Halaman utama Jelajahi Bantuan
Masuk
akillibulut
/
coriolis
cermin dari https://github.com/cloudbase/coriolis.git
2
0
Fork 0
Berkas Masalah 0 Wiki
Pohon: 24bb4064a1
Ranting Tag
coriolis
/
coriolis
/
policy.py

policy.py 2.2 KB
Riwayat Mentahan

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. # Copyright 2018 Cloudbase Solutions Srl
    2. 

  2. # All Rights Reserved.
    3. 

  3. 

  4. import itertools
    5. 

  5. 

  6. from oslo_config import cfg as conf
    7. 

  7. from oslo_log import log as logging
    8. 

  8. from oslo_policy import policy
    9. 

  9. 

  10. from coriolis import exception
    11. 

  11. from coriolis import utils
    12. 

  12. from coriolis.policies import base
    13. 

  13. from coriolis.policies import endpoints
    14. 

  14. from coriolis.policies import general
    15. 

  15. from coriolis.policies import migrations
    16. 

  16. from coriolis.policies import replicas
    17. 

  17. from coriolis.policies import replica_schedules
    18. 

  18. from coriolis.policies import replica_tasks_executions
    19. 

  19. 

  20. 

  21. LOG = logging.getLogger(__name__)
    22. 

  22. 

  23. CONF = conf.CONF
    24. 

  24. _ENFORCER = None
    25. 

  25. 

  26. DEFAULT_POLICIES_MODULES = [
    27. 

  27.     base, endpoints, general, migrations, replicas, replica_schedules,
    28. 

  28.     replica_tasks_executions]
    29. 

  29. 

  30. 

  31. def reset():
    32. 

  32.     global _ENFORCER
    33. 

  33.     if _ENFORCER:
    34. 

  34.         _ENFORCER.clear()
    35. 

  35.     _ENFORCER = None
    36. 

  36. 

  37. 

  38. def init():
    39. 

  39.     global _ENFORCER
    40. 

  40.     global saved_file_rules
    41. 

  41. 

  42.     if not _ENFORCER:
    43. 

  43.         _ENFORCER = policy.Enforcer(CONF)
    44. 

  44.         register_rules(_ENFORCER)
    45. 

  45.         _ENFORCER.load_rules()
    46. 

  46. 

  47. 

  48. def register_rules(enforcer):
    49. 

  49.     enforcer.register_defaults(itertools.chain(*[
    50. 

  50.         m.list_rules() for m in DEFAULT_POLICIES_MODULES]))
    51. 

  51. 

  52. 

  53. def get_enforcer():
    54. 

  54.     init()
    55. 

  55.     return _ENFORCER
    56. 

  56. 

  57. 

  58. def check_policy_for_context(
    59. 

  59.         context, action, target, exc=None, do_raise=True):
    60. 

  60.     """ Checks the validity of the given action of the given target based on
    61. 

  61.     set policies.
    62. 

  62.     On success, returns a value where bool(val) == True.
    63. 

  63.     On failure and if `do_raise` if False, returns False.
    64. 

  64.     Raises `exception.PolicyNotAuthorized` or `exc` if the policy is
    65. 

  65.     not authorized.
    66. 

  66.     """
    67. 

  67.     init()
    68. 

  68.     credentials = context.to_policy_values()
    69. 

  69.     if not exc:
    70. 

  70.         exc = exception.PolicyNotAuthorized
    71. 

  71.     try:
    72. 

  72.         result = _ENFORCER.authorize(
    73. 

  73.             action, target, credentials,
    74. 

  74.             do_raise=do_raise, exc=exc, action=action)
    75. 

  75.     except Exception as ex:
    76. 

  76.         LOG.debug(
    77. 

  77.             "Policy check for '%(action)s' with target '%(target)s' failed "
    78. 

  78.             "with credentials: %(credentials)s.\nException: '%(trace)s'", {
    79. 

  79.                 'action': action, 'target': target,
    80. 

  80.                 'credentials': credentials, 'trace':
    81. 

  81.                 utils.get_exception_details()})
    82. 

  82. 

  83.         raise exc(str(ex))
    84. 

  84. 

  85.     return result
    86.