本文整理汇总了Python中oslo_policy.policy.Enforcer方法的典型用法代码示例。如果您正苦于以下问题:Python policy.Enforcer方法的具体用法?Python policy.Enforcer怎么用?Python policy.Enforcer使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类oslo_policy.policy
的用法示例。
在下文中一共展示了policy.Enforcer方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: parse_args
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def parse_args(args=[]):
CONF.register_cli_opts(api_common_opts())
register_db_drivers_opt()
# register paste configuration
paste_grp = cfg.OptGroup('paste_deploy',
'Paste Configuration')
CONF.register_group(paste_grp)
CONF.register_opts(paste_deploy, group=paste_grp)
log.register_options(CONF)
policy.Enforcer(CONF)
default_config_files = cfg.find_config_files('freezer', 'freezer-api')
CONF(args=args,
project='freezer-api',
default_config_files=default_config_files,
version=FREEZER_API_VERSION
)
示例2: set_rules
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def set_rules(data, default_rule=None, overwrite=True):
default_rule = default_rule or cfg.CONF.policy_default_rule
if not _ENFORCER:
LOG.debug("Enforcer not present, recreating at rules stage.")
init()
if default_rule:
_ENFORCER.default_rule = default_rule
msg = "Loading rules %s, default: %s, overwrite: %s"
LOG.debug(msg, data, default_rule, overwrite)
if isinstance(data, dict):
rules = policy.Rules.from_dict(data, default_rule)
else:
rules = policy.Rules.load_json(data, default_rule)
_ENFORCER.set_rules(rules, overwrite=overwrite)
示例3: init
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def init(rules=None, use_conf=True):
"""Init an Enforcer class.
:param policy_file: Custom policy file to use, if none is specified,
`CONF.policy_file` will be used.
:param rules: Default dictionary / Rules to use. It will be
considered just in the first instantiation.
:param default_rule: Default rule to use, CONF.default_rule will
be used if none is specified.
:param use_conf: Whether to load rules from config file.
"""
global _ENFORCER
if not _ENFORCER:
_ENFORCER = policy.Enforcer(CONF,
rules=rules,
use_conf=use_conf)
register_rules(_ENFORCER)
示例4: __init__
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def __init__(self, roles=None, policy_enforcer=None, project=None,
**kwargs):
# prefer usage of 'project' instead of 'tenant'
if project:
kwargs['tenant'] = project
self.project = project
self.policy_enforcer = policy_enforcer or policy.Enforcer(CONF)
# NOTE(edtubill): oslo_context 2.2.0 now has a roles attribute in
# the RequestContext. This will make sure of backwards compatibility
# with past oslo_context versions.
argspec = inspect.getargspec(super(RequestContext, self).__init__)
if 'roles' in argspec.args:
kwargs['roles'] = roles
else:
self.roles = roles or []
super(RequestContext, self).__init__(**kwargs)
示例5: test_deprecate_a_policy_for_removal_logs_warning_when_overridden
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def test_deprecate_a_policy_for_removal_logs_warning_when_overridden(self):
rule_list = [policy.DocumentedRuleDefault(
name='foo:bar',
check_str='role:baz',
description='Create a foo.',
operations=[{'path': '/v1/foos/', 'method': 'POST'}],
deprecated_for_removal=True,
deprecated_reason=(
'"foo:bar" is no longer a policy used by the service'
),
deprecated_since='N'
)]
expected_msg = (
'Policy "foo:bar":"role:baz" was deprecated for removal in N. '
'Reason: "foo:bar" is no longer a policy used by the service. Its '
'value may be silently ignored in the future.'
)
rules = jsonutils.dumps({'foo:bar': 'role:bang'})
self.create_config_file('policy.json', rules)
enforcer = policy.Enforcer(self.conf)
enforcer.register_defaults(rule_list)
with mock.patch('warnings.warn') as mock_warn:
enforcer.load_rules()
mock_warn.assert_called_once_with(expected_msg)
示例6: test_deprecate_check_str_suppress_does_not_log_warning
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def test_deprecate_check_str_suppress_does_not_log_warning(self):
deprecated_rule = policy.DeprecatedRule(
name='foo:create_bar',
check_str='role:fizz'
)
rule_list = [policy.DocumentedRuleDefault(
name='foo:create_bar',
check_str='role:bang',
description='Create a bar.',
operations=[{'path': '/v1/bars', 'method': 'POST'}],
deprecated_rule=deprecated_rule,
deprecated_reason='"role:bang" is a better default',
deprecated_since='N'
)]
enforcer = policy.Enforcer(self.conf)
enforcer.suppress_deprecation_warnings = True
enforcer.register_defaults(rule_list)
with mock.patch('warnings.warn') as mock_warn:
enforcer.load_rules()
mock_warn.assert_not_called()
示例7: test_deprecate_name_suppress_does_not_log_warning
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def test_deprecate_name_suppress_does_not_log_warning(self):
deprecated_rule = policy.DeprecatedRule(
name='foo:bar',
check_str='role:baz'
)
rule_list = [policy.DocumentedRuleDefault(
name='foo:create_bar',
check_str='role:baz',
description='Create a bar.',
operations=[{'path': '/v1/bars/', 'method': 'POST'}],
deprecated_rule=deprecated_rule,
deprecated_reason='"foo:bar" is not granular enough.',
deprecated_since='N'
)]
rules = jsonutils.dumps({'foo:bar': 'role:bang'})
self.create_config_file('policy.json', rules)
enforcer = policy.Enforcer(self.conf)
enforcer.suppress_deprecation_warnings = True
enforcer.register_defaults(rule_list)
with mock.patch('warnings.warn') as mock_warn:
enforcer.load_rules()
mock_warn.assert_not_called()
示例8: test_deprecate_for_removal_suppress_does_not_log_warning
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def test_deprecate_for_removal_suppress_does_not_log_warning(self):
rule_list = [policy.DocumentedRuleDefault(
name='foo:bar',
check_str='role:baz',
description='Create a foo.',
operations=[{'path': '/v1/foos/', 'method': 'POST'}],
deprecated_for_removal=True,
deprecated_reason=(
'"foo:bar" is no longer a policy used by the service'
),
deprecated_since='N'
)]
rules = jsonutils.dumps({'foo:bar': 'role:bang'})
self.create_config_file('policy.json', rules)
enforcer = policy.Enforcer(self.conf)
enforcer.suppress_deprecation_warnings = True
enforcer.register_defaults(rule_list)
with mock.patch('warnings.warn') as mock_warn:
enforcer.load_rules()
mock_warn.assert_not_called()
示例9: test_suppress_default_change_warnings_flag_not_log_warning
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def test_suppress_default_change_warnings_flag_not_log_warning(self):
deprecated_rule = policy.DeprecatedRule(
name='foo:create_bar',
check_str='role:fizz'
)
rule_list = [policy.DocumentedRuleDefault(
name='foo:create_bar',
check_str='role:bang',
description='Create a bar.',
operations=[{'path': '/v1/bars', 'method': 'POST'}],
deprecated_rule=deprecated_rule,
deprecated_reason='"role:bang" is a better default',
deprecated_since='N'
)]
enforcer = policy.Enforcer(self.conf)
enforcer.suppress_default_change_warnings = True
enforcer.register_defaults(rule_list)
with mock.patch('warnings.warn') as mock_warn:
enforcer.load_rules()
mock_warn.assert_not_called()
示例10: _get_enforcer
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def _get_enforcer(namespace):
"""Find a policy.Enforcer via an entry point with the given namespace.
:param namespace: a namespace under oslo.policy.enforcer where the desired
enforcer object can be found.
:returns: a policy.Enforcer object
"""
mgr = stevedore.named.NamedExtensionManager(
'oslo.policy.enforcer',
names=[namespace],
on_load_failure_callback=on_load_failure_callback,
invoke_on_load=True)
if namespace not in mgr:
raise KeyError('Namespace "%s" not found.' % namespace)
enforcer = mgr[namespace].obj
return enforcer
示例11: authorize
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def authorize(rule, target, creds, do_raise=False, *args, **kwargs):
"""A shortcut for policy.Enforcer.authorize()
Checks authorization of a rule against the target and credentials, and
raises an exception if the rule is not defined.
"""
enforcer = get_enforcer()
try:
return enforcer.authorize(rule, target, creds, do_raise=do_raise,
*args, **kwargs)
except policy.PolicyNotAuthorized:
raise exception.HTTPForbidden(resource=rule)
# This decorator MUST appear first (the outermost decorator)
# on an API method for it to work correctly
示例12: init_enforcer
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def init_enforcer(policy_file=None, rules=None,
default_rule=None, use_conf=True):
"""Synchronously initializes the policy enforcer
:param policy_file: Custom policy file to use, if none is specified,
`CONF.oslo_policy.policy_file` will be used.
:param rules: Default dictionary / Rules to use. It will be
considered just in the first instantiation.
:param default_rule: Default rule to use,
CONF.oslo_policy.policy_default_rule will
be used if none is specified.
:param use_conf: Whether to load rules from config file.
"""
global _ENFORCER
if _ENFORCER:
return
_ENFORCER = policy.Enforcer(CONF, policy_file=policy_file,
rules=rules,
default_rule=default_rule,
use_conf=use_conf)
_ENFORCER.register_defaults(list_policies())
示例13: authorize
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def authorize(rule, target, creds, *args, **kwargs):
"""A shortcut for policy.Enforcer.authorize()
Checks authorization of a rule against the target and credentials, and
raises an exception if the rule is not defined.
args and kwargs are passed directly to oslo.policy Enforcer.authorize
Always returns True if CONF.auth_strategy != keystone.
:param rule: name of a registered oslo.policy rule
:param target: dict-like structure to check rule against
:param creds: dict of policy values from request
:returns: True if request is authorized against given policy,
False otherwise
:raises: oslo_policy.policy.PolicyNotRegistered if supplied policy
is not registered in oslo_policy
"""
if CONF.auth_strategy != 'keystone':
return True
enforcer = get_enforcer()
rule = CONF.oslo_policy.policy_default_rule if rule is None else rule
return enforcer.authorize(rule, target, creds, *args, **kwargs)
示例14: init
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def init(policy_file=None, rules=None, default_rule=None, use_conf=True):
"""Init an Enforcer class.
:param policy_file: Custom policy file to use, if none is specified,
`CONF.policy_file` will be used.
:param rules: Default dictionary / Rules to use. It will be
considered just in the first instantiation.
:param default_rule: Default rule to use, CONF.default_rule will
be used if none is specified.
:param use_conf: Whether to load rules from config file.
"""
global _ENFORCER
if not _ENFORCER:
_ENFORCER = policy.Enforcer(CONF,
policy_file=policy_file,
rules=rules,
default_rule=default_rule,
use_conf=use_conf)
register_rules(_ENFORCER)
_ENFORCER.load_rules()
示例15: init
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import Enforcer [as 别名]
def init(conf=cfg.CONF, policy_file=None):
"""Initialize the global enforcer if not already initialized.
Initialize the global enforcer (and load its rules) if not already
initialized; otherwise this is a no-op.
:param conf: The configuration to initialize the global enforcer with.
Defaults to oslo_config.cfg.CONF.
:param policy_file: The policy file to initialize the global enforcer
with.
:returns: None.
"""
global _ROLE_ENFORCER
if not _ROLE_ENFORCER:
_ROLE_ENFORCER = policy.Enforcer(conf, policy_file=policy_file)
_ROLE_ENFORCER.register_defaults(_BASE_RULES)
_ROLE_ENFORCER.load_rules(True)