The `congress.common.policy` Module¶

Policy Engine For Auth on API calls.

class congress.common.policy.IsAdminCheck(kind, match)¶

Bases: oslo_policy._checks.Check

An explicit check for is_admin.

congress.common.policy.check_is_admin(context)¶: Whether or not roles contains ‘admin’ role according to policy setting.

congress.common.policy.enforce(context, action, target, do_raise=True, exc=None)¶

Verifies that the action is valid on the target in this context.

Parameters:	context – congress context action – string representing the action to be checked this should be colon separated for clarity. i.e. `compute:create_instance`, `compute:attach_volume`, `volume:attach_volume` target – dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. `{'project_id': context.project_id}` do_raise – if True (the default), raises PolicyNotAuthorized; if False, returns False
Raises:	congress.exception.PolicyNotAuthorized – if verification fails and do_raise is True.
Returns:	returns a non-False value (not necessarily “True”) if authorized, and the exact value False if not authorized and do_raise is False.

congress.common.policy.init(policy_file=None, rules=None, default_rule=None, use_conf=True)¶

Init an Enforcer class.

Parameters:	policy_file – Custom policy file to use, if none is specified, CONF.policy_file will be used. rules – Default dictionary / Rules to use. It will be considered just in the first instantiation. default_rule – Default rule to use, CONF.default_rule will be used if none is specified. use_conf – Whether to load rules from config file.

congress.common.policy.set_rules(rules, overwrite=True, use_conf=False)¶

Set rules based on the provided dict of rules.

Parameters:	rules – New rules to use. It should be an instance of dict. overwrite – Whether to overwrite current rules or update them with the new rules. use_conf – Whether to reload rules from config file.

OpenStack