openstack/aodh
Code Issues Proposed changes
aodh/ceilometer/policy.py
Julien Danjou 51c8a8e55c Update pep8 to 1.3.3 
This is needed to update openstack.common

Change-Id: I8410f978f38b3893b71239f97f785086ca5faffe
Signed-off-by: Julien Danjou <julien@danjou.info>
2013-01-15 14:39:29 +01:00

75 lines
2.1 KiB
Python
Raw Blame History

# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright (c) 2011 OpenStack, LLC.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""Policy Engine For Ceilometer"""
import os
from ceilometer import utils
from ceilometer.openstack.common import cfg
from ceilometer.openstack.common import policy
OPTS = [
cfg.StrOpt('policy_file',
default='policy.json',
help='JSON file representing policy'),
cfg.StrOpt('policy_default_rule',
default='default',
help='Rule checked when requested rule is not found'),
]
cfg.CONF.register_opts(OPTS)
_POLICY_PATH = None
_POLICY_CACHE = {}
def init():
global _POLICY_PATH
global _POLICY_CACHE
if not _POLICY_PATH:
_POLICY_PATH = cfg.CONF.policy_file
if not os.path.exists(_POLICY_PATH):
_POLICY_PATH = cfg.CONF.find_file(_POLICY_PATH)
if not _POLICY_PATH:
raise cfg.ConfigFilesNotFoundError([cfg.CONF.policy_file])
utils.read_cached_file(_POLICY_PATH, _POLICY_CACHE,
reload_func=_set_brain)
def _set_brain(data):
default_rule = cfg.CONF.policy_default_rule
policy.set_brain(policy.Brain.load_json(data, default_rule))
def check_is_admin(roles, project_id, project_name):
"""Whether or not roles contains 'admin' role according to policy setting.
"""
init()
match_list = ('rule:context_is_admin',)
target = {}
credentials = {
'roles': roles,
'project_id': project_id,
'project_name': project_name,
}
return policy.enforce(match_list, target, credentials)
View Git Blame Copy Permalink