keystone.policy.backends package¶
Submodules¶
keystone.policy.backends.rules module¶
Policy engine for keystone
-
keystone.policy.backends.rules.
enforce
(credentials, action, target, do_raise=True)[source]¶ Verifies that the action is valid on the target in this context.
Parameters: - credentials – user credentials
- action – string representing the action to be checked, which should be colon separated for clarity.
- target – dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. {‘project_id’: object.project_id}
Raises keystone.exception.Forbidden: If verification fails.
Actions should be colon separated for clarity. For example:
- identity:list_users