Esempi in Python per RuleCheck

Linguaggio di programmazione: Python

Spazio dei nomi/nome del pacchetto: tacker.openstack.common.policy

Metodo/funzione: RuleCheck

Esempi su hotexamples.com: 2

RuleCheck in Python: 2 esempi trovati. Questi sono i migliori esempi reali in Python per tacker.openstack.common.policy.RuleCheck, estratti da progetti open source. Li puoi valutare, per aiutarci a migliorare la qualità dei nostri esempi.

Esempio n. 1

Mostra file

def _build_match_rule(action, target):
    """Create the rule to match for a given action.

    The policy rule to be matched is built in the following way:
    1) add entries for matching permission on objects
    2) add an entry for the specific action (e.g.: create_network)
    3) add an entry for attributes of a resource for which the action
       is being executed (e.g.: create_network:shared)
    4) add an entry for sub-attributes of a resource for which the
       action is being executed
       (e.g.: create_router:external_gateway_info:network_id)
    """
    match_rule = policy.RuleCheck('rule', action)
    resource, is_write = get_resource_and_action(action)
    # Attribute-based checks shall not be enforced on GETs
    if is_write:
        # assigning to variable with short name for improving readability
        res_map = attributes.RESOURCE_ATTRIBUTE_MAP
        if resource in res_map:
            for attribute_name in res_map[resource]:
                if _is_attribute_explicitly_set(attribute_name,
                                                res_map[resource], target):
                    attribute = res_map[resource][attribute_name]
                    if 'enforce_policy' in attribute:
                        attr_rule = policy.RuleCheck(
                            'rule', '%s:%s' % (action, attribute_name))
                        # Build match entries for sub-attributes, if present
                        validate = attribute.get('validate')
                        if (validate and any([
                                k.startswith('type:dict') and v
                                for (k, v) in six.iteritems(validate)
                        ])):
                            attr_rule = policy.AndCheck([
                                attr_rule,
                                _build_subattr_match_rule(
                                    attribute_name, attribute, action, target)
                            ])
                        match_rule = policy.AndCheck([match_rule, attr_rule])
    return match_rule

Esempio n. 2

Mostra file

def _build_subattr_match_rule(attr_name, attr, action, target):
    """Create the rule to match for sub-attribute policy checks."""
    # TODO(salv-orlando): Instead of relying on validator info, introduce
    # typing for API attributes
    # Expect a dict as type descriptor
    validate = attr['validate']
    key = filter(lambda k: k.startswith('type:dict'), validate.keys())
    if not key:
        LOG.warning(_("Unable to find data type descriptor for attribute %s"),
                    attr_name)
        return
    data = validate[key[0]]
    if not isinstance(data, dict):
        LOG.debug(
            _("Attribute type descriptor is not a dict. Unable to "
              "generate any sub-attr policy rule for %s."), attr_name)
        return
    sub_attr_rules = [
        policy.RuleCheck('rule',
                         '%s:%s:%s' % (action, attr_name, sub_attr_name))
        for sub_attr_name in data if sub_attr_name in target[attr_name]
    ]
    return policy.AndCheck(sub_attr_rules)