ironic.common.policy module¶
Policy Engine For Ironic.
- ironic.common.policy.authorize(rule, target, creds, *args, **kwargs)[source]¶
A shortcut for policy.Enforcer.authorize()
Checks authorization of a rule against the target and credentials, and raises an exception if the rule is not defined. Always returns true if CONF.auth_strategy is not keystone.
- ironic.common.policy.check(rule, target, creds, *args, **kwargs)[source]¶
A shortcut for policy.Enforcer.enforce()
Checks authorization of a rule against the target and credentials and returns True or False.
- ironic.common.policy.check_policy(rule, target, creds, *args, **kwargs)[source]¶
Configuration aware role policy check wrapper.
Checks authorization of a rule against the target and credentials and returns True or False. Always returns true if CONF.auth_strategy is not keystone.
- ironic.common.policy.get_enforcer()[source]¶
Provides access to the single instance of Policy enforcer.
- ironic.common.policy.init_enforcer(policy_file=None, rules=None, default_rule=None, use_conf=True)[source]¶
Synchronously initializes the policy enforcer
- Parameters:
policy_file – Custom policy file to use, if none is specified, CONF.oslo_policy.policy_file will be used.
rules – Default dictionary / Rules to use. It will be considered just in the first instantiation.
default_rule – Default rule to use, CONF.oslo_policy.policy_default_rule will be used if none is specified.
use_conf – Whether to load rules from config file.
