The karbor.policy
Module¶
Policy Engine For karbor
-
karbor.policy.
check_is_admin
(roles, context=None)¶ Whether or not user is admin according to policy setting.
-
karbor.policy.
enforce
(context, action, target)¶ Verifies that the action is valid on the target in this context.
Parameters: - context – karbor context
- action – string representing the action to be checked
this should be colon separated for clarity.
i.e.
compute:create_instance
,compute:attach_volume
,volume:attach_volume
- object – dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g.
{'project_id': context.project_id}
Raises: PolicyNotAuthorized – if verification fails.
-
karbor.policy.
enforce_action
(context, action)¶ Checks that the action can be done by the given context.
Applies a check to ensure the context’s project_id and user_id can be applied to the given action using the policy enforcement api.
-
karbor.policy.
init
()¶