feat: modify convert virtual workspace id to workspace id when get, delete list

Signed-off-by: ImMin5 <mino@megazone.com>

Author: ImMin5

src/spaceone/cost_analysis/manager/cost_manager.py

@@ -98,11 +98,11 @@ def delete_cost_with_datasource(self, domain_id: str, data_source_id: str) -> No
         history_vos.delete()
 
     def get_cost(
-        self,
-        cost_id: str,
-        domain_id: str,
-        workspace_id=None,
-        user_projects: list = None,
+            self,
+            cost_id: str,
+            domain_id: str,
+            workspace_id=None,
+            user_projects: list = None,
     ):
         conditions = {"cost_id": cost_id, "domain_id": domain_id}
 
@@ -171,7 +171,7 @@ def analyze_yearly_costs(self, query, domain_id, target="SECONDARY_PREFERRED"):
         expire=3600 * 24,
     )
     def stat_monthly_costs_with_cache(
-        self, query, query_hash, domain_id, data_source_id
+            self, query, query_hash, domain_id, data_source_id
     ):
         return self.stat_monthly_costs(query, domain_id)
 
@@ -180,7 +180,7 @@ def stat_monthly_costs_with_cache(
         expire=3600 * 24,
     )
     def analyze_costs_with_cache(
-        self, query, query_hash, domain_id, data_source_id, target="SECONDARY_PREFERRED"
+            self, query, query_hash, domain_id, data_source_id, target="SECONDARY_PREFERRED"
     ):
         return self.analyze_costs(query, domain_id, target)
 
@@ -189,7 +189,7 @@ def analyze_costs_with_cache(
         expire=3600 * 24,
     )
     def analyze_monthly_costs_with_cache(
-        self, query, query_hash, domain_id, data_source_id, target="SECONDARY_PREFERRED"
+            self, query, query_hash, domain_id, data_source_id, target="SECONDARY_PREFERRED"
     ):
         return self.analyze_monthly_costs(query, domain_id, target)
 
@@ -198,12 +198,12 @@ def analyze_monthly_costs_with_cache(
         expire=3600 * 24,
     )
     def analyze_yearly_costs_with_cache(
-        self, query, query_hash, domain_id, data_source_id, target="SECONDARY_PREFERRED"
+            self, query, query_hash, domain_id, data_source_id, target="SECONDARY_PREFERRED"
     ):
         return self.analyze_yearly_costs(query, domain_id, target)
 
     def analyze_costs_by_granularity(
-        self, query: dict, domain_id: str, data_source_id: str
+            self, query: dict, domain_id: str, data_source_id: str
     ):
         self._check_group_by(query)
         self._check_date_range(query)
@@ -240,7 +240,7 @@ def analyze_costs_by_granularity(
         expire=600,
     )
     def create_cost_query_history(
-        self, query: dict, query_hash: str, domain_id: str, data_source_id: str
+            self, query: dict, query_hash: str, domain_id: str, data_source_id: str
     ):
         def _rollback(history_vo):
             _LOGGER.info(
@@ -444,7 +444,7 @@ def _change_filter_project_group_id(self, query: dict, domain_id: str) -> dict:
         return query
 
     def change_filter_v_workspace_id(
-        self, query: dict, domain_id: str, data_source_id: str
+            self, query: dict, domain_id: str, data_source_id: str
     ) -> dict:
         change_filter = []
         workspace_ids = []
@@ -500,7 +500,7 @@ def change_filter_v_workspace_id(
         return query
 
     def _change_response_workspace_group_by(
-        self, response: dict, query: dict, domain_id: str, data_source_id: str
+            self, response: dict, query: dict, domain_id: str, data_source_id: str
     ) -> dict:
         if query_group_by := query.get("group_by"):
             if "workspace_id" in query_group_by:
@@ -533,7 +533,7 @@ def _change_response_workspace_group_by(
         return response
 
     def _get_workspace_id_from_v_workspace_id(
-        self, domain_id: str, v_workspace_id: str
+            self, domain_id: str, v_workspace_id: str
     ) -> str:
         workspace_id = v_workspace_id
         ds_account_vos = self.data_source_account_mgr.filter_data_source_accounts(
@@ -581,5 +581,5 @@ def _check_group_by(query: dict) -> None:
             elif key in ["cost", "usage_quantity"]:
                 raise ERROR_INVALID_PARAMETER(
                     key=key,
-                    reason=f"{key} are not allowed to group by.",
+                    reason=f"{key} is not allowed to group by.",
                 )

src/spaceone/cost_analysis/service/cost_service.py

@@ -77,27 +77,29 @@ def create(self, params):
 
     @transaction(permission="cost-analysis:Cost.write", role_types=["WORKSPACE_OWNER"])
     @check_required(["cost_id", "domain_id"])
-    def delete(self, params):
+    def delete(self, params: dict):
         """Deregister cost
 
         Args:
             params (dict): {
                 'cost_id': 'str',           # injected from path
-                'workspace_id' : str',      # injected from auth(optional)
+                'workspace_id' : str',      # injected from auth
                 'domain_id': 'str'          # injected from auth
             }
 
         Returns:
             None
         """
 
+        cost_id = params["cost_id"]
         domain_id = params["domain_id"]
+        workspace_id = params.get("workspace_id")
 
-        cost_vo: Cost = self.cost_mgr.get_cost(
-            params["cost_id"],
-            params["domain_id"],
-            params.get("workspace_id"),
-        )
+        if workspace_id:
+            cost_vo: Cost = self.cost_mgr.get_cost(cost_id, domain_id)
+            self._check_workspace_id_with_cost_vo(cost_vo, domain_id, workspace_id)
+        else:
+            cost_vo: Cost = self.cost_mgr.get_cost(cost_id, domain_id)
 
         self.cost_mgr.remove_stat_cache(
             domain_id=domain_id,
@@ -134,15 +136,7 @@ def get(self, params: dict) -> Union[CostResponse, dict]:
 
         if workspace_id:
             cost_vo: Cost = self.cost_mgr.get_cost(cost_id, domain_id, user_projects)
-
-            v_workspace_ids = self._get_v_workspace_ids_related_with_workspace_id(
-                domain_id, workspace_id
-            )
-            if (
-                cost_vo.workspace_id not in v_workspace_ids
-                and cost_vo.workspace_id != workspace_id
-            ):
-                raise ERROR_PERMISSION_DENIED()
+            self._check_workspace_id_with_cost_vo(cost_vo, domain_id, workspace_id)
         else:
             cost_vo: Cost = self.cost_mgr.get_cost(
                 cost_id, domain_id, workspace_id, user_projects
@@ -278,10 +272,11 @@ def analyze(self, params):
         domain_id = params["domain_id"]
         data_source_id = params["data_source_id"]
         query = params.get("query", {})
+        workspace_id = query.get("workspace_id")
 
         if self.transaction.get_meta("authorization.role_type") != "DOMAIN_ADMIN":
             data_source_vo = self.data_source_mgr.get_data_source(
-                data_source_id, domain_id
+                data_source_id, domain_id, workspace_id
             )
             self._check_fields_with_data_source_permissions(query, data_source_vo)
 
@@ -406,29 +401,15 @@ def _page_results(response, page):
             if start < 1:
                 start = 1
 
-            response["results"] = results[start - 1 : start + page["limit"] - 1]
+            response["results"] = results[start - 1: start + page["limit"] - 1]
         else:
             response["results"] = results
 
         return response
 
-    @staticmethod
-    def _get_v_workspace_ids_related_with_workspace_id(
-        domain_id: str, workspace_id: str
-    ) -> list:
-        v_workspace_ids = []
-        data_source_account_mgr = DataSourceAccountManager()
-        data_source_account_vos = data_source_account_mgr.filter_data_source_accounts(
-            domain_id=domain_id,
-            workspace_id=workspace_id,
-        )
-
-        v_workspace_ids.extend(data_source_account_vos.values_list("v_workspace_id"))
-        return v_workspace_ids
-
     @staticmethod
     def _remove_deny_fields_with_data_source_vo(
-        cost_info: dict, data_source_vo: DataSource
+            cost_info: dict, data_source_vo: DataSource
     ):
         permissions = data_source_vo.permissions or {}
         if permissions:
@@ -440,15 +421,35 @@ def _remove_deny_fields_with_data_source_vo(
 
     @staticmethod
     def _check_fields_with_data_source_permissions(
-        query: dict, data_source_vo: DataSource
+            query: dict, data_source_vo: DataSource
     ):
         permissions = data_source_vo.permissions or {}
         deny = permissions.get("deny", [])
 
         fields = query.get("fields", {})
 
-        for field_key in fields.keys():
-            field_info = fields[field_key]
-            if _field_info_key := field_info.get("key"):
+        for field_key, field_info in fields.items():
+            if _field_info_key := field_info.get("key", field_info.get("k")):
                 if _field_info_key in deny:
                     raise ERROR_PERMISSION_DENIED()
+
+    @staticmethod
+    def _check_workspace_id_with_cost_vo(
+            cost_vo: Cost, domain_id: str, workspace_id: str
+    ) -> None:
+        if cost_vo.workspace_id.startswith("v-"):
+            data_source_account_mgr = DataSourceAccountManager()
+            data_source_account_vos = (
+                data_source_account_mgr.filter_data_source_accounts(
+                    domain_id=domain_id,
+                    v_workspace_id=cost_vo.workspace_id,
+                )
+            )
+            if not data_source_account_vos:
+                raise ERROR_PERMISSION_DENIED()
+
+            if workspace_id != data_source_account_vos[0].workspace_id:
+                raise ERROR_PERMISSION_DENIED()
+
+        elif cost_vo.workspace_id != workspace_id:
+            raise ERROR_PERMISSION_DENIED()