deckhand.policy module¶
Verifies whether a policy action can be performed given the credentials found in the falcon request context.
Parameters: action – The policy action to enforce. Returns: True
if policy enforcement succeeded, elseFalse
.Raises: falcon.HTTPForbidden if policy enforcement failed or if the policy action isn’t registered under deckhand.policies
.
Conditionally authorize a policy action.
Parameters: - action – The policy action to enforce.
- context – The falcon request context object.
- do_raise – Whether to raise the exception if policy enforcement
fails.
True
by default.
Raises: falcon.HTTPForbidden if policy enforcement failed or if the policy action isn’t registered under
deckhand.policies
.Example:
# If any requested documents' metadata.storagePolicy == 'cleartext'. if cleartext_documents: policy.conditional_authorize('deckhand:create_cleartext_documents', req.context)
-
deckhand.policy.
init
(policy_file=None, rules=None, default_rule=None, use_conf=True)[source]¶ Init an Enforcer class.
Parameters: - policy_file – Custom policy file to use, if none is specified,
CONF.policy_file
will be used. - rules – Default dictionary / Rules to use. It will be considered just in the first instantiation.
- default_rule – Default rule to use;
CONF.default_rule
will be used if none is specified. - use_conf – Whether to load rules from config file.
- policy_file – Custom policy file to use, if none is specified,