Table Of Contents

Previous topic

policy Package

Next topic

token Package

This Page

backends Package

rules Module

Rules-based Policy Engine.

class keystone.policy.backends.rules.Policy

Bases: keystone.policy.core.Driver

enforce(credentials, action, target)
keystone.policy.backends.rules.enforce(credentials, action, target)

Verifies that the action is valid on the target in this context.

Parameters:
  • credentials – user credentials
  • action

    string representing the action to be checked

    this should be colon separated for clarity. i.e. compute:create_instance

    compute:attach_volume volume:attach_volume
  • object – dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. {‘tenant_id’: object.tenant_id}
Raises :

exception.Forbidden if verification fails.

keystone.policy.backends.rules.init()
keystone.policy.backends.rules.reset()

simple Module