def _load_backend(self):
with self._lock:
if not self._backend:
# Import the untranslated name if we don't have a mapping
backend_path = self._backend_mapping.get(
self._backend_name, self._backend_name)
backend_mod = importutils.import_module(backend_path)
self._backend = backend_mod.get_backend()
def _load_backend(self):
with self._lock:
if not self._backend:
# Import the untranslated name if we don't have a mapping
backend_path = self._backend_mapping.get(self._backend_name,
self._backend_name)
backend_mod = importutils.import_module(backend_path)
self._backend = backend_mod.get_backend()
def __call__(self, target, creds):
if self.target_field not in target:
# policy needs a plugin check
# target field is in the form resource:field
# however if they're not separated by a colon, use an underscore
# as a separator for backward compatibility
def do_split(separator):
parent_res, parent_field = self.target_field.split(separator, 1)
return parent_res, parent_field
for separator in (":", "_"):
try:
parent_res, parent_field = do_split(separator)
break
except ValueError:
LOG.debug(_("Unable to find ':' as separator in %s."), self.target_field)
else:
# If we are here split failed with both separators
err_reason = _("Unable to find resource name in %s") % self.target_field
LOG.exception(err_reason)
raise exceptions.PolicyCheckError(policy="%s:%s" % (self.kind, self.match), reason=err_reason)
parent_foreign_key = attributes.RESOURCE_FOREIGN_KEYS.get("%ss" % parent_res, None)
if not parent_foreign_key:
err_reason = _("Unable to verify match:%(match)s as the " "parent resource: %(res)s was not found") % {
"match": self.match,
"res": parent_res,
}
LOG.exception(err_reason)
raise exceptions.PolicyCheckError(policy="%s:%s" % (self.kind, self.match), reason=err_reason)
# NOTE(salv-orlando): This check currently assumes the parent
# resource is handled by the core plugin. It might be worth
# having a way to map resources to plugins so to make this
# check more general
# FIXME(ihrachys): if import is put in global, circular
# import failure occurs
from tacker import manager
f = getattr(manager.TackerManager.get_instance().plugin, "get_%s" % parent_res)
# f *must* exist, if not found it is better to let tacker
# explode. Check will be performed with admin context
context = importutils.import_module("tacker.context")
try:
data = f(context.get_admin_context(), target[parent_foreign_key], fields=[parent_field])
target[self.target_field] = data[parent_field]
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception(_("Policy check error while calling %s!"), f)
match = self.match % target
if self.kind in creds:
return match == unicode(creds[self.kind])
return False
def __call__(self, target, creds):
if self.target_field not in target:
# policy needs a plugin check
# target field is in the form resource:field
# however if they're not separated by a colon, use an underscore
# as a separator for backward compatibility
def do_split(separator):
parent_res, parent_field = self.target_field.split(
separator, 1)
return parent_res, parent_field
for separator in (':', '_'):
try:
parent_res, parent_field = do_split(separator)
break
except ValueError:
LOG.debug(_("Unable to find ':' as separator in %s."),
self.target_field)
else:
# If we are here split failed with both separators
err_reason = (_("Unable to find resource name in %s") %
self.target_field)
LOG.exception(err_reason)
raise exceptions.PolicyCheckError(policy="%s:%s" %
(self.kind, self.match),
reason=err_reason)
parent_foreign_key = attributes.RESOURCE_FOREIGN_KEYS.get(
"%ss" % parent_res, None)
if not parent_foreign_key:
err_reason = (_("Unable to verify match:%(match)s as the "
"parent resource: %(res)s was not found") % {
'match': self.match,
'res': parent_res
})
LOG.exception(err_reason)
raise exceptions.PolicyCheckError(policy="%s:%s" %
(self.kind, self.match),
reason=err_reason)
# NOTE(salv-orlando): This check currently assumes the parent
# resource is handled by the core plugin. It might be worth
# having a way to map resources to plugins so to make this
# check more general
# FIXME(ihrachys): if import is put in global, circular
# import failure occurs
from tacker import manager
f = getattr(manager.TackerManager.get_instance().plugin,
'get_%s' % parent_res)
# f *must* exist, if not found it is better to let tacker
# explode. Check will be performed with admin context
context = importutils.import_module('tacker.context')
try:
data = f(context.get_admin_context(),
target[parent_foreign_key],
fields=[parent_field])
target[self.target_field] = data[parent_field]
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception(_('Policy check error while calling %s!'), f)
match = self.match % target
if self.kind in creds:
return match == six.text_type(creds[self.kind])
return False
