keystone.policy.backends package

Submodules

keystone.policy.backends.rules module

Policy engine for keystone

class keystone.policy.backends.rules.Policy[source]

Bases: keystone.policy.core.PolicyDriverV8

create_policy(policy_id, policy)[source]
delete_policy(policy_id)[source]
enforce(credentials, action, target)[source]
get_policy(policy_id)[source]
list_policies()[source]
update_policy(policy_id, policy)[source]
keystone.policy.backends.rules.enforce(credentials, action, target, do_raise=True)[source]

Verifies that the action is valid on the target in this context.

Parameters:
  • credentials – user credentials
  • action – string representing the action to be checked, which should be colon separated for clarity.
  • target – dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. {‘project_id’: object.project_id}
Raises keystone.exception.Forbidden:
 

If verification fails.

Actions should be colon separated for clarity. For example:

  • identity:list_users
keystone.policy.backends.rules.init()[source]
keystone.policy.backends.rules.reset()[source]

keystone.policy.backends.sql module

class keystone.policy.backends.sql.Policy[source]

Bases: keystone.policy.backends.rules.Policy

create_policy(*args, **kwargs)[source]
delete_policy(policy_id)[source]
get_policy(policy_id)[source]
list_policies()[source]
update_policy(*args, **kwargs)[source]
class keystone.policy.backends.sql.PolicyModel(*args, **kwargs)[source]

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.DictBase

attributes = ['id', 'blob', 'type']
blob
extra
id
type

Module contents

Table Of Contents

Previous topic

keystone.policy package

Next topic

keystone.resource package

Project Source

This Page

Navigation

© Copyright 2012, OpenStack, LLC. Last updated on 'Wed Feb 1 18:44:36 2017, commit 27793e6'. Created using Sphinx 1.2.3.