The cinder.policy Module

Policy Engine For Cinder

check_is_admin(roles, context=None)

Whether or not user is admin according to policy setting.

enforce(context, action, target)

Verifies that the action is valid on the target in this context.

Parameters:
  • context – cinder context
  • action – string representing the action to be checked this should be colon separated for clarity. i.e. compute:create_instance, compute:attach_volume, volume:attach_volume
  • object – dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. {'project_id': context.project_id}
Raises PolicyNotAuthorized:
 

if verification fails.
enforce_action(context, action)

Checks that the action can be done by the given context.

Applies a check to ensure the context’s project_id and user_id can be applied to the given action using the policy enforcement api.

init()

Previous topic

The cinder.opts Module

Next topic

The cinder.quota Module

Project Source

This Page

Navigation

© Copyright 2010-present, OpenStack Foundation. Last updated on 'Fri Feb 3 06:33:49 2017, commit 13ea6dd'. Created using Sphinx 1.2.3.