当前位置: 首页>>代码示例>>Python>>正文


Python policy.Enforcer方法代码示例

本文整理汇总了Python中oslo_policy.policy.Enforcer方法的典型用法代码示例。如果您正苦于以下问题:Python policy.Enforcer方法的具体用法?Python policy.Enforcer怎么用?Python policy.Enforcer使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在oslo_policy.policy的用法示例。


在下文中一共展示了policy.Enforcer方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: parse_args

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def parse_args(args=[]):
    CONF.register_cli_opts(api_common_opts())
    register_db_drivers_opt()
    # register paste configuration
    paste_grp = cfg.OptGroup('paste_deploy',
                             'Paste Configuration')
    CONF.register_group(paste_grp)
    CONF.register_opts(paste_deploy, group=paste_grp)
    log.register_options(CONF)
    policy.Enforcer(CONF)
    default_config_files = cfg.find_config_files('freezer', 'freezer-api')
    CONF(args=args,
         project='freezer-api',
         default_config_files=default_config_files,
         version=FREEZER_API_VERSION
         ) 
开发者ID:openstack,项目名称:freezer-api,代码行数:18,代码来源:config.py

示例2: set_rules

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def set_rules(data, default_rule=None, overwrite=True):
    default_rule = default_rule or cfg.CONF.policy_default_rule
    if not _ENFORCER:
        LOG.debug("Enforcer not present, recreating at rules stage.")
        init()

    if default_rule:
        _ENFORCER.default_rule = default_rule

    msg = "Loading rules %s, default: %s, overwrite: %s"
    LOG.debug(msg, data, default_rule, overwrite)

    if isinstance(data, dict):
        rules = policy.Rules.from_dict(data, default_rule)
    else:
        rules = policy.Rules.load_json(data, default_rule)

    _ENFORCER.set_rules(rules, overwrite=overwrite) 
开发者ID:openstack,项目名称:designate,代码行数:20,代码来源:policy.py

示例3: init

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def init(rules=None, use_conf=True):
    """Init an Enforcer class.

        :param policy_file: Custom policy file to use, if none is specified,
                          `CONF.policy_file` will be used.
        :param rules: Default dictionary / Rules to use. It will be
                    considered just in the first instantiation.
        :param default_rule: Default rule to use, CONF.default_rule will
                           be used if none is specified.
        :param use_conf: Whether to load rules from config file.
    """

    global _ENFORCER
    if not _ENFORCER:
        _ENFORCER = policy.Enforcer(CONF,
                                    rules=rules,
                                    use_conf=use_conf)
        register_rules(_ENFORCER) 
开发者ID:openstack,项目名称:manila,代码行数:20,代码来源:policy.py

示例4: __init__

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def __init__(self, roles=None, policy_enforcer=None, project=None,
                 **kwargs):
        # prefer usage of 'project' instead of 'tenant'
        if project:
            kwargs['tenant'] = project
        self.project = project
        self.policy_enforcer = policy_enforcer or policy.Enforcer(CONF)

        # NOTE(edtubill): oslo_context 2.2.0 now has a roles attribute in
        # the RequestContext. This will make sure of backwards compatibility
        # with past oslo_context versions.
        argspec = inspect.getargspec(super(RequestContext, self).__init__)
        if 'roles' in argspec.args:
            kwargs['roles'] = roles
        else:
            self.roles = roles or []

        super(RequestContext, self).__init__(**kwargs) 
开发者ID:cloud-security-research,项目名称:sgx-kms,代码行数:20,代码来源:context.py

示例5: test_deprecate_a_policy_for_removal_logs_warning_when_overridden

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def test_deprecate_a_policy_for_removal_logs_warning_when_overridden(self):
        rule_list = [policy.DocumentedRuleDefault(
            name='foo:bar',
            check_str='role:baz',
            description='Create a foo.',
            operations=[{'path': '/v1/foos/', 'method': 'POST'}],
            deprecated_for_removal=True,
            deprecated_reason=(
                '"foo:bar" is no longer a policy used by the service'
            ),
            deprecated_since='N'
        )]
        expected_msg = (
            'Policy "foo:bar":"role:baz" was deprecated for removal in N. '
            'Reason: "foo:bar" is no longer a policy used by the service. Its '
            'value may be silently ignored in the future.'
        )
        rules = jsonutils.dumps({'foo:bar': 'role:bang'})
        self.create_config_file('policy.json', rules)
        enforcer = policy.Enforcer(self.conf)
        enforcer.register_defaults(rule_list)

        with mock.patch('warnings.warn') as mock_warn:
            enforcer.load_rules()
            mock_warn.assert_called_once_with(expected_msg) 
开发者ID:openstack,项目名称:oslo.policy,代码行数:27,代码来源:test_policy.py

示例6: test_deprecate_check_str_suppress_does_not_log_warning

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def test_deprecate_check_str_suppress_does_not_log_warning(self):
        deprecated_rule = policy.DeprecatedRule(
            name='foo:create_bar',
            check_str='role:fizz'
        )

        rule_list = [policy.DocumentedRuleDefault(
            name='foo:create_bar',
            check_str='role:bang',
            description='Create a bar.',
            operations=[{'path': '/v1/bars', 'method': 'POST'}],
            deprecated_rule=deprecated_rule,
            deprecated_reason='"role:bang" is a better default',
            deprecated_since='N'
        )]
        enforcer = policy.Enforcer(self.conf)
        enforcer.suppress_deprecation_warnings = True
        enforcer.register_defaults(rule_list)
        with mock.patch('warnings.warn') as mock_warn:
            enforcer.load_rules()
            mock_warn.assert_not_called() 
开发者ID:openstack,项目名称:oslo.policy,代码行数:23,代码来源:test_policy.py

示例7: test_deprecate_name_suppress_does_not_log_warning

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def test_deprecate_name_suppress_does_not_log_warning(self):
        deprecated_rule = policy.DeprecatedRule(
            name='foo:bar',
            check_str='role:baz'
        )

        rule_list = [policy.DocumentedRuleDefault(
            name='foo:create_bar',
            check_str='role:baz',
            description='Create a bar.',
            operations=[{'path': '/v1/bars/', 'method': 'POST'}],
            deprecated_rule=deprecated_rule,
            deprecated_reason='"foo:bar" is not granular enough.',
            deprecated_since='N'
        )]

        rules = jsonutils.dumps({'foo:bar': 'role:bang'})
        self.create_config_file('policy.json', rules)
        enforcer = policy.Enforcer(self.conf)
        enforcer.suppress_deprecation_warnings = True
        enforcer.register_defaults(rule_list)

        with mock.patch('warnings.warn') as mock_warn:
            enforcer.load_rules()
            mock_warn.assert_not_called() 
开发者ID:openstack,项目名称:oslo.policy,代码行数:27,代码来源:test_policy.py

示例8: test_deprecate_for_removal_suppress_does_not_log_warning

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def test_deprecate_for_removal_suppress_does_not_log_warning(self):
        rule_list = [policy.DocumentedRuleDefault(
            name='foo:bar',
            check_str='role:baz',
            description='Create a foo.',
            operations=[{'path': '/v1/foos/', 'method': 'POST'}],
            deprecated_for_removal=True,
            deprecated_reason=(
                '"foo:bar" is no longer a policy used by the service'
            ),
            deprecated_since='N'
        )]
        rules = jsonutils.dumps({'foo:bar': 'role:bang'})
        self.create_config_file('policy.json', rules)
        enforcer = policy.Enforcer(self.conf)
        enforcer.suppress_deprecation_warnings = True
        enforcer.register_defaults(rule_list)

        with mock.patch('warnings.warn') as mock_warn:
            enforcer.load_rules()
            mock_warn.assert_not_called() 
开发者ID:openstack,项目名称:oslo.policy,代码行数:23,代码来源:test_policy.py

示例9: test_suppress_default_change_warnings_flag_not_log_warning

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def test_suppress_default_change_warnings_flag_not_log_warning(self):
        deprecated_rule = policy.DeprecatedRule(
            name='foo:create_bar',
            check_str='role:fizz'
        )

        rule_list = [policy.DocumentedRuleDefault(
            name='foo:create_bar',
            check_str='role:bang',
            description='Create a bar.',
            operations=[{'path': '/v1/bars', 'method': 'POST'}],
            deprecated_rule=deprecated_rule,
            deprecated_reason='"role:bang" is a better default',
            deprecated_since='N'
        )]
        enforcer = policy.Enforcer(self.conf)
        enforcer.suppress_default_change_warnings = True
        enforcer.register_defaults(rule_list)
        with mock.patch('warnings.warn') as mock_warn:
            enforcer.load_rules()
            mock_warn.assert_not_called() 
开发者ID:openstack,项目名称:oslo.policy,代码行数:23,代码来源:test_policy.py

示例10: _get_enforcer

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def _get_enforcer(namespace):
    """Find a policy.Enforcer via an entry point with the given namespace.

    :param namespace: a namespace under oslo.policy.enforcer where the desired
                      enforcer object can be found.
    :returns: a policy.Enforcer object
    """
    mgr = stevedore.named.NamedExtensionManager(
        'oslo.policy.enforcer',
        names=[namespace],
        on_load_failure_callback=on_load_failure_callback,
        invoke_on_load=True)
    if namespace not in mgr:
        raise KeyError('Namespace "%s" not found.' % namespace)
    enforcer = mgr[namespace].obj

    return enforcer 
开发者ID:openstack,项目名称:oslo.policy,代码行数:19,代码来源:generator.py

示例11: authorize

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def authorize(rule, target, creds, do_raise=False, *args, **kwargs):
    """A shortcut for policy.Enforcer.authorize()

    Checks authorization of a rule against the target and credentials, and
    raises an exception if the rule is not defined.
    """
    enforcer = get_enforcer()
    try:
        return enforcer.authorize(rule, target, creds, do_raise=do_raise,
                                  *args, **kwargs)
    except policy.PolicyNotAuthorized:
        raise exception.HTTPForbidden(resource=rule)


# This decorator MUST appear first (the outermost decorator)
# on an API method for it to work correctly 
开发者ID:openstack,项目名称:cyborg,代码行数:18,代码来源:policy.py

示例12: init_enforcer

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def init_enforcer(policy_file=None, rules=None,
                  default_rule=None, use_conf=True):
    """Synchronously initializes the policy enforcer

       :param policy_file: Custom policy file to use, if none is specified,
                           `CONF.oslo_policy.policy_file` will be used.
       :param rules: Default dictionary / Rules to use. It will be
                     considered just in the first instantiation.
       :param default_rule: Default rule to use,
                            CONF.oslo_policy.policy_default_rule will
                            be used if none is specified.
       :param use_conf: Whether to load rules from config file.
    """
    global _ENFORCER

    if _ENFORCER:
        return
    _ENFORCER = policy.Enforcer(CONF, policy_file=policy_file,
                                rules=rules,
                                default_rule=default_rule,
                                use_conf=use_conf)
    _ENFORCER.register_defaults(list_policies()) 
开发者ID:openstack,项目名称:ironic-inspector,代码行数:24,代码来源:policy.py

示例13: authorize

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def authorize(rule, target, creds, *args, **kwargs):
    """A shortcut for policy.Enforcer.authorize()

    Checks authorization of a rule against the target and credentials, and
    raises an exception if the rule is not defined.
    args and kwargs are passed directly to oslo.policy Enforcer.authorize
    Always returns True if CONF.auth_strategy != keystone.

    :param rule: name of a registered oslo.policy rule
    :param target: dict-like structure to check rule against
    :param creds: dict of policy values from request
    :returns: True if request is authorized against given policy,
              False otherwise
    :raises: oslo_policy.policy.PolicyNotRegistered if supplied policy
             is not registered in oslo_policy
    """
    if CONF.auth_strategy != 'keystone':
        return True
    enforcer = get_enforcer()
    rule = CONF.oslo_policy.policy_default_rule if rule is None else rule
    return enforcer.authorize(rule, target, creds, *args, **kwargs) 
开发者ID:openstack,项目名称:ironic-inspector,代码行数:23,代码来源:policy.py

示例14: init

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def init(policy_file=None, rules=None, default_rule=None, use_conf=True):
    """Init an Enforcer class.

        :param policy_file: Custom policy file to use, if none is specified,
                          `CONF.policy_file` will be used.
        :param rules: Default dictionary / Rules to use. It will be
                    considered just in the first instantiation.
        :param default_rule: Default rule to use, CONF.default_rule will
                           be used if none is specified.
        :param use_conf: Whether to load rules from config file.
    """

    global _ENFORCER
    if not _ENFORCER:
        _ENFORCER = policy.Enforcer(CONF,
                                    policy_file=policy_file,
                                    rules=rules,
                                    default_rule=default_rule,
                                    use_conf=use_conf)
        register_rules(_ENFORCER)
        _ENFORCER.load_rules() 
开发者ID:openstack,项目名称:karbor,代码行数:23,代码来源:policy.py

示例15: init

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def init(conf=cfg.CONF, policy_file=None):
    """Initialize the global enforcer if not already initialized.

    Initialize the global enforcer (and load its rules) if not already
    initialized; otherwise this is a no-op.

    :param conf: The configuration to initialize the global enforcer with.
    Defaults to oslo_config.cfg.CONF.
    :param policy_file: The policy file to initialize the global enforcer
    with.
    :returns: None.
    """

    global _ROLE_ENFORCER
    if not _ROLE_ENFORCER:
        _ROLE_ENFORCER = policy.Enforcer(conf, policy_file=policy_file)
        _ROLE_ENFORCER.register_defaults(_BASE_RULES)
        _ROLE_ENFORCER.load_rules(True) 
开发者ID:openstack,项目名称:neutron-lib,代码行数:20,代码来源:_engine.py


注:本文中的oslo_policy.policy.Enforcer方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。