The cinder.policy Module

The cinder.policy Module

Policy Engine For Cinder

check_is_admin(roles, context=None)

Whether or not user is admin according to policy setting.

enforce(context, action, target)

Verifies that the action is valid on the target in this context.

  • context – cinder context
  • action – string representing the action to be checked this should be colon separated for clarity. i.e. compute:create_instance, compute:attach_volume, volume:attach_volume
  • object – dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. {'project_id': context.project_id}

PolicyNotAuthorized – if verification fails.

enforce_action(context, action)

Checks that the action can be done by the given context.

Applies a check to ensure the context’s project_id and user_id can be applied to the given action using the policy enforcement api.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.