congress.common.policy module

congress.common.policy module

Policy Engine For Auth on API calls.

class congress.common.policy.IsAdminCheck(kind, match)

Bases: oslo_policy._checks.Check

An explicit check for is_admin.

congress.common.policy.check_is_admin(context)

Whether or not roles contains ‘admin’ role according to policy setting.

congress.common.policy.enforce(context, action, target, do_raise=True, exc=None)

Verifies that the action is valid on the target in this context.

Param

context: congress context

Param

action: string representing the action to be checked this should be colon separated for clarity. i.e. compute:create_instance, compute:attach_volume, volume:attach_volume

Param

target: dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. {'project_id': context.project_id}

Param

do_raise: if True (the default), raises PolicyNotAuthorized; if False, returns False

Raises

congress.exception.PolicyNotAuthorized – if verification fails and do_raise is True.

Returns

returns a non-False value (not necessarily “True”) if authorized, and the exact value False if not authorized and do_raise is False.

congress.common.policy.get_enforcer()
congress.common.policy.get_rules()
congress.common.policy.init(policy_file=None, rules=None, default_rule=None, use_conf=True)

Init an Enforcer class.

Param

policy_file: Custom policy file to use, if none is specified, CONF.policy_file will be used.

Param

rules: Default dictionary / Rules to use. It will be considered just in the first instantiation.

Param

default_rule: Default rule to use, CONF.default_rule will be used if none is specified.

Param

use_conf: Whether to load rules from config file.

congress.common.policy.register_rules(enforcer)
congress.common.policy.reset()
congress.common.policy.set_rules(rules, overwrite=True, use_conf=False)

Set rules based on the provided dict of rules.

Param

rules: New rules to use. It should be an instance of dict.

Param

overwrite: Whether to overwrite current rules or update them with the new rules.

Param

use_conf: Whether to reload rules from config file.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.