keystone.common.authorization module¶

keystone.common.authorization.assert_admin(app, request)[source]¶

Ensure the user is an admin.

Raises:	keystone.exception.Unauthorized – if a token could not be found/authorized, a user is invalid, or a tenant is invalid/not scoped. keystone.exception.Forbidden – if the user is not an admin and does not have the admin role

keystone.common.authorization.check_policy(controller, request, action, filter_attr=None, input_attr=None, target_attr=None, *args, **kwargs)[source]¶

keystone.common.authorization.check_protection(controller, request, prep_info, target_attr=None, *args, **kwargs)[source]¶

Provide call protection for complex target attributes.

As well as including the standard parameters from the original API call (which is passed in prep_info), this call will add in any additional entities or attributes (passed in target_attr), so that they can be referenced by policy rules.

keystone.common.authorization.get_token_ref(context)[source]¶

Retrieve TokenModel object from the auth context and returns it.

Parameters:	context (dict) – The request context.
Raises:	keystone.exception.Unauthorized – If auth context cannot be found.
Returns:	The TokenModel object.

keystone.common.authorization.token_validation_window(request)[source]¶