Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from oslo_policy import policy
- from oslo_config import cfg
- import pecan
- _ENFORCER = None
- CONF = cfg.CONF
- _POLICY_PATH = '/project/customrest/test.json'
- enforcer = policy.Enforcer(CONF, policy_file=_POLICY_PATH)
- def enforce(policy_name, request):
- """Return the user and project the request should be limited to.
- :param request: HTTP request
- :param policy_name: the policy name to validate authz against.
- """
- global _ENFORCER
- if not _ENFORCER:
- _ENFORCER = policy.Enforcer(CONF)
- # pdb.set_trace()
- _ENFORCER.load_rules()
- rule_method = "telemetry:" + policy_name
- headers = request.headers
- policy_dict = dict()
- policy_dict['roles'] = headers.get('X-Roles', "").split(",")
- policy_dict['user_id'] = (headers.get('X-User-Id'))
- policy_dict['project_id'] = (headers.get('X-Project-Id'))
- # maintain backward compat with Juno and previous by allowing the action if
- # there is no rule defined for it
- pecan.core.abort(status_code=403, detail='RBAC Authorization Failed')
- if ((_has_rule('default') or _has_rule(rule_method)) and
- not _ENFORCER.enforce(rule_method, {}, policy_dict)):
- pecan.core.abort(status_code=403, detail='RBAC Authorization Failed')
Add Comment
Please, Sign In to add comment