The quantum.policy Module

Policy engine for quantum. Largely copied from nova.

class quantum.policy.FieldCheck(kind, match)

Bases: quantum.openstack.common.policy.Check

quantum.policy.check(context, action, target, plugin=None)

Verifies that the action is valid on the target in this context.

Parameters:

• context – quantum context
• action – string representing the action to be checked this should be colon separated for clarity.
• target – dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. {'project_id': context.project_id}
• plugin – quantum plugin used to retrieve information required for augmenting the target

Returns:

Returns True if access is permitted else False.

quantum.policy.enforce(context, action, target, plugin=None)

Verifies that the action is valid on the target in this context.

Parameters:

• context – quantum context
• action – string representing the action to be checked this should be colon separated for clarity.
• target – dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. {'project_id': context.project_id}
• plugin – quantum plugin used to retrieve information required for augmenting the target

Raises quantum.exceptions.PolicyNotAllowed:  

if verification fails.

quantum.policy.get_resource_and_action(action)

Extract resource and action (write, read) from api operation

quantum.policy.init()

quantum.policy.reset()