コード例 #1
0
    def _get_default_policy_rules(self):
        """Return a dictionary of all in-code policies.

        All policies have a default value that is maintained in code.
        This method returns a dictionary containing all default policies.
        """
        rules = dict()
        for rule in policies.list_rules():
            rules[rule.name] = rule.check_str
        return rules
コード例 #2
0
    def _add_missing_default_rules(self, rules):
        """Add default rules and their values to the given rules dict.

        The given rules dict may have an incomplete set of policy rules.
        This method will add the default policy rules and their values to the
        dict. It will not override the existing rules. This method is temporary
        and is only needed until we move all policy.json rules into code.
        """
        for rule in policies.list_rules():
            if rule.name not in rules:
                rules[rule.name] = rule.check_str
コード例 #3
0
ファイル: enforcer.py プロジェクト: IgorBMSTU/keystone 
 def register_rules(enforcer):
     enforcer.register_defaults(policies.list_rules())
コード例 #4
0
ファイル: enforcer.py プロジェクト: IgorBMSTU/keystone 
from keystone.common import authorization
from keystone.common import context
from keystone.common import policies
from keystone.common import provider_api
from keystone.common import utils
import keystone.conf
from keystone import exception
from keystone.i18n import _
from keystone.models import token_model

CONF = keystone.conf.CONF
LOG = log.getLogger(__name__)
PROVIDER_APIS = provider_api.ProviderAPIs

_POSSIBLE_TARGET_ACTIONS = frozenset([
    rule.name for rule in policies.list_rules()
    if not rule.deprecated_for_removal
])
_ENFORCEMENT_CHECK_ATTR = 'keystone:RBAC:enforcement_called'


class RBACEnforcer(object):
    """Enforce RBAC on API calls."""

    __shared_state__ = {}
    __ENFORCER = None
    ACTION_STORE_ATTR = 'keystone:RBAC:action_name'

    def __init__(self):
        # NOTE(morgan): All Enforcer Instances use the same shared state;
        # BORG pattern.
コード例 #5
0
ファイル: enforcer.py プロジェクト: renzhengyu425/keystone 
from keystone.common import policies
from keystone.common import provider_api
from keystone.common import utils
import keystone.conf
from keystone import exception
from keystone.i18n import _


CONF = keystone.conf.CONF
LOG = log.getLogger(__name__)
PROVIDER_APIS = provider_api.ProviderAPIs


_POSSIBLE_TARGET_ACTIONS = frozenset([
    rule.name for
    rule in policies.list_rules() if not rule.deprecated_for_removal
])
_ENFORCEMENT_CHECK_ATTR = 'keystone:RBAC:enforcement_called'


class RBACEnforcer(object):
    """Enforce RBAC on API calls."""

    __shared_state__ = {}
    __ENFORCER = None
    ACTION_STORE_ATTR = 'keystone:RBAC:action_name'

    def __init__(self):
        # NOTE(morgan): All Enforcer Instances use the same shared state;
        # BORG pattern.
        self.__dict__ = self.__shared_state__
コード例 #6
0
ファイル: policy.py プロジェクト: ChameleonCloud/keystone 
def register_rules(enforcer):
    enforcer.register_defaults(policies.list_rules())
コード例 #7
0
ファイル: enforcer.py プロジェクト: mahak/keystone 
from keystone.common import policies
from keystone.common import provider_api
from keystone.common import utils
import keystone.conf
from keystone import exception
from keystone.i18n import _


CONF = keystone.conf.CONF
LOG = log.getLogger(__name__)
PROVIDER_APIS = provider_api.ProviderAPIs


_POSSIBLE_TARGET_ACTIONS = frozenset([
    rule.name for
    rule in policies.list_rules() if not rule.deprecated_for_removal
])
_ENFORCEMENT_CHECK_ATTR = 'keystone:RBAC:enforcement_called'


class RBACEnforcer(object):
    """Enforce RBAC on API calls."""

    __shared_state__ = {}
    __ENFORCER = None
    ACTION_STORE_ATTR = 'keystone:RBAC:action_name'

    def __init__(self):
        # NOTE(morgan): All Enforcer Instances use the same shared state;
        # BORG pattern.
        self.__dict__ = self.__shared_state__