glance.api.policy module¶
Policy Engine For Glance
-
class
glance.api.policy.
Enforcer
[source]¶ Bases:
oslo_policy.policy.Enforcer
Responsible for loading and enforcing rules
-
check
(context, action, target)[source]¶ Verifies that the action is valid on the target in this context.
- Parameters
context – Glance request context
action – String representing the action to be checked
target – Dictionary representing the object of the action.
- Returns
A non-False value if access is allowed.
-
check_is_admin
(context)[source]¶ Check if the given context is associated with an admin role, as defined via the ‘context_is_admin’ RBAC rule.
- Parameters
context – Glance request context
- Returns
A non-False value if context role is admin.
-
enforce
(context, action, target)[source]¶ Verifies that the action is valid on the target in this context.
- Parameters
context – Glance request context
action – String representing the action to be checked
target – Dictionary representing the object of the action.
- Raises
glance.common.exception.Forbidden
- Returns
A non-False value if access is allowed.
-
-
class
glance.api.policy.
ImageLocationsProxy
(locations, context, policy)[source]¶ Bases:
object
-
append
(*args, **kwargs)¶
-
count
(*args, **kwargs)¶
-
extend
(*args, **kwargs)¶
-
index
(*args, **kwargs)¶
-
insert
(*args, **kwargs)¶
-
pop
(*args, **kwargs)¶
-
remove
(*args, **kwargs)¶
-
reverse
(*args, **kwargs)¶
-
-
class
glance.api.policy.
ImageMemberRepoProxy
(member_repo, image, context, policy)[source]¶ Bases:
glance.domain.proxy.Repo
-
class
glance.api.policy.
ImageProxy
(image, context, policy)[source]¶ Bases:
glance.domain.proxy.Image
-
property
locations
¶
-
property
visibility
¶
-
property
-
class
glance.api.policy.
ImageRepoProxy
(image_repo, context, policy)[source]¶ Bases:
glance.domain.proxy.Repo
-
class
glance.api.policy.
ImageTarget
(target)[source]¶ Bases:
collections.abc.Mapping
-
SENTINEL
= <object object>¶
-
-
class
glance.api.policy.
MetadefNamespaceFactoryProxy
(meta_namespace_factory, context, policy)[source]¶
-
class
glance.api.policy.
MetadefNamespaceRepoProxy
(namespace_repo, context, namespace_policy)[source]¶
-
class
glance.api.policy.
MetadefPropertyFactoryProxy
(namespace_property_factory, context, policy)[source]¶
-
class
glance.api.policy.
MetadefResourceTypeFactoryProxy
(resource_type_factory, context, policy)[source]¶
-
class
glance.api.policy.
MetadefResourceTypeRepoProxy
(resource_type_repo, context, resource_type_policy)[source]¶
-
class
glance.api.policy.
MetadefTagRepoProxy
(tag_repo, context, tag_policy)[source]¶ Bases:
glance.domain.proxy.MetadefTagRepo
-
class
glance.api.policy.
TaskProxy
(task, context, policy)[source]¶ Bases:
glance.domain.proxy.Task
-
class
glance.api.policy.
TaskRepoProxy
(task_repo, context, task_policy)[source]¶ Bases:
glance.domain.proxy.TaskRepo
-
class
glance.api.policy.
TaskStubProxy
(task_stub, context, policy)[source]¶ Bases:
glance.domain.proxy.TaskStub