[Openstack-operators] how to enforce updated policy of nova policy json for quota:update
Lee Ho Yeung
jobmattcon at gmail.com
Wed Sep 14 08:31:21 UTC 2016
https://www.digitalocean.com/community/questions/how-enforce-an-updated-policy-in-etc-nova-policy-json
https://ask.openstack.org/en/question/96797/how-enforce-and-apply-an-updated-policy-in-etcnovapolicyjson/
from keystoneclient.v2_0.client import Client
import os
import csv
import sys
import logging
import time
from nova import db
from nova import config
from nova import context
import novaclient.v1_1.client as nvclient
from keystoneauth1 import loading
from keystoneauth1 import session
#from novaclient import nvclient
import urllib3
from os import environ as env
from nova import policy
def get_nova_credentials_v2():
d = {}
d['version'] = '2'
d['username'] = os.environ['OS_USERNAME']
d['password'] = os.environ['OS_PASSWORD']
d['auth_url'] = os.environ['OS_AUTH_URL']
d['tenant_name'] = os.environ['OS_TENANT_NAME']
d['insecure'] = 'True'
#d['os_cacert'] = os.environ['OS_CACERT']
return d
# set up logging to file - see previous section for more details
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-12s %(levelname)-8s
%(message)s',
datefmt='%m-%d %H:%M',
filename='/home/martin/createprojectanduser'+time.strftime("%d-%m-%y-%H-%M-%S")+'.log',
filemode='w')
# define a Handler which writes INFO messages or higher to the sys.stderr
console = logging.StreamHandler()
console.setLevel(logging.INFO)
# set a format which is simpler for console use
formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s')
# tell the handler to use this format
console.setFormatter(formatter)
# add the handler to the root logger
logging.getLogger('').addHandler(console)
credentials = get_nova_credentials_v2()
keystone_client = Client(**credentials)
tenants = keystone_client.tenants.list()
rolelist = keystone_client.roles.list()
userlist = keystone_client.users.list()
my_admin = [x for x in rolelist if x.name=="admin"][0]
my_member = [x for x in rolelist if x.name=="_member_"][0]
my_admin_user = [x for x in userlist if x.name=="admin"][0]
my_tenant = [x for x in tenants if x.name=="CoinMarkets"][0]
#nc = nvclient.Client(None, None, None, auth_url=os.environ['OS_AUTH_URL'],
tenant_id=my_tenant.id, auth_token=keystone_client.auth_token,
insecure='True')
my_tenant = [x for x in tenants if x.name=="MEDULLA"][0]
#loader = loading.get_plugin_loader('password')
#auth =
loader.load_from_options(auth_url=os.environ['OS_AUTH_URL'],username="
hello at gmail.com",password="8_hrRfsa",project_id=my_tenant.id)
#sess = session.Session(auth=auth)
#nc = nvclient.Client("1.1", session=sess)
#nc = nvclient.Client(None, None, None, auth_url=os.environ['OS_AUTH_URL'],
tenant_id=my_tenant.id, auth_token=keystone_client.auth_token)
#nc = nvclient.Client("hello at gmail.com", "8_hrRfsa", my_tenant.id,
os.environ['OS_AUTH_URL'], insecure='True')
#,region_name=os.environ['OS_REGION_NAME']
#nc = nvclient.Client(auth_url=os.environ['OS_AUTH_URL'],username="
hello at gmail.com",api_key="8_hrRfsa",project_id=my_tenant.id
,cacert=os.environ['OS_CACERT'])
auth_system = env.get('OS_AUTH_SYSTEM', 'keystone')
if auth_system != "keystone":
print("here")
auth_plugin = novaclient.auth_plugin.load_plugin(auth_system)
else:
auth_plugin = None
#nc =
nvclient.Client(auth_url=env['OS_AUTH_URL'],username=env['OS_USERNAME'],api_key=env['OS_PASSWORD'],project_id=env['OS_TENANT_NAME'],region_name=env['OS_REGION_NAME'],auth_system=auth_system,auth_plugin=auth_plugin)
#,region_name=env['OS_REGION_NAME']
#nc.authenticate()
nc = nvclient.Client(auth_url=os.environ['OS_AUTH_URL'],username="
hello at gmail.com
",api_key="8_hrRfsa",project_id="MEDULLA",auth_system=auth_system,auth_plugin=auth_plugin,cacert=os.environ['OS_CACERT'])
server_policies = [("compute_extension:quotas:update", ""),]
policy_engine = policy.get_rules()
policy.enforce('compute_extension:quotas:update', policy_engine, nc)
>>> policy_engine = policy.get_rules()
>>> policy.enforce('compute_extension:quotas:update', policy_engine, nc)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/dist-packages/nova/policy.py", line 92, in
enforce
init()
File "/usr/lib/python2.7/dist-packages/nova/policy.py", line 58, in init
_POLICY_PATH = CONF.find_file(_POLICY_PATH)
File "/usr/lib/python2.7/dist-packages/oslo/config/cfg.py", line 1908, in
find_file
if self.config_dir:
File "/usr/lib/python2.7/dist-packages/oslo/config/cfg.py", line 1648, in
__getattr__
raise NoSuchOptError(name)
oslo.config.cfg.NoSuchOptError: no such option: config_dir
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160914/e469f77e/attachment.html>
More information about the OpenStack-operators
mailing list