Question

how enforce an updated policy in /etc/nova/policy.json

vi /etc/nova/policy.json

change “compute_extension:quotas:update”: “rule:admin_api” to “compute_extension:quotas:update”: “”

nc = nvclient.Client(auth_url=os.environ[‘OS_AUTH_URL’],username=“hello@gmail.com”,api_key=“hello”,project_id=“MEDULLA”,auth_system=auth_system,auth_plugin=auth_plugin,cacert=os.environ[‘OS_CACERT’]) #nc.authenticate()

policy.enforce(nc,‘quotas:update’,{‘getall’:None})

policy.enforce(nc,‘quotas:update’,{‘getall’:None}) Traceback (most recent call last): File “<stdin>”, line 1, in <module> NameError: name ‘policy’ is not defined

Subscribe
Share
>>> policy.enforce(nc,'quotas:update',{'getall':None})
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/dist-packages/nova/policy.py", line 92, in enforce
    init()
  File "/usr/lib/python2.7/dist-packages/nova/policy.py", line 62, in init
    reload_func=_set_rules)
  File "/usr/lib/python2.7/dist-packages/nova/utils.py", line 661, in read_cached_file
    mtime = os.path.getmtime(filename)
  File "/usr/lib/python2.7/genericpath.py", line 54, in getmtime
    return os.stat(filename).st_mtime
OSError: [Errno 2] No such file or directory: 'policy.json'

dir(policy)
['CONF', 'IsAdminCheck', '_', '_POLICY_CACHE', '_POLICY_PATH', '__builtins__', '__doc__', '__file__', '__name__', '__package__', '_set_rules', 'cfg', 'check_is_admin', 'enforce', 'exception', 'get_rules', 'init', 'os', 'policy', 'policy_opts', 'reset', 'utils']

got error in ice version python 2.7

dir(policy_engine) [‘class’, ‘delattr’, ‘doc’, ‘format’, ‘getattribute’, ‘hash’, ‘init’, ‘new’, ‘reduce’, ‘reduce_ex’, ‘repr’, ‘setattr’, ‘sizeof’, ‘str’, ‘subclasshook’]

https://review.openstack.org/gitweb?p=openstack/oslo-specs.git;a=commitdiff;h=17dc70a10053bd4231030c0ed5d9b0a377402b02

server_policies = [("compute_extension:quotas:update", ""),]

policy_engine = policy.get_rules()
policy_engine.register_opts(server_policies)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'NoneType' object has no attribute 'register_opts'
>>> policy_engine.enforce('compute_extension:quotas:update', target, nc)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'NoneType' object has no attribute 'enforce'


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

i solved by

neutron quota-update --tenant_id " $1 " --router 1