(ctx context.Context) bool {
+	return v.GetSpec().IsPermitted(ctx)
+}
+
+func (v *VolumeSpec) IsPermitted(ctx context.Context) bool {
+	if v.GetOwnership() != nil {
+		if userinfo, ok := auth.NewUserInfoFromContext(ctx); ok {
+			// Check Access
+			return v.IsPermittedFromUserInfo(userinfo)
+		} else {
+			// There is no user information in the context so
+			// authorization is not running
+			return true
+		}
+	}
+
+	// There is no ownership on this volume, so allow access
+	return true
+}
+
+func (v *VolumeSpec) IsPermittedFromUserInfo(user *auth.UserInfo) bool {
+	if v.GetOwnership() != nil {
+		return v.GetOwnership().IsPermitted(user)
+	}
+	return true
+}