cinder.context module

cinder.context module

RequestContext: context for requests that persist through all of cinder.

class RequestContext(user_id=None, project_id=None, is_admin=None, read_deleted='no', project_name=None, remote_address=None, timestamp=None, quota_class=None, service_catalog=None, user_auth_plugin=None, **kwargs)

Bases: oslo_context.context.RequestContext

Security context and request information.

Represents the user taking a given action within the system.

authorize(action, target=None, target_obj=None, fatal=True)

Verifies that the given action is valid on the target in this context.

  • action – string representing the action to be checked.
  • target – dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. {'project_id': context.project_id}. If None, then this default target will be considered: {‘project_id’: self.project_id, ‘user_id’: self.user_id}
  • fatal – if False, will return False when an exception.PolicyNotAuthorized occurs.

target_obj: dictionary representing the object which will be used to update target.


cinder.exception.NotAuthorized – if verification fails and fatal is True.


returns a non-False value (not necessarily “True”) if authorized and False if not authorized and fatal is False.

elevated(read_deleted=None, overwrite=False)

Return a version of this context with admin flag set.

classmethod from_dict(values)

Construct a context object from a provided dictionary.


Return a dictionary of context attributes.


A dictionary of context attributes to enforce policy with.

oslo.policy enforcement requires a dictionary of attributes representing the current logged in user on which it applies policy enforcement. This dictionary defines a standard list of attributes that should be available for enforcement across services.

It is expected that services will often have to override this method with either deprecated values or additional attributes used by that service specific policy.


Build and return the Cinder internal tenant context object

This request context will only work for internal Cinder operations. It will not be able to make requests to remote services. To do so it will need to use the keystone client to get an auth_token.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.