cinder.context module

RequestContext: context for requests that persist through all of cinder.

class RequestContext(user_id: str | None = None, project_id: str | None = None, is_admin: bool | None = None, read_deleted: str | None = 'no', project_name: str | None = None, remote_address: str | None = None, timestamp=None, quota_class=None, service_catalog: dict | None = None, user_auth_plugin=None, message_resource_id=None, message_resource_type=None, message_action=None, **kwargs)

Bases: RequestContext

Security context and request information.

Represents the user taking a given action within the system.

authorize(action: str, target: dict | None = None, target_obj: dict | None = None, fatal: bool = True)

Verify that the given action is valid on the target in this context.

  • action – string representing the action to be checked.

  • target – dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. {'project_id': context.project_id}. If None, then this default target will be considered: {‘project_id’: self.project_id, ‘user_id’: self.user_id}

  • target_obj – dictionary representing the object which will be used to update target.

  • fatal – if False, will return False when an exception.PolicyNotAuthorized occurs.


cinder.exception.NotAuthorized – if verification fails and fatal is True.


returns a non-False value (not necessarily “True”) if authorized and False if not authorized and fatal is False.

property connection
deepcopy() RequestContext
elevated(read_deleted: str | None = None, overwrite: bool = False) RequestContext

Return a version of this context with admin flag set.

classmethod from_dict(values: dict) RequestContext

Construct a context object from a provided dictionary.

property read_deleted: str
property session
to_dict() dict[str, Any]

Return a dictionary of context attributes.

to_policy_values() dict

A dictionary of context attributes to enforce policy with.

oslo.policy enforcement requires a dictionary of attributes representing the current logged in user on which it applies policy enforcement. This dictionary defines a standard list of attributes that should be available for enforcement across services.

It is expected that services will often have to override this method with either deprecated values or additional attributes used by that service specific policy.

property transaction
property transaction_ctx
get_admin_context(read_deleted: str | None = 'no') RequestContext
get_internal_tenant_context() RequestContext | None

Build and return the Cinder internal tenant context object

This request context will only work for internal Cinder operations. It will not be able to make requests to remote services. To do so it will need to use the keystone client to get an auth_token.