glance.api.policy module

Policy Engine For Glance

class glance.api.policy.Enforcer

Bases: oslo_policy.policy.Enforcer

Responsible for loading and enforcing rules

add_rules(rules)

Add new rules to the Rules object

check(context, action, target, registered=True)

Verifies that the action is valid on the target in this context.

Parameters

• context – Glance request context

• action – String representing the action to be checked

• target – Dictionary representing the object of the action.

Returns

A non-False value if access is allowed.

check_is_admin(context)

Check if the given context is associated with an admin role, as defined via the ‘context_is_admin’ RBAC rule.

Parameters

context – Glance request context

Returns

A non-False value if context role is admin.

enforce(context, action, target, registered=True)

Verifies that the action is valid on the target in this context.

Parameters

• context – Glance request context

• action – String representing the action to be checked

• target – Dictionary representing the object of the action.

Raises

glance.common.exception.Forbidden

Returns

A non-False value if access is allowed.

class glance.api.policy.ImageFactoryProxy(image_factory, context, policy)

Bases: glance.domain.proxy.ImageFactory

new_image(**kwargs)

class glance.api.policy.ImageLocationsProxy(locations, context, policy)

Bases: object

append(*args, **kwargs)

count(*args, **kwargs)

extend(*args, **kwargs)

index(*args, **kwargs)

insert(*args, **kwargs)

pop(*args, **kwargs)

remove(*args, **kwargs)

reverse(*args, **kwargs)

class glance.api.policy.ImageMemberFactoryProxy(member_factory, context, policy)

Bases: glance.domain.proxy.ImageMembershipFactory

class glance.api.policy.ImageMemberProxy(image_member, context, policy)

Bases: glance.domain.proxy.ImageMember

class glance.api.policy.ImageMemberRepoProxy(member_repo, image, context, policy)

Bases: glance.domain.proxy.Repo

add(member)

get(member_id)

list(*args, **kwargs)

remove(member)

save(member, from_state=None)

class glance.api.policy.ImageProxy(image, context, policy)

Bases: glance.domain.proxy.Image

deactivate()

delete()

get_data(*args, **kwargs)

property locations

reactivate()

set_data(*args, **kwargs)

property visibility

class glance.api.policy.ImageRepoProxy(image_repo, context, policy)

Bases: glance.domain.proxy.Repo

add(image)

get(image_id)

list(*args, **kwargs)

save(image, from_state=None)

class glance.api.policy.ImageTarget(target)

Bases: collections.abc.Mapping

SENTINEL = <object object>

get(k[, d]) → D[k] if k in D, else d. d defaults to None.

key_transforms(key)

class glance.api.policy.MetadefNamespaceFactoryProxy(meta_namespace_factory, context, policy)

Bases: glance.domain.proxy.MetadefNamespaceFactory

class glance.api.policy.MetadefNamespaceProxy(namespace, context, policy)

Bases: glance.domain.proxy.MetadefNamespace

delete()

class glance.api.policy.MetadefNamespaceRepoProxy(namespace_repo, context, namespace_policy)

Bases: glance.domain.proxy.MetadefNamespaceRepo

add(namespace)

get(namespace)

list(*args, **kwargs)

remove(namespace)

remove_tags(namespace)

save(namespace)

class glance.api.policy.MetadefObjectFactoryProxy(meta_object_factory, context, policy)

Bases: glance.domain.proxy.MetadefObjectFactory

class glance.api.policy.MetadefObjectProxy(meta_object, context, policy)

Bases: glance.domain.proxy.MetadefObject

delete()

class glance.api.policy.MetadefObjectRepoProxy(object_repo, context, object_policy)

Bases: glance.domain.proxy.MetadefObjectRepo

add(meta_object)

get(namespace, object_name)

list(*args, **kwargs)

remove(meta_object)

save(meta_object)

class glance.api.policy.MetadefPropertyFactoryProxy(namespace_property_factory, context, policy)

Bases: glance.domain.proxy.MetadefPropertyFactory

class glance.api.policy.MetadefPropertyProxy(namespace_property, context, policy)

Bases: glance.domain.proxy.MetadefProperty

delete()

class glance.api.policy.MetadefPropertyRepoProxy(property_repo, context, object_policy)

Bases: glance.domain.proxy.MetadefPropertyRepo

add(namespace_property)

get(namespace, property_name)

list(*args, **kwargs)

remove(*args, **kwargs)

save(namespace_property)

class glance.api.policy.MetadefResourceTypeFactoryProxy(resource_type_factory, context, policy)

Bases: glance.domain.proxy.MetadefResourceTypeFactory

class glance.api.policy.MetadefResourceTypeProxy(meta_resource_type, context, policy)

Bases: glance.domain.proxy.MetadefResourceType

delete()

class glance.api.policy.MetadefResourceTypeRepoProxy(resource_type_repo, context, resource_type_policy)

Bases: glance.domain.proxy.MetadefResourceTypeRepo

add(resource_type)

get(*args, **kwargs)

list(*args, **kwargs)

remove(*args, **kwargs)

class glance.api.policy.MetadefTagFactoryProxy(meta_tag_factory, context, policy)

Bases: glance.domain.proxy.MetadefTagFactory

class glance.api.policy.MetadefTagProxy(meta_tag, context, policy)

Bases: glance.domain.proxy.MetadefTag

delete()

class glance.api.policy.MetadefTagRepoProxy(tag_repo, context, tag_policy)

Bases: glance.domain.proxy.MetadefTagRepo

add(meta_tag)

add_tags(meta_tags)

get(namespace, tag_name)

list(*args, **kwargs)

remove(meta_tag)

save(meta_tag)

class glance.api.policy.TaskFactoryProxy(task_factory, context, policy)

Bases: glance.domain.proxy.TaskFactory

class glance.api.policy.TaskProxy(task, context, policy)

Bases: glance.domain.proxy.Task

class glance.api.policy.TaskRepoProxy(task_repo, context, task_policy)

Bases: glance.domain.proxy.TaskRepo

add(task)

get(task_id)

save(task)

class glance.api.policy.TaskStubProxy(task_stub, context, policy)

Bases: glance.domain.proxy.TaskStub

class glance.api.policy.TaskStubRepoProxy(task_stub_repo, context, task_policy)

Bases: glance.domain.proxy.TaskStubRepo

list(*args, **kwargs)

glance.api.policy.get_enforcer()