Python oslo_policy.policy.PolicyNotRegistered() Examples
The following are 19
code examples of oslo_policy.policy.PolicyNotRegistered().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
oslo_policy.policy
, or try the search function
.
.
Example #1
| Source File: policy.py From tacker with Apache License 2.0 | 6 votes |
|
def authorize(context, action, target, do_raise=True, exc=None):
init()
credentials = context.to_policy_values()
if not exc:
exc = exceptions.PolicyNotAuthorized
try:
result = _ENFORCER.authorize(action, target, credentials,
do_raise=do_raise, exc=exc, action=action)
except policy.PolicyNotRegistered:
with excutils.save_and_reraise_exception():
LOG.debug('Policy not registered')
except Exception:
with excutils.save_and_reraise_exception():
LOG.debug('Policy check for %(action)s failed with credentials '
'%(credentials)s',
{'action': action, 'credentials': credentials})
return result
Example #2
| Source File: _engine.py From neutron-lib with Apache License 2.0 | 5 votes |
|
def _check_rule(context, rule):
init()
# the target is user-self
credentials = context.to_policy_values()
try:
return _ROLE_ENFORCER.authorize(rule, credentials, credentials)
except policy.PolicyNotRegistered:
return False
Example #3
| Source File: test_policy.py From octavia with Apache License 2.0 | 5 votes |
|
def test_authorize_nonexistent_action_throws(self):
action = "example:noexist"
self.assertRaises(
oslo_policy.PolicyNotRegistered, policy.get_enforcer().authorize,
action, self.target, self.context)
Example #4
| Source File: test_policy.py From karbor with Apache License 2.0 | 5 votes |
|
def test_authorize_nonexistent_action_throws(self):
action = "test:noexist"
self.assertRaises(oslo_policy.PolicyNotRegistered, policy.authorize,
self.context, action, self.target)
Example #5
| Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
|
def test_authorize_opt_not_registered(self):
self.assertRaises(policy.PolicyNotRegistered,
self.enforcer.authorize, 'test', {},
{'roles': ['test']})
Example #6
| Source File: test_policy.py From monasca-log-api with Apache License 2.0 | 5 votes |
|
def test_authorize_nonexist_action_throws(self):
action = "example:noexist"
ctx = request.Request(
testing.create_environ(
path="/",
headers={
"X_USER_ID": "fake",
"X_PROJECT_ID": "fake",
"X_ROLES": "member"
}
)
)
self.assertRaises(os_policy.PolicyNotRegistered, policy.authorize,
ctx.context, action, {})
Example #7
| Source File: policy_engine.py From monasca-api with Apache License 2.0 | 5 votes |
|
def authorize(context, action, target, do_raise=True):
"""Verify that the action is valid on the target in this context.
:param context: monasca project context
:param action: String representing the action to be checked. This
should be colon separated for clarity.
:param target: Dictionary representing the object of the action for
object creation. This should be a dictionary representing
the location of the object e.g.
``{'project_id': 'context.project_id'}``
:param do_raise: if True (the default), raises PolicyNotAuthorized,
if False returns False
:type context: object
:type action: str
:type target: dict
:type do_raise: bool
:return: returns a non-False value (not necessarily True) if authorized,
and the False if not authorized and do_raise if False
:raises oslo_policy.policy.PolicyNotAuthorized: if verification fails
"""
init()
credentials = context.to_policy_values()
try:
result = _ENFORCER.authorize(action, target, credentials,
do_raise=do_raise, action=action)
return result
except policy.PolicyNotRegistered:
LOG.exception('Policy not registered')
raise
except Exception:
LOG.debug('Policy check for %(action)s failed with credentials '
'%(credentials)s',
{'action': action, 'credentials': credentials})
raise
Example #8
| Source File: test_policy.py From monasca-api with Apache License 2.0 | 5 votes |
|
def test_authorize_nonexist_action_throws(self):
action = "example:noexist"
ctx = request.Request(
testing.create_environ(
path="/",
headers={
"X_USER_ID": "fake",
"X_PROJECT_ID": "fake",
"X_ROLES": "member"
}
)
)
self.assertRaises(os_policy.PolicyNotRegistered, policy.authorize,
ctx.context, action, {})
Example #9
| Source File: test_policy.py From monasca-api with Apache License 2.0 | 5 votes |
|
def test_authorize_nonexistent_action_throws(self):
action = 'example:noexists'
self.assertRaises(os_policy.PolicyNotRegistered, policy_engine.authorize,
self.context, action, self.target)
Example #10
| Source File: policy.py From tacker with Apache License 2.0 | 5 votes |
|
def check_is_admin(context):
"""Verify context has admin rights according to policy settings."""
init()
# the target is user-self
credentials = context.to_policy_values()
try:
return _ENFORCER.authorize(ADMIN_CTX_POLICY, credentials, credentials)
except policy.PolicyNotRegistered:
return False
Example #11
| Source File: policy.py From cloudkitty with Apache License 2.0 | 5 votes |
|
def authorize(context, action, target):
"""Verifies that the action is valid on the target in this context.
:param context: cloudkitty context
:param action: string representing the action to be checked
this should be colon separated for clarity.
i.e. ``compute:create_instance``,
``compute:attach_volume``,
``volume:attach_volume``
:param object: dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g. ``{'project_id': context.project_id}``
:raises PolicyNotAuthorized: if verification fails.
"""
if CONF.auth_strategy != "keystone":
return
init()
try:
LOG.debug('Authenticating user with credentials %(credentials)s',
{'credentials': context.to_dict()})
return _ENFORCER.authorize(action, target, context,
do_raise=True,
exc=PolicyNotAuthorized,
action=action)
except policy.PolicyNotRegistered:
with excutils.save_and_reraise_exception():
LOG.exception('Policy not registered')
except Exception:
with excutils.save_and_reraise_exception():
LOG.error('Policy check for %(action)s failed with credentials '
'%(credentials)s',
{'action': action, 'credentials': context.to_dict()})
Example #12
| Source File: test_policy.py From cloudkitty with Apache License 2.0 | 5 votes |
|
def test_enforce_nonexistent_action_throws(self):
action = "test:noexist"
self.assertRaises(oslo_policy.PolicyNotRegistered, policy.authorize,
self.context, action, self.target)
Example #13
| Source File: test_policy.py From masakari with Apache License 2.0 | 5 votes |
|
def test_authorize_nonexistent_action_throws(self):
action = "example:noexist"
self.assertRaises(oslo_policy.PolicyNotRegistered, policy.authorize,
self.context, action, self.target)
Example #14
| Source File: test_policy.py From manila with Apache License 2.0 | 5 votes |
|
def test_authorize_nonexistent_action_throws(self):
action = "test:noexist"
self.assertRaises(common_policy.PolicyNotRegistered, policy.authorize,
self.context, action, self.target)
Example #15
| Source File: policy.py From armada with Apache License 2.0 | 5 votes |
|
def _enforce_policy(action, target, credentials, do_raise=True):
extras = {}
if do_raise:
extras.update(exc=exc.ActionForbidden, do_raise=do_raise)
# `oslo.policy` supports both enforce and authorize. authorize is
# stricter because it'll raise an exception if the policy action is
# not found in the list of registered rules. This means that attempting
# to enforce anything not found in ``armada.common.policies`` will error
# out with a 'Policy not registered' message and 403 status code.
try:
_ENFORCER.authorize(
action, target, credentials.to_policy_view(), **extras)
except policy.PolicyNotRegistered:
LOG.exception(
'Policy not registered for %(action)s', {'action': action})
raise exc.ActionForbidden()
except Exception:
with excutils.save_and_reraise_exception():
LOG.debug(
'Policy check for %(action)s failed with credentials '
'%(credentials)s', {
'action': action,
'credentials': credentials
})
# NOTE(felipemonteiro): This naming is OK. It's just kept around for legacy
# reasons. What's important is that authorize is used above.
Example #16
| Source File: policy.py From masakari with Apache License 2.0 | 4 votes |
|
def authorize(context, action, target, do_raise=True, exc=None):
"""Verifies that the action is valid on the target in this context.
:param context: masakari context
:param action: string representing the action to be checked
this should be colon separated for clarity.
i.e. ``os_masakari_api:segments``,
``os_masakari_api:os-hosts``,
``os_masakari_api:notifications``,
``os_masakari_api:extensions``
:param target: dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g. ``{'project_id': context.project_id}``
:param do_raise: if True (the default), raises PolicyNotAuthorized;
if False, returns False
:param exc: Class of the exception to raise if the check fails.
Any remaining arguments passed to :meth:`authorize` (both
positional and keyword arguments) will be passed to
the exception class. If not specified,
:class:`PolicyNotAuthorized` will be used.
:raises masakari.exception.PolicyNotAuthorized: if verification fails
and do_raise is True. Or if 'exc' is specified it will raise an
exception of that type.
:return: returns a non-False value (not necessarily "True") if
authorized, and the exact value False if not authorized and
do_raise is False.
"""
init()
credentials = context.to_policy_values()
if not exc:
exc = exception.PolicyNotAuthorized
try:
result = _ENFORCER.authorize(action, target, credentials,
do_raise=do_raise, exc=exc, action=action)
except policy.PolicyNotRegistered:
with excutils.save_and_reraise_exception():
LOG.debug('Policy not registered')
except Exception:
with excutils.save_and_reraise_exception():
LOG.debug('Policy check for %(action)s failed with credentials '
'%(credentials)s',
{'action': action, 'credentials': credentials})
return result
Example #17
| Source File: policy.py From manila with Apache License 2.0 | 4 votes |
|
def authorize(context, action, target, do_raise=True, exc=None):
"""Verifies that the action is valid on the target in this context.
:param context: manila context
:param action: string representing the action to be checked
this should be colon separated for clarity.
i.e. ``share:create``,
:param target: dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g. ``{'project_id': context.project_id}``
:param do_raise: if True (the default), raises PolicyNotAuthorized;
if False, returns False
:param exc: Class of the exception to raise if the check fails.
Any remaining arguments passed to :meth:`authorize` (both
positional and keyword arguments) will be passed to
the exception class. If not specified,
:class:`PolicyNotAuthorized` will be used.
:raises manila.exception.PolicyNotAuthorized: if verification fails
and do_raise is True. Or if 'exc' is specified it will raise an
exception of that type.
:return: returns a non-False value (not necessarily "True") if
authorized, and the exact value False if not authorized and
do_raise is False.
"""
init()
credentials = context.to_policy_values()
if not exc:
exc = exception.PolicyNotAuthorized
try:
result = _ENFORCER.authorize(action, target, credentials,
do_raise=do_raise, exc=exc, action=action)
except policy.PolicyNotRegistered:
with excutils.save_and_reraise_exception():
LOG.exception('Policy not registered')
except Exception:
with excutils.save_and_reraise_exception():
LOG.debug('Policy check for %(action)s failed with credentials '
'%(credentials)s',
{'action': action, 'credentials': credentials})
return result
Example #18
| Source File: policy.py From karbor with Apache License 2.0 | 4 votes |
|
def authorize(context, action, target, do_raise=True, exc=None):
"""Verifies that the action is valid on the target in this context.
:param context: karbor context
:param action: string representing the action to be checked
this should be colon separated for clarity.
i.e. ``compute:create_instance``,
``plan:create``,
``plan:get``
:param target: dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g. ``{'project_id': context.project_id}``
:param do_raise: if True (the default), raises PolicyNotAuthorized;
if False, returns False
:param exc: Class of the exception to raise if the check fails.
Any remaining arguments passed to :meth:`authorize` (both
positional and keyword arguments) will be passed to
the exception class. If not specified,
:class:`PolicyNotAuthorized` will be used.
:raises karbor.exception.PolicyNotAuthorized: if verification fails
and do_raise is True. Or if 'exc' is specified it will raise an
exception of that type.
:return: returns a non-False value (not necessarily "True") if
authorized, and the exact value False if not authorized and
do_raise is False.
"""
init()
credentials = context.to_policy_values()
if not exc:
exc = exception.PolicyNotAuthorized
try:
result = _ENFORCER.authorize(action, target, credentials,
do_raise=do_raise, exc=exc, action=action)
except policy.PolicyNotRegistered:
with excutils.save_and_reraise_exception():
LOG.exception('Policy not registered')
except Exception:
with excutils.save_and_reraise_exception():
LOG.error('Policy check for %(action)s failed with credentials '
'%(credentials)s',
{'action': action, 'credentials': credentials})
return result
Example #19
| Source File: policy.py From octavia with Apache License 2.0 | 4 votes |
|
def authorize(self, action, target, context, do_raise=True, exc=None):
"""Verifies that the action is valid on the target in this context.
:param context: The oslo context for this request.
:param action: string representing the action to be checked
this should be colon separated for clarity.
i.e. ``compute:create_instance``,
``compute:attach_volume``,
``volume:attach_volume``
:param target: dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g.
``{'project_id': context.project_id}``
:param do_raise: if True (the default), raises PolicyForbidden;
if False, returns False
:param exc: Class of the exceptions to raise if the check fails.
Any remaining arguments passed to :meth:`enforce` (both
positional and keyword arguments) will be passed to
the exceptions class. If not specified,
:class:`PolicyForbidden` will be used.
:raises PolicyForbidden: if verification fails
and do_raise is True. Or if 'exc' is specified it will raise an
exceptions of that type.
:return: returns a non-False value (not necessarily "True") if
authorized, and the exact value False if not authorized and
do_raise is False.
"""
credentials = context.to_policy_values()
# Inject is_admin into the credentials to allow override via
# config auth_strategy = constants.NOAUTH
credentials['is_admin'] = (
credentials.get('is_admin') or context.is_admin)
if not exc:
exc = exceptions.PolicyForbidden
try:
return super(Policy, self).authorize(
action, target, credentials, do_raise=do_raise, exc=exc)
except oslo_policy.PolicyNotRegistered:
with excutils.save_and_reraise_exception():
LOG.exception('Policy not registered')
except Exception:
credentials.pop('auth_token', None)
with excutils.save_and_reraise_exception():
LOG.debug('Policy check for %(action)s failed with '
'credentials %(credentials)s',
{'action': action, 'credentials': credentials})
