A shortcut for policy.Enforcer.authorize()
Checks authorization of a rule against the target and credentials, and raises an exception if the rule is not defined. args and kwargs are passed directly to oslo.policy Enforcer.authorize Always returns True if CONF.auth_strategy != keystone.
rule – name of a registered oslo.policy rule
target – dict-like structure to check rule against
creds – dict of policy values from request
True if request is authorized against given policy, False otherwise
oslo_policy.policy.PolicyNotRegistered if supplied policy is not registered in oslo_policy
Provides access to the single instance of Policy enforcer.
Get the enforcer instance to generate policy files.
This method is for use by oslopolicy CLI scripts. Those scripts need the ‘output-file’ and ‘namespace’ options, but having those in sys.argv means loading the inspector config options will fail as those are not expected to be present. So we pass in an arg list with those stripped out.
- ironic_inspector.policy.init_enforcer(policy_file=None, rules=None, default_rule=None, use_conf=True)[source]¶
Synchronously initializes the policy enforcer
policy_file – Custom policy file to use, if none is specified, CONF.oslo_policy.policy_file will be used.
rules – Default dictionary / Rules to use. It will be considered just in the first instantiation.
default_rule – Default rule to use, CONF.oslo_policy.policy_default_rule will be used if none is specified.
use_conf – Whether to load rules from config file.