The cinder.policy Module¶
Policy Engine For Cinder
-
check_is_admin(roles, context=None)¶ Whether or not user is admin according to policy setting.
-
enforce(context, action, target)¶ Verifies that the action is valid on the target in this context.
Parameters: - context – cinder context
- action – string representing the action to be checked
this should be colon separated for clarity.
i.e.
compute:create_instance,compute:attach_volume,volume:attach_volume - object – dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g.
{'project_id': context.project_id}
Raises: PolicyNotAuthorized – if verification fails.
-
enforce_action(context, action)¶ Checks that the action can be done by the given context.
Applies a check to ensure the context’s project_id and user_id can be applied to the given action using the policy enforcement api.
-
init()¶