The `karbor.policy` Module

updated: 2017-07-24 08:06

The `karbor.policy` Module¶

Policy Engine For karbor

karbor.policy.check_is_admin(roles, context=None)¶: Whether or not user is admin according to policy setting.

karbor.policy.enforce(context, action, target)¶

Verifies that the action is valid on the target in this context.

Parameters:

Parameters:	context – karbor context action – string representing the action to be checked this should be colon separated for clarity. i.e. `compute:create_instance`, `compute:attach_volume`, `volume:attach_volume` target – dictionary representing the target of the action for target creation this should be a dictionary representing the location of the target e.g. `{'project_id': context.project_id}`
Raises:	PolicyNotAuthorized – if verification fails.

context – karbor context
action – string representing the action to be checked this should be colon separated for clarity. i.e. compute:create_instance, compute:attach_volume, volume:attach_volume
target – dictionary representing the target of the action for target creation this should be a dictionary representing the location of the target e.g. {'project_id': context.project_id}

Raises:

PolicyNotAuthorized – if verification fails.

karbor.policy.enforce_action(context, action)¶

Checks that the action can be done by the given context.

Applies a check to ensure the context’s project_id and user_id can be applied to the given action using the policy enforcement api.

updated: 2017-07-24 08:06

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.