Skip to content

Commit 012d357

Browse files
author
Mattia Moretti
authored
Restrict gettenancy (#315)
* try1 * restrict * boolean
1 parent 806c115 commit 012d357

File tree

1 file changed

+12
-3
lines changed

1 file changed

+12
-3
lines changed

pkg/plugin/metrics_functions.go

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ func (o *OCIDatasource) TestConnectivity(ctx context.Context) error {
9191
backend.Logger.Error("TestConnectivity", "Config Key", key, "SKIPPED", fmt.Sprintf("listMetrics on Tenancy %s did not work, testing compartments", tenancyocid))
9292

9393
// Get the compartments
94-
comparts := o.GetCompartments(ctx, tenancyocid)
94+
comparts := o.GetCompartments(ctx, tenancyocid, true)
9595
if comparts == nil {
9696
backend.Logger.Error("TestConnectivity", "Config Key", key, "error", "could not read compartments")
9797
return fmt.Errorf("TestConnectivity failed: cannot read Compartments in profile %v", key)
@@ -255,7 +255,7 @@ func (o *OCIDatasource) GetSubscribedRegions(ctx context.Context, tenancyOCID st
255255
// https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/iampolicyreference.htm
256256
// https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingcompartments.htm
257257
// https://docs.oracle.com/en-us/iaas/api/#/en/identity/20160918/Compartment/ListCompartments
258-
func (o *OCIDatasource) GetCompartments(ctx context.Context, tenancyOCID string) []models.OCIResource {
258+
func (o *OCIDatasource) GetCompartments(ctx context.Context, tenancyOCID string, includeAccessibleOnly ...bool) []models.OCIResource {
259259
backend.Logger.Error("client", "GetCompartments", "fetching the sub-compartments for tenancy: "+tenancyOCID)
260260

261261
takey := o.GetTenancyAccessKey(tenancyOCID)
@@ -282,6 +282,15 @@ func (o *OCIDatasource) GetCompartments(ctx context.Context, tenancyOCID string)
282282
return nil
283283
}
284284

285+
var effectiveScope identity.ListCompartmentsAccessLevelEnum
286+
287+
if len(includeAccessibleOnly) == 1 && includeAccessibleOnly[0] {
288+
effectiveScope = identity.ListCompartmentsAccessLevelAccessible
289+
backend.Logger.Error("client", "GetCompartments", "using ListCompartmentsAccessLevelAccessible")
290+
} else {
291+
effectiveScope = identity.ListCompartmentsAccessLevelAny
292+
}
293+
285294
compartments := map[string]string{}
286295

287296
// calling the api if not present in cache
@@ -294,7 +303,7 @@ func (o *OCIDatasource) GetCompartments(ctx context.Context, tenancyOCID string)
294303
identity.ListCompartmentsRequest{
295304
CompartmentId: common.String(tenancyocid),
296305
Page: &pageHeader,
297-
AccessLevel: identity.ListCompartmentsAccessLevelAny,
306+
AccessLevel: effectiveScope,
298307
LifecycleState: identity.CompartmentLifecycleStateActive,
299308
CompartmentIdInSubtree: common.Bool(true),
300309
})

0 commit comments

Comments
 (0)