congress.common.policy module

this page last updated: 2019-05-17 05:40:50.707778

congress.common.policy module

Policy Engine For Auth on API calls.

class congress.common.policy.IsAdminCheck(kind, match)

Bases: oslo_policy._checks.Check

An explicit check for is_admin.

congress.common.policy.check_is_admin(context)

Whether or not roles contains ‘admin’ role according to policy setting.

congress.common.policy.enforce(context, action, target, do_raise=True, exc=None)

Verifies that the action is valid on the target in this context.

Param:context: congress context
Param:action: string representing the action to be checked this should be colon separated for clarity. i.e. compute:create_instance, compute:attach_volume, volume:attach_volume
Param:target: dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. {'project_id': context.project_id}
Param:do_raise: if True (the default), raises PolicyNotAuthorized; if False, returns False
Raises:congress.exception.PolicyNotAuthorized – if verification fails and do_raise is True.
Returns:returns a non-False value (not necessarily “True”) if authorized, and the exact value False if not authorized and do_raise is False.
congress.common.policy.get_enforcer()
congress.common.policy.get_rules()
congress.common.policy.init(policy_file=None, rules=None, default_rule=None, use_conf=True)

Init an Enforcer class.

Param:policy_file: Custom policy file to use, if none is specified, CONF.policy_file will be used.
Param:rules: Default dictionary / Rules to use. It will be considered just in the first instantiation.
Param:default_rule: Default rule to use, CONF.default_rule will be used if none is specified.
Param:use_conf: Whether to load rules from config file.
congress.common.policy.register_rules(enforcer)
congress.common.policy.reset()
congress.common.policy.set_rules(rules, overwrite=True, use_conf=False)

Set rules based on the provided dict of rules.

Param:rules: New rules to use. It should be an instance of dict.
Param:overwrite: Whether to overwrite current rules or update them with the new rules.
Param:use_conf: Whether to reload rules from config file.
this page last updated: 2019-05-17 05:40:50.707778
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

found an error? report a bug questions?