Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
trilio-4-3 / dmapi deb
Repository URL to install this package:
|
Version:
4.3.1 ▾
|
ó
Éec�����������@���s��d��Z��d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�m�Z�d�d�l�m�Z�d�d�l �m
�Z
�d�d�l
�m
�Z
�d�d�l
�m�Z�d�d�l�m�Z�m�Z�d�d �l
�m�Z�e�j�Z�e�j�e��Z�d�a�d
�g�Z�g��a�e�j�d
��Z
�d
���Z
�d�d�d�e
�d
��Z �d���Z �d���Z!�e
�e"�d��Z#�e
�d�d��Z$�d���Z%�e
�j&�d��d�e
�j'�f�d�����Y�Z(�d���Z)�d���Z*�d���Z+�d���Z,�d�S(���s���Policy Engine For Dmapi.iÿÿÿÿN(���t���cfg(���t���log(���t���policy(���t���excutils(���t ���exception(���t���_LEt���_LW(���t���policiess
���os-keypairss
���%\((\w+)\)sc�����������C���s
���t��r�t��j���d��a��n��d��S(���N(���t ���_ENFORCERt���cleart���None(����(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyt���reset"���s����
c������
���C���s
���t��sD�t�j�t�d�|��d�|�d�|�d�|�a��t�t���t��j���n��t��j�}�t�|��}�t�|�k�r�t �|��t
�j
�|��a�n��d�S(���s�Init an Enforcer class.
:param policy_file: Custom policy file to use, if none is specified,
`CONF.policy_file` will be used.
:param rules: Default dictionary / Rules to use. It will be
considered just in the first instantiation.
:param default_rule: Default rule to use, CONF.default_rule will
be used if none is specified.
:param use_conf: Whether to load rules from config file.
t
���policy_filet���rulest
���default_rulet���use_confN(
���R���R���t���Enforcert���CONFt���register_rulest
���load_rulest
���file_rulest���_serialize_rulest���saved_file_rulest(���_warning_for_deprecated_user_based_rulest���copyt���deepcopy(���R
���R
���R���R���t���current_file_rules(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyt���init)���s����
c���������C���sJ���g��t��|��j����D]
�\�}�}�|�t�|��f�^�q�}�t�|�d�d���S(���sY���Serialize all the Rule object as string which is used to compare the
rules list.
t���keyc���������S���s���|��d�S(���Ni����(����(���t���rule(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyt���<lambda>Q���s����(���t���listt���itemst���strt���sorted(���R
���t ���rule_nameR
���t���result(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyR���K���s����4c���������C���sz���xs�|��D]k�}�g��t��D]
�}�|�|�d�k�r�|�^�q�r<�q�n��d�t�j�|�d��k�r�t�j�t�d��|�d��q�q�Wd�S(���s`���Warning user based policy enforcement used in the rule but the rule
doesn't support it.
i����t���user_idi���s���The user_id attribute isn't supported in the rule '%s'. All the user_id based policy enforcement will be removed in the future.N(���t���USER_BASED_RESOURCESt���KEY_EXPRt���findallt���LOGt���warningR���(���R
���R
���t���resource(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyR���T���s����
c���������C���s$���t��d�t��t�j�|��|�|��d�S(���s7��Set rules based on the provided dict of rules.
:param rules: New rules to use. It should be an instance of dict.
:param overwrite: Whether to overwrite current rules or update them
with the new rules.
:param use_conf: Whether to reload rules from config file.
R���N(���R���t���FalseR���t ���set_rules(���R
���t ���overwriteR���(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyR-���e���s����
c������
���C���s���t����|��j���}�|�s%�t�j�}�n��y+�t�j�|�|�|�d�|�d�|�d�|�}�Wn{�t�j�k
�r�t�j ����t
�j�t
�d���Wd�QXnB�t
�k
�r�t�j ���#�t
�j
�d�i�|�d�6|�d�6�Wd�QXn�X|�S(���sc��Verifies that the action is valid on the target in this context.
:param context: dmapi context
:param action: string representing the action to be checked
this should be colon separated for clarity.
i.e. ``compute:create_instance``,
``compute:attach_volume``,
``volume:attach_volume``
:param target: dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g. ``{'project_id': context.project_id}``
:param do_raise: if True (the default), raises PolicyNotAuthorized;
if False, returns False
:param exc: Class of the exception to raise if the check fails.
Any remaining arguments passed to :meth:`authorize` (both
positional and keyword arguments) will be passed to
the exception class. If not specified,
:class:`PolicyNotAuthorized` will be used.
:raises dmapi.exception.PolicyNotAuthorized: if verification fails
and do_raise is True. Or if 'exc' is specified it will raise an
exception of that type.
:return: returns a non-False value (not necessarily "True") if
authorized, and the exact value False if not authorized and
do_raise is False.
t���do_raiset���exct���actions���Policy not registeredNsC���Policy check for %(action)s failed with credentials %(credentials)st
���credentials(���R���t���to_policy_valuesR���t���PolicyNotAuthorizedR���t ���authorizeR���t���PolicyNotRegisteredR���t���save_and_reraise_exceptionR)���R���t ���Exceptiont���debug(���t���contextR1���t���targetR/���R0���R2���R$���(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyR5���r���s
����
c���������C���s,���t����|��j���}�|�}�t�j�d�|�|��S(���sM���Whether or not roles contains 'admin' role according to policy setting.
t���context_is_admin(���R���R3���R���R5���(���R:���R2���R;���(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyt���check_is_admin ���s����
t���is_admint
���IsAdminCheckc�����������B���s ���e��Z�d��Z�d���Z�d���Z�RS(���s ���An explicit check for is_admin.c���������C���s;���|�j����d�k�|��_�t�t�|���j�|�t�|��j���d�S(���s���Initialize the check.t���trueN(���t���lowert���expectedt���superR?���t���__init__R!���(���t���selft���kindt���match(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyRD���°���s����c���������C���s���|�d�|��j��k�S(���s7���Determine whether is_admin matches the requested value.R>���(���RB���(���RE���R;���t���credst���enforcer(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyt���__call__·���s����(���t���__name__t
���__module__t���__doc__RD���RJ���(����(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyR?���¬���s��� c�����������C���s���t��r
�t��j�Sd��S(���N(���R���R
���(����(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyt ���get_rules½���s����c���������C���s���|��j��t�j����d��S(���N(���t���register_defaultsR���t
���list_rules(���RI���(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyR������s����c����������C���s���g��}��d�}�xc�|�t��t�j��k��rq�t�j�|�j�d��d�k�rP�|�d�7}�q�n��|��j�t�j�|��|�d�7}�q�Wt�j�|��d�d�t���t�S( ���Ni���t���-t ���namespaces
���output-filei���t���projectt���dmapi(���s ���namespaces
���output-file( ���t���lent���syst���argvt���stript���appendR����R���R���R���(���t ���conf_argst���i(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyt
���get_enforcer���s����
c���������C���s`���t��r
�t�t��j�|���}�n�d�}�|�|�k�rX�t�j�d�j�|�|����|�j�|���t�St �Sd�S(���s��Check the rule of the deprecated policy action
If the current rule of the deprecated policy action is set to a non-default
value, then a warning message is logged stating that the new policy
action should be used to dictate permissions as the old policy action is
being deprecated.
:param old_policy: policy action that is being deprecated
:param new_policy: policy action that is replacing old_policy
:param default_rule: the old_policy action default rule value
:param context: the dmapi context
sv���Start using the new action '{0}'. The existing action '{1}' is being deprecated and will be removed in future release.N(
���R���R!���R
���R
���R)���R*���t���formatt���cant���TrueR,���(���t
���old_policyt
���new_policyR���R:���t
���current_rule(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyt���verify_deprecated_policy���s����
(-���RM���R���t���reRV���t
���oslo_configR����t���oslo_logR���t���loggingt
���oslo_policyR���t
���oslo_utilsR���RT���R���t
���dmapi.i18nR���R���R���R���t ���getLoggerRK���R)���R
���R���R&���R���t���compileR'���R
���R_���R���R���R���R,���R-���R5���R=���t���registert���CheckR?���RN���R���R\���Rc���(����(����(����s0���/usr/lib/python2.7/dist-packages/dmapi/policy.pyt���<module>���s:���
"
.