keystone.access_rules_config.backends.json module

keystone.access_rules_config.backends.json module

class keystone.access_rules_config.backends.json.AccessRulesConfig[source]

Bases: keystone.access_rules_config.backends.base.AccessRulesConfigDriverBase

This backend reads the access rules from a JSON file on disk.

The format of the file is a mapping from service type to rules for that service type. For example:

{
    "identity": [
        {
            "path": "/v3/users",
            "method": "GET"
        },
        {
            "path": "/v3/users",
            "method": "POST"
        },
        {
            "path": "/v3/users/*",
            "method": "GET"
        },
        {
            "path": "/v3/users/*",
            "method": "PATCH"
        },
        {
            "path": "/v3/users/*",
            "method": "DELETE"
        }
        ...
    ],
    "image": [
        {
            "path": "/v2/images",
            "method": "GET"
        },
        ...
    ],
    ...
}

This will be transmuted in memory to a hash map that looks like this:

{
    "identity": {
        "GET": [
            {
                "path": "/v3/users"
            },
            {
                "path": "/v3/users/*"
            }
            ...
        ],
        "POST": [ ... ]
    },
    ...
}

The path may include a wildcard like ‘*’ or ‘**’ or a named wildcard like {server_id}. An application credential access rule validation request for a path like “/v3/users/uuid” will match with a configured access rule like “/v3/users/” or “/v3/users/{user_id}”, and a request for a path like “/v3/users/uuid/application_credentials/uuid” will match with a configured access rule like “/v3/users/*”.

check_access_rule(service, request_path, request_method)[source]

Check if an access rule exists in config.

list_access_rules_config(service=None)[source]

List access rules config in human readable form.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.