tacker.context module

Context: context for security/db session.

class tacker.context.Context(*args, **kwargs)

Bases: ContextBaseWithSession

property api_version
property session
class tacker.context.ContextBase(user_id=None, tenant_id=None, is_admin=None, timestamp=None, tenant_name=None, user_name=None, is_advsvc=None, **kwargs)

Bases: RequestContext

Security context and request information.

Represents the user taking a given action within the system.

can(action, target=None, fatal=True)

Verifies that the given action is valid on the target in this context.

  • action – string representing the action to be checked.

  • target – dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. {'project_id': context.project_id}. If None, then this default target will be considered: {‘project_id’: self.project_id, ‘user_id’: self.user_id}

  • fatal – if False, will return False when an exception.Forbidden occurs.


tacker.exception.Forbidden – if verification fails and fatal is True.


returns a non-False value (not necessarily “True”) if authorized and False if not authorized and fatal is False.


Return a version of this context with admin flag set.

classmethod from_dict(values)

Construct a context object from a provided dictionary.

property tenant_id
property tenant_name

Return a dictionary of context attributes.


A dictionary of context attributes to enforce policy with.

oslo.policy enforcement requires a dictionary of attributes representing the current logged in user on which it applies policy enforcement. This dictionary defines a standard list of attributes that should be available for enforcement across services.

It is expected that services will often have to override this method with either deprecated values or additional attributes used by that service specific policy.

class tacker.context.ContextBaseWithSession(user_id=None, tenant_id=None, is_admin=None, timestamp=None, tenant_name=None, user_name=None, is_advsvc=None, **kwargs)

Bases: ContextBase

property connection
property session
property transaction
property transaction_ctx

Indicates if the request context is a normal user.