[Openstack-operators] how to enforce updated policy of nova policy json for quota:update

Lee Ho Yeung jobmattcon at gmail.com
Wed Sep 14 08:31:21 UTC 2016


https://www.digitalocean.com/community/questions/how-enforce-an-updated-policy-in-etc-nova-policy-json

https://ask.openstack.org/en/question/96797/how-enforce-and-apply-an-updated-policy-in-etcnovapolicyjson/



from keystoneclient.v2_0.client import Client
import os
import csv
import sys
import logging
import time
from nova import db
from nova import config
from nova import context
import novaclient.v1_1.client as nvclient
from keystoneauth1 import loading
from keystoneauth1 import session
#from novaclient import nvclient
import urllib3
from os import environ as env
from nova import policy

def get_nova_credentials_v2():
    d = {}
    d['version'] = '2'
    d['username'] = os.environ['OS_USERNAME']
    d['password'] = os.environ['OS_PASSWORD']
    d['auth_url'] = os.environ['OS_AUTH_URL']
    d['tenant_name'] = os.environ['OS_TENANT_NAME']
    d['insecure'] = 'True'
    #d['os_cacert'] = os.environ['OS_CACERT']
    return d

# set up logging to file - see previous section for more details
logging.basicConfig(level=logging.DEBUG,
                    format='%(asctime)s %(name)-12s %(levelname)-8s
%(message)s',
                    datefmt='%m-%d %H:%M',

filename='/home/martin/createprojectanduser'+time.strftime("%d-%m-%y-%H-%M-%S")+'.log',
                    filemode='w')
# define a Handler which writes INFO messages or higher to the sys.stderr
console = logging.StreamHandler()
console.setLevel(logging.INFO)
# set a format which is simpler for console use
formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s')
# tell the handler to use this format
console.setFormatter(formatter)
# add the handler to the root logger
logging.getLogger('').addHandler(console)

credentials = get_nova_credentials_v2()
keystone_client = Client(**credentials)
tenants = keystone_client.tenants.list()
rolelist = keystone_client.roles.list()
userlist = keystone_client.users.list()
my_admin = [x for x in rolelist if x.name=="admin"][0]
my_member = [x for x in rolelist if x.name=="_member_"][0]
my_admin_user = [x for x in userlist if x.name=="admin"][0]
my_tenant = [x for x in tenants if x.name=="CoinMarkets"][0]
#nc = nvclient.Client(None, None, None, auth_url=os.environ['OS_AUTH_URL'],
tenant_id=my_tenant.id, auth_token=keystone_client.auth_token,
insecure='True')
my_tenant = [x for x in tenants if x.name=="MEDULLA"][0]

#loader = loading.get_plugin_loader('password')
#auth =
loader.load_from_options(auth_url=os.environ['OS_AUTH_URL'],username="
hello at gmail.com",password="8_hrRfsa",project_id=my_tenant.id)
#sess = session.Session(auth=auth)
#nc = nvclient.Client("1.1", session=sess)

#nc = nvclient.Client(None, None, None, auth_url=os.environ['OS_AUTH_URL'],
tenant_id=my_tenant.id, auth_token=keystone_client.auth_token)
#nc = nvclient.Client("hello at gmail.com", "8_hrRfsa", my_tenant.id,
os.environ['OS_AUTH_URL'], insecure='True')
#,region_name=os.environ['OS_REGION_NAME']
#nc = nvclient.Client(auth_url=os.environ['OS_AUTH_URL'],username="
hello at gmail.com",api_key="8_hrRfsa",project_id=my_tenant.id
,cacert=os.environ['OS_CACERT'])


auth_system = env.get('OS_AUTH_SYSTEM', 'keystone')
if auth_system != "keystone":
  print("here")
  auth_plugin = novaclient.auth_plugin.load_plugin(auth_system)
else:
  auth_plugin = None


#nc =
nvclient.Client(auth_url=env['OS_AUTH_URL'],username=env['OS_USERNAME'],api_key=env['OS_PASSWORD'],project_id=env['OS_TENANT_NAME'],region_name=env['OS_REGION_NAME'],auth_system=auth_system,auth_plugin=auth_plugin)
#,region_name=env['OS_REGION_NAME']
#nc.authenticate()

nc = nvclient.Client(auth_url=os.environ['OS_AUTH_URL'],username="
hello at gmail.com
",api_key="8_hrRfsa",project_id="MEDULLA",auth_system=auth_system,auth_plugin=auth_plugin,cacert=os.environ['OS_CACERT'])


server_policies = [("compute_extension:quotas:update", ""),]

policy_engine = policy.get_rules()
policy.enforce('compute_extension:quotas:update', policy_engine, nc)



>>> policy_engine = policy.get_rules()
>>> policy.enforce('compute_extension:quotas:update', policy_engine, nc)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/dist-packages/nova/policy.py", line 92, in
enforce
    init()
  File "/usr/lib/python2.7/dist-packages/nova/policy.py", line 58, in init
    _POLICY_PATH = CONF.find_file(_POLICY_PATH)
  File "/usr/lib/python2.7/dist-packages/oslo/config/cfg.py", line 1908, in
find_file
    if self.config_dir:
  File "/usr/lib/python2.7/dist-packages/oslo/config/cfg.py", line 1648, in
__getattr__
    raise NoSuchOptError(name)
oslo.config.cfg.NoSuchOptError: no such option: config_dir
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160914/e469f77e/attachment.html>


More information about the OpenStack-operators mailing list