glance.api.policy module

Policy Engine For Glance

class glance.api.policy.Enforcer[source]

Bases: oslo_policy.policy.Enforcer

Responsible for loading and enforcing rules

add_rules(rules)[source]

Add new rules to the Rules object

check(context, action, target)[source]

Verifies that the action is valid on the target in this context.

Parameters
  • context – Glance request context

  • action – String representing the action to be checked

  • target – Dictionary representing the object of the action.

Returns

A non-False value if access is allowed.

check_is_admin(context)[source]

Check if the given context is associated with an admin role, as defined via the ‘context_is_admin’ RBAC rule.

Parameters

context – Glance request context

Returns

A non-False value if context role is admin.

enforce(context, action, target)[source]

Verifies that the action is valid on the target in this context.

Parameters
  • context – Glance request context

  • action – String representing the action to be checked

  • target – Dictionary representing the object of the action.

Raises

glance.common.exception.Forbidden

Returns

A non-False value if access is allowed.

class glance.api.policy.ImageFactoryProxy(image_factory, context, policy)[source]

Bases: glance.domain.proxy.ImageFactory

new_image(**kwargs)[source]
class glance.api.policy.ImageLocationsProxy(locations, context, policy)[source]

Bases: object

append(*args, **kwargs)
count(*args, **kwargs)
extend(*args, **kwargs)
index(*args, **kwargs)
insert(*args, **kwargs)
pop(*args, **kwargs)
remove(*args, **kwargs)
reverse(*args, **kwargs)
class glance.api.policy.ImageMemberFactoryProxy(member_factory, context, policy)[source]

Bases: glance.domain.proxy.ImageMembershipFactory

class glance.api.policy.ImageMemberProxy(image_member, context, policy)[source]

Bases: glance.domain.proxy.ImageMember

class glance.api.policy.ImageMemberRepoProxy(member_repo, image, context, policy)[source]

Bases: glance.domain.proxy.Repo

add(member)[source]
get(member_id)[source]
list(*args, **kwargs)[source]
remove(member)[source]
save(member, from_state=None)[source]
class glance.api.policy.ImageProxy(image, context, policy)[source]

Bases: glance.domain.proxy.Image

deactivate()[source]
delete()[source]
get_data(*args, **kwargs)[source]
property locations
reactivate()[source]
set_data(*args, **kwargs)[source]
property visibility
class glance.api.policy.ImageRepoProxy(image_repo, context, policy)[source]

Bases: glance.domain.proxy.Repo

add(image)[source]
get(image_id)[source]
list(*args, **kwargs)[source]
save(image, from_state=None)[source]
class glance.api.policy.ImageTarget(target)[source]

Bases: collections.abc.Mapping

SENTINEL = <object object>
get(k[, d]) → D[k] if k in D, else d. d defaults to None.[source]
key_transforms(key)[source]
class glance.api.policy.MetadefNamespaceFactoryProxy(meta_namespace_factory, context, policy)[source]

Bases: glance.domain.proxy.MetadefNamespaceFactory

class glance.api.policy.MetadefNamespaceProxy(namespace, context, policy)[source]

Bases: glance.domain.proxy.MetadefNamespace

class glance.api.policy.MetadefNamespaceRepoProxy(namespace_repo, context, namespace_policy)[source]

Bases: glance.domain.proxy.MetadefNamespaceRepo

add(namespace)[source]
get(namespace)[source]
list(*args, **kwargs)[source]
save(namespace)[source]
class glance.api.policy.MetadefObjectFactoryProxy(meta_object_factory, context, policy)[source]

Bases: glance.domain.proxy.MetadefObjectFactory

class glance.api.policy.MetadefObjectProxy(meta_object, context, policy)[source]

Bases: glance.domain.proxy.MetadefObject

class glance.api.policy.MetadefObjectRepoProxy(object_repo, context, object_policy)[source]

Bases: glance.domain.proxy.MetadefObjectRepo

add(meta_object)[source]
get(namespace, object_name)[source]
list(*args, **kwargs)[source]
save(meta_object)[source]
class glance.api.policy.MetadefPropertyFactoryProxy(namespace_property_factory, context, policy)[source]

Bases: glance.domain.proxy.MetadefPropertyFactory

class glance.api.policy.MetadefPropertyProxy(namespace_property, context, policy)[source]

Bases: glance.domain.proxy.MetadefProperty

class glance.api.policy.MetadefPropertyRepoProxy(property_repo, context, object_policy)[source]

Bases: glance.domain.proxy.MetadefPropertyRepo

add(namespace_property)[source]
get(namespace, property_name)[source]
list(*args, **kwargs)[source]
save(namespace_property)[source]
class glance.api.policy.MetadefResourceTypeFactoryProxy(resource_type_factory, context, policy)[source]

Bases: glance.domain.proxy.MetadefResourceTypeFactory

class glance.api.policy.MetadefResourceTypeProxy(meta_resource_type, context, policy)[source]

Bases: glance.domain.proxy.MetadefResourceType

class glance.api.policy.MetadefResourceTypeRepoProxy(resource_type_repo, context, resource_type_policy)[source]

Bases: glance.domain.proxy.MetadefResourceTypeRepo

add(resource_type)[source]
get(*args, **kwargs)[source]
list(*args, **kwargs)[source]
class glance.api.policy.MetadefTagFactoryProxy(meta_tag_factory, context, policy)[source]

Bases: glance.domain.proxy.MetadefTagFactory

class glance.api.policy.MetadefTagProxy(meta_tag, context, policy)[source]

Bases: glance.domain.proxy.MetadefTag

class glance.api.policy.MetadefTagRepoProxy(tag_repo, context, tag_policy)[source]

Bases: glance.domain.proxy.MetadefTagRepo

add(meta_tag)[source]
add_tags(meta_tags)[source]
get(namespace, tag_name)[source]
list(*args, **kwargs)[source]
save(meta_tag)[source]
class glance.api.policy.TaskFactoryProxy(task_factory, context, policy)[source]

Bases: glance.domain.proxy.TaskFactory

class glance.api.policy.TaskProxy(task, context, policy)[source]

Bases: glance.domain.proxy.Task

class glance.api.policy.TaskRepoProxy(task_repo, context, task_policy)[source]

Bases: glance.domain.proxy.TaskRepo

add(task)[source]
get(task_id)[source]
save(task)[source]
class glance.api.policy.TaskStubProxy(task_stub, context, policy)[source]

Bases: glance.domain.proxy.TaskStub

class glance.api.policy.TaskStubRepoProxy(task_stub_repo, context, task_policy)[source]

Bases: glance.domain.proxy.TaskStubRepo

list(*args, **kwargs)[source]
glance.api.policy.get_enforcer()[source]