{"library":"oslo-policy","title":"Oslo Policy","description":"Oslo Policy is a core OpenStack library providing a robust and flexible authorization framework. It allows developers to define fine-grained access control rules using a policy file (JSON or YAML) and enforce them within their applications. As part of the OpenStack Oslo project, it is actively maintained with releases tied to the OpenStack development cycle, currently at version 5.0.0.","language":"python","status":"active","last_verified":"Sun May 17","install":{"commands":["pip install oslo-policy"],"cli":{"name":"openstack","version":"sh: 1: openstack: not found"}},"imports":["from oslo_policy import policy\nenforcer = policy.Enforcer(...)","from oslo_policy import policy\nexcept policy.PolicyNotAuthorized:"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"from oslo_policy import policy\n\n# Define policy rules inline for simplicity.\n# In a real application, these would typically be loaded from a policy file\n# (e.g., policy.yaml or policy.json) configured via oslo.config.\n# Example: enforcer = policy.Enforcer(policy_file='path/to/policy.yaml')\nrules = {\n    \"admin_api\": \"role:admin\",\n    \"member_api\": \"role:member\",\n    \"owner_api\": \"project_id:%(project_id)s\"\n}\n\n# Initialize the Policy Enforcer\nenforcer = policy.Enforcer(rules=rules)\n\n# Context for an admin user\nadmin_context = {\n    \"user_id\": \"admin_user\",\n    \"roles\": [\"admin\"],\n    \"project_id\": \"admin_project\"\n}\n\n# Context for a regular member user\nmember_context = {\n    \"user_id\": \"member_user\",\n    \"roles\": [\"member\"],\n    \"project_id\": \"member_project\"\n}\n\n# Target data for owner check (e.g., a resource's project_id)\ntarget_data_owner = {\"project_id\": \"member_project\"}\ntarget_data_other = {\"project_id\": \"another_project\"}\n\n\nprint(\"--- Admin User Checks ---\")\ntry:\n    enforcer.authorize(\"admin_api\", admin_context)\n    print(\"Admin can access admin_api: YES\")\nexcept policy.PolicyNotAuthorized as e:\n    print(f\"Admin can access admin_api: NO ({e})\")\n\ntry:\n    enforcer.authorize(\"member_api\", admin_context)\n    print(\"Admin can access member_api: YES\")\nexcept policy.PolicyNotAuthorized as e:\n    print(f\"Admin can access member_api: NO ({e})\")\n\nprint(\"\\n--- Member User Checks ---\")\ntry:\n    enforcer.authorize(\"admin_api\", member_context)\n    print(\"Member can access admin_api: YES\")\nexcept policy.PolicyNotAuthorized as e:\n    print(f\"Member can access admin_api: NO ({e})\") # Expected: NO\n\ntry:\n    enforcer.authorize(\"member_api\", member_context)\n    print(\"Member can access member_api: YES\")\nexcept policy.PolicyNotAuthorized as e:\n    print(f\"Member can access member_api: NO ({e})\")\n\n# Check owner_api (member accessing their own project)\ntry:\n    enforcer.authorize(\"owner_api\", member_context, target_data_owner)\n    print(\"Member can access owner_api for their project: YES\")\nexcept policy.PolicyNotAuthorized as e:\n    print(f\"Member can access owner_api for their project: NO ({e})\")\n\n# Check owner_api (member accessing another project)\ntry:\n    enforcer.authorize(\"owner_api\", member_context, target_data_other)\n    print(\"Member can access owner_api for another project: YES\")\nexcept policy.PolicyNotAuthorized as e:\n    print(f\"Member can access owner_api for another project: NO ({e})\") # Expected: NO","lang":"python","description":"This quickstart demonstrates how to define policy rules, initialize an `Enforcer`, and use its `authorize` method to check permissions based on user context and target data. It shows successful and failed authorization attempts for different user roles and resource ownership scenarios.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":{"tag":null,"tag_description":null,"last_tested":"2026-05-17","installed_version":"4.6.0","pypi_latest":"5.0.0","is_stale":true,"summary":{"python_range":"3.10–3.9","success_rate":100,"avg_install_s":4.7,"avg_import_s":0.98,"wheel_type":"wheel"},"results":[{"runtime":"python:3.10-alpine","python_version":"3.10","os_libc":"alpine (musl)","variant":"oslo-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":null,"import_time_s":0.75,"mem_mb":10.9,"disk_size":"43.5M"},{"runtime":"python:3.10-slim","python_version":"3.10","os_libc":"slim (glibc)","variant":"oslo-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":4.7,"import_time_s":0.52,"mem_mb":10.9,"disk_size":"45M"},{"runtime":"python:3.11-alpine","python_version":"3.11","os_libc":"alpine (musl)","variant":"oslo-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":null,"import_time_s":1.52,"mem_mb":12,"disk_size":"47.9M"},{"runtime":"python:3.11-slim","python_version":"3.11","os_libc":"slim (glibc)","variant":"oslo-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":4.5,"import_time_s":1.38,"mem_mb":12,"disk_size":"50M"},{"runtime":"python:3.12-alpine","python_version":"3.12","os_libc":"alpine (musl)","variant":"oslo-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":null,"import_time_s":1.06,"mem_mb":11.7,"disk_size":"48.2M"},{"runtime":"python:3.12-slim","python_version":"3.12","os_libc":"slim (glibc)","variant":"oslo-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":4.6,"import_time_s":1.22,"mem_mb":11.7,"disk_size":"50M"},{"runtime":"python:3.13-alpine","python_version":"3.13","os_libc":"alpine (musl)","variant":"oslo-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":null,"import_time_s":1,"mem_mb":11.8,"disk_size":"48.0M"},{"runtime":"python:3.13-slim","python_version":"3.13","os_libc":"slim (glibc)","variant":"oslo-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":4.5,"import_time_s":1.1,"mem_mb":11.8,"disk_size":"50M"},{"runtime":"python:3.9-alpine","python_version":"3.9","os_libc":"alpine (musl)","variant":"oslo-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":null,"import_time_s":0.64,"mem_mb":10.4,"disk_size":"45.5M"},{"runtime":"python:3.9-slim","python_version":"3.9","os_libc":"slim (glibc)","variant":"oslo-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":5.4,"import_time_s":0.6,"mem_mb":10.4,"disk_size":"47M"}]}}