ironic.common.policy module

Policy Engine For Ironic.

ironic.common.policy.authorize(rule, target, creds, *args, **kwargs)[source]

A shortcut for policy.Enforcer.authorize()

Checks authorization of a rule against the target and credentials, and raises an exception if the rule is not defined. Always returns true if CONF.auth_strategy is not keystone.

ironic.common.policy.check(rule, target, creds, *args, **kwargs)[source]

A shortcut for policy.Enforcer.enforce()

Checks authorization of a rule against the target and credentials and returns True or False.


Provides access to the single instance of Policy enforcer.

ironic.common.policy.init_enforcer(policy_file=None, rules=None, default_rule=None, use_conf=True)[source]

Synchronously initializes the policy enforcer

  • policy_file – Custom policy file to use, if none is specified, CONF.oslo_policy.policy_file will be used.

  • rules – Default dictionary / Rules to use. It will be considered just in the first instantiation.

  • default_rule – Default rule to use, CONF.oslo_policy.policy_default_rule will be used if none is specified.

  • use_conf – Whether to load rules from config file.