The nova.policy Module

Policy Engine For Nova.

class IsAdminCheck(kind, match)

Bases: nova.openstack.common.policy.Check

An explicit check for is_admin.

check_is_admin(context)

Whether or not roles contains ‘admin’ role according to policy setting.

enforce(context, action, target, do_raise=True)

Verifies that the action is valid on the target in this context.

Parameters:
  • context – nova context
  • action – string representing the action to be checked this should be colon separated for clarity. i.e. compute:create_instance, compute:attach_volume, volume:attach_volume
  • target – dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. {'project_id': context.project_id}
  • do_raise – if True (the default), raises PolicyNotAuthorized; if False, returns False
Raises nova.exception.PolicyNotAuthorized:
 

if verification fails and do_raise is True.

Returns:

returns a non-False value (not necessarily “True”) if authorized, and the exact value False if not authorized and do_raise is False.

init()
reset()

Previous topic

The nova.paths Module

Next topic

The nova.quota Module

This Page