watcher.common.policy module

watcher.common.policy module

Policy Engine For Watcher.

@watcher.common.policy.enforce(context, rule=None, target=None, do_raise=True, exc=None, *args, **kwargs)[source]

Checks authorization of a rule against the target and credentials.

  • context (dict) – As much information about the user performing the action as possible.

  • rule – The rule to evaluate.

  • target (dict) – As much information about the object being operated on as possible.

  • do_raise – Whether to raise an exception or not if check fails.

  • exc – Class of the exception to raise if the check fails. Any remaining arguments passed to enforce() (both positional and keyword arguments) will be passed to the exception class. If not specified, PolicyNotAuthorized will be used.


False if the policy does not allow the action and exc is not provided; otherwise, returns a value that evaluates to True. Note: for rules using the “case” expression, this True value will be the specified string from the expression.

@watcher.common.policy.init(policy_file=None, rules=None, default_rule=None, use_conf=True, overwrite=True)[source]

Init an Enforcer class.

  • policy_file – Custom policy file to use, if none is specified, conf.policy_file will be used.

  • rules – Default dictionary / Rules to use. It will be considered just in the first instantiation. If load_rules() with force_reload=True, clear() or set_rules() with overwrite=True is called this will be overwritten.

  • default_rule – Default rule to use, conf.default_rule will be used if none is specified.

  • use_conf – Whether to load rules from cache or config file.

  • overwrite – Whether to overwrite existing rules when reload rules from config file.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.