çáþ\ã@sã
dZd
dl
mZ
d
dlZd
dlZd
dlZd
dlmZ
d
dlm	Z

d
dlZd
dlm
Z

d
dlmZ
d
dlmZ
d
d	lmZ
d
d
lmZ
d
dlmZ
d
dlmZ
ejjZejd
dddejjdƒ
dedƒ
ƒ
ejddddejjdƒ
dedƒ
ƒ
ejddddejjdƒ
dedƒ
ƒ
gZGdd„deƒZdei
Zej e
j!deƒ

Z!ej"d d!d"dd#d$e!ƒ
Z#d%d&„Z$dS)'z0
  CLI interface for nova policy rule commands.
é)
Úprint_functionN)
Úcfg)
Úcommon)
Úconfig)
Úcontext)
Údb)
Ú	exception)
Ú
_)
Úpolicies)
Úversionzos-rolesÚmetavarz<auth-roles>ÚdefaultZOS_ROLESÚhelpzDefaults to env[OS_ROLES].z
os-user-idz<auth-user-id>Z
OS_USER_IDzDefaults to env[OS_USER_ID].zos-tenant-idz<auth-tenant-id>ZOS_TENANT_IDzDefaults to env[OS_TENANT_ID].c
@s¶eZ
dZd
ZdddddgZejddd	d
ddd
ƒ
ejdddddd
ddddjeƒ
ƒ
dddd„ƒ
ƒ
Zdd„Z	dd„Z
dd„ZdS)ÚPolicyCommandszCommands for policy rules.Ú
project_idÚuser_idZquota_classZavailability_zoneÚinstance_idz
--api-nameÚdestÚapi_namerz
<API name>rzDWill return only passing policy rules containing the given API name.z--targetÚnargsú
+Útargetz<Target>zœWill return only passing policy rules for the given target. The available targets are %s. When "instance_id" is used, the other targets will be overwritten.ú
,NcCsn|jƒ}|
pd
}
|j
||ƒ}|j||
|ƒ}|r\tdj|ƒ
ƒ

dStdƒ

dSdS)aÒ
Prints all passing policy rules for the given user.

        :param api_name: If None, all passing policy rules will be printed,
                         otherwise, only passing policies that contain the
                         given api_name in their names.
        :param target: The target against which the policy rule authorization
                       will be tested. If None, the given user will be
                       considered as the target.
        ÚÚ

r
zNo rules matched or allowedé
N)Ú_get_contextÚ_get_targetÚ
_filter_rulesÚprintÚjoin)ÚselfrrrZallowed_operations©r"ú2/usr/lib/python3/dist-packages/dmapi/cmd/policy.pyÚcheck7s





zPolicyCommands.checkc

Cs%tj
d
tjdtjdtjƒS)NZrolesrr)Únova_contextZRequestContextÚCONFZos_rolesZ
os_user_idZos_tenant_id)
r!r"r"r#rVs
	
	
	
zPolicyCommands._get_contextc
Cs²|s
d
Si}xN|D]F}|jdƒ
\}}||j
krStjd|ƒ
‚
|||<qW|jdƒ
}|r®tjƒ}tj||ƒ}	d|	dd|	di}|S)aÌ
Processes and validates the CLI given target and adapts it for
        policy authorization.

        :returns: None if the given target is None, otherwise returns a proper
                  authorization target.
        :raises nova.exception.InvalidAttribute: if a key in the given target
            is not an acceptable.
        :raises nova.exception.InstanceNotFound: if 'instance_id' is given, and
            there is no instance match the id.
        Nú
=Úattrrrr)	ÚsplitÚ_ACCEPTABLE_TARGETSrZInvalidAttributeÚgetr%Zget_admin_contextrZinstance_get_by_uuid)
r!rrÚ
new_targetÚ
tÚkeyÚvaluerZ
admin_ctxtÚinstancer"r"r#r\s












zPolicyCommands._get_targetcs)tj
ƒ}‡‡
‡fd
d†|Dƒ
S)Nc
sCg|]9}
ˆ|
jkrˆ
j
|
jˆdd
ƒ
r|
j‘qS)ÚfatalF)ÚnameZcan)Ú.0Zrule)rrrr"r#ú
<listcomp>}s	
z0PolicyCommands._filter_rules.<locals>.<listcomp>)r
Z
list_rules)r!rrrZ	all_rulesr")rrrr#r{s

zPolicyCommands._filter_rules)Ú__name__Ú
__module__Ú__qualname__Ú__doc__r*Ú
cmd_commonÚargsr r$rrrr"r"r"r#r0s

	


rÚpolicyÚ
categoriesÚcategoryÚtitlezCommand categorieszAvailable categoriesÚhandlercCsãtj
tƒ

tjtƒ

tjtjƒ

tj	j
d
krPttj
ƒƒ

dStj	j
dkrstjtƒ

dSy,tjƒ\}}
}||
|Ž}|SWn=tk
rÞ
}
zttdƒ
|ƒ

dSWYdd}~Xn
XdS)z4Parse options and call the appropriate class/method.rr
zbash-completionz	error: %srN)r&Zregister_cli_optsÚcli_optsZregister_cli_optÚcategory_optrÚ
parse_argsÚsysÚargvr=r2rrZversion_string_with_packager9Zprint_bash_completionÚ
CATEGORIESZ
get_action_fnÚ	Exceptionr	)ÚfnZfn_argsZ	fn_kwargsÚretÚexr"r"r#Úmains 














rJ)%r8Ú
__future__rÚ	functoolsÚosrCZoslo_configrZnova.cmdrr9Z	nova.confZnovarrr%rrZ	nova.i18nr	r
rÚconfr&ZListOptÚenvironr+ZStrOptr@ÚobjectrrEÚpartialZadd_command_parsersZ
SubCommandOptrArJr"r"r"r#Ú<module>sN























R