9531b76af1
Change-Id: Id4f645de23b9f0aec1914edbaef11cdb6e6dc0af Story: 2006166 Task: 37337 Depends-On: https://review.opendev.org/692861 Signed-off-by: Don Penney <don.penney@windriver.com>
57 lines
1.7 KiB
Python
57 lines
1.7 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# Copyright (c) 2017 Wind River Systems, Inc.
|
|
#
|
|
# The right to copy, distribute, modify, or otherwise make use
|
|
# of this software may be licensed only pursuant to the terms
|
|
# of an applicable Wind River license agreement.
|
|
#
|
|
|
|
"""
|
|
Policy Engine For DC Manager
|
|
"""
|
|
|
|
# from oslo_concurrency import lockutils
|
|
from oslo_config import cfg
|
|
from oslo_policy import policy
|
|
|
|
from dcmanager.common import exceptions
|
|
|
|
POLICY_ENFORCER = None
|
|
CONF = cfg.CONF
|
|
|
|
|
|
# @lockutils.synchronized('policy_enforcer', 'dcmanager-')
|
|
def _get_enforcer(policy_file=None, rules=None, default_rule=None):
|
|
|
|
global POLICY_ENFORCER
|
|
|
|
if POLICY_ENFORCER is None:
|
|
POLICY_ENFORCER = policy.Enforcer(CONF,
|
|
policy_file=policy_file,
|
|
rules=rules,
|
|
default_rule=default_rule)
|
|
return POLICY_ENFORCER
|
|
|
|
|
|
def enforce(context, rule, target, do_raise=True, *args, **kwargs):
|
|
|
|
enforcer = _get_enforcer()
|
|
credentials = context.to_dict()
|
|
target = target or {}
|
|
if do_raise:
|
|
kwargs.update(exc=exceptions.Forbidden)
|
|
|
|
return enforcer.enforce(rule, target, credentials, do_raise,
|
|
*args, **kwargs)
|