from oslo_policy import policyfrom oslo_config import cfgimport pecan_ENFO

1. from oslo_policy import policy
2. from oslo_config import cfg
3. import pecan
4. _ENFORCER = None
5. CONF = cfg.CONF
6. _POLICY_PATH = '/project/customrest/test.json'
7. enforcer = policy.Enforcer(CONF, policy_file=_POLICY_PATH)
8.  
9. def enforce(policy_name, request):
10.  
11. """Return the user and project the request should be limited to.
12.  
13. :param request: HTTP request
14. :param policy_name: the policy name to validate authz against.
15.  
16. """
17. global _ENFORCER
18. if not _ENFORCER:
19. _ENFORCER = policy.Enforcer(CONF)
20. # pdb.set_trace()
21. _ENFORCER.load_rules()
22.  
23. rule_method = "telemetry:" + policy_name
24. headers = request.headers
25.  
26. policy_dict = dict()
27. policy_dict['roles'] = headers.get('X-Roles', "").split(",")
28. policy_dict['user_id'] = (headers.get('X-User-Id'))
29. policy_dict['project_id'] = (headers.get('X-Project-Id'))
30.  
31. # maintain backward compat with Juno and previous by allowing the action if
32. # there is no rule defined for it
33. pecan.core.abort(status_code=403, detail='RBAC Authorization Failed')
34. if ((_has_rule('default') or _has_rule(rule_method)) and
35. not _ENFORCER.enforce(rule_method, {}, policy_dict)):
36. pecan.core.abort(status_code=403, detail='RBAC Authorization Failed')