def enforce(context, action, target): """Verifies that the action is valid on the target in this context. :param context: nova context :param action: string representing the action to be checked this should be colon separated for clarity. i.e. ``compute:create_instance``, ``compute:attach_volume``, ``volume:attach_volume`` :param object: dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. ``{'project_id': context.project_id}`` :raises nova.exception.PolicyNotAllowed: if verification fails. """ init() match_list = ('rule:%s' % action, ) credentials = context.to_dict() policy.enforce(match_list, target, credentials, exception.PolicyNotAuthorized, action=action)
def enforce(context, action, target): """Verifies that the action is valid on the target in this context. :param context: nova context :param action: string representing the action to be checked this should be colon separated for clarity. i.e. ``compute:create_instance``, ``compute:attach_volume``, ``volume:attach_volume`` :param object: dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. ``{'project_id': context.project_id}`` :raises nova.exception.PolicyNotAuthorized: if verification fails. """ init() match_list = ('rule:%s' % action,) credentials = context.to_dict() # NOTE(vish): This is to work around the following launchpad bug: # https://bugs.launchpad.net/openstack-common/+bug/1039132 # It can be removed when that bug is fixed. credentials['is_admin'] = unicode(credentials['is_admin']) policy.enforce(match_list, target, credentials, exception.PolicyNotAuthorized, action=action)
def enforce(context, action, target): """Verifies that the action is valid on the target in this context. :param context: nova context :param action: string representing the action to be checked this should be colon separated for clarity. i.e. ``compute:create_instance``, ``compute:attach_volume``, ``volume:attach_volume`` :param object: dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. ``{'project_id': context.project_id}`` :raises nova.exception.PolicyNotAllowed: if verification fails. """ init() match_list = ('rule:%s' % action,) credentials = context.to_dict() # NOTE(vish): This is to work around the following launchpad bug: # https://bugs.launchpad.net/openstack-common/+bug/1039132 # It can be removed when that bug is fixed. credentials['is_admin'] = unicode(credentials['is_admin']) policy.enforce(match_list, target, credentials, exception.PolicyNotAuthorized, action=action)
def check_is_admin(roles): """Whether or not roles contains 'admin' role according to policy setting. """ init() action = "context_is_admin" match_list = ("rule:%s" % action,) target = {} credentials = {"roles": roles} try: policy.enforce(match_list, target, credentials, exception.PolicyNotAuthorized, action=action) except exception.PolicyNotAuthorized: return False return True
def check_is_admin(roles): """Whether or not roles contains 'admin' role according to policy setting. """ init() action = 'context_is_admin' match_list = ('rule:%s' % action,) target = {} credentials = {'roles': roles} try: policy.enforce(match_list, target, credentials, exception.PolicyNotAuthorized, action=action) except exception.PolicyNotAuthorized: return False return True
def enforce(context, action, target): """Verifies that the action is valid on the target in this context. :param context: nova context :param action: string representing the action to be checked this should be colon separated for clarity. i.e. ``compute:create_instance``, ``compute:attach_volume``, ``volume:attach_volume`` :param object: dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. ``{'project_id': context.project_id}`` :raises nova.exception.PolicyNotAllowed: if verification fails. """ init() match_list = ('rule:%s' % action,) credentials = context.to_dict() policy.enforce(match_list, target, credentials, exception.PolicyNotAuthorized, action=action)