Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:Ardana:9:CentOS:7.5
openstack-barbican
0001-Fix-policy-for-adding-a-secret-to-a-contai...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Fix-policy-for-adding-a-secret-to-a-container.patch of Package openstack-barbican
From 2c6726e3e79d22cd0304647e072493b9d7e84830 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Douglas=20Mendiz=C3=A1bal?= <dmendiza@redhat.com> Date: Fri, 15 Oct 2021 11:51:10 -0500 Subject: [PATCH] Fix policy for adding a secret to a container This patch fixes the policies for adding and removing secrets from a secret container. Story: 2009297 Task: 43727 Change-Id: I821b4f5998be5b40327311039979f5e00ea9cefc (cherry picked from commit 6c841b23afa8ed6fa4cd01ba1a6bebfb60f06ae5) (cherry picked from commit a8226fcf33f16078d92949af23bdf41a7593bb64) (cherry picked from commit 7cf500a98239e861f877539827f3be57c920b95c) (cherry picked from commit 54e342fa7cf15cb77b2bc4b330c5b8fa41678881) (cherry picked from commit ecfef01555b299e3b58392208d1630ed84ca6717) --- barbican/common/policies/base.py | 2 ++ barbican/common/policies/containers.py | 10 ++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/barbican/common/policies/base.py b/barbican/common/policies/base.py index 52812f36..ad4fa8a8 100644 --- a/barbican/common/policies/base.py +++ b/barbican/common/policies/base.py @@ -68,6 +68,8 @@ rules = [ policy.RuleDefault('container_project_creator', "rule:creator and rule:container_project_match and " "rule:container_creator_user"), + policy.RuleDefault("container_project_creator_role", + "rule:creator and rule:container_project_match"), ] diff --git a/barbican/common/policies/containers.py b/barbican/common/policies/containers.py index 643f1411..d0090c72 100644 --- a/barbican/common/policies/containers.py +++ b/barbican/common/policies/containers.py @@ -27,9 +27,15 @@ rules = [ 'rule:container_project_admin or ' 'rule:container_project_creator'), policy.RuleDefault('container_secret:post', - 'rule:admin'), + 'rule:container_project_admin or ' + + 'rule:container_project_creator or ' + + 'rule:container_project_creator_role and ' + + 'rule:container_non_private_read'), policy.RuleDefault('container_secret:delete', - 'rule:admin'), + 'rule:container_project_admin or ' + + 'rule:container_project_creator or ' + + 'rule:container_project_creator_role and ' + + 'rule:container_non_private_read'), ] -- 2.25.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor