Fix RBAC and ACL access for managing secret containers

This patch adds the missing access control data to enforce access control for adding/removing secrets in containers. Change-Id: I6879f566117db5ec0099ddad35ba649a3c674bd1 (cherry picked from commit 922c68bada) (cherry picked from commit c8d3c58014) (cherry picked from commit ef28147365) (cherry picked from commit c39bb67a74)
1 year ago · f22739f1bc
1 changed files with 6 additions and 0 deletions
--- a/barbican/api/controllers/containers.py
+++ b/barbican/api/controllers/containers.py
@ -235,6 +235,12 @@ class ContainersSecretsController(controllers.ACLMixin):
        self.secret_repo = repo.get_secret_repository()
        self.validator = validators.ContainerSecretValidator()

+    def get_acl_tuple(self, req, **kwargs):
+        acl = self.get_acl_dict_for_user(req, self.container.container_acls)
+        acl['project_id'] = self.container.project.external_id
+        acl['creator_id'] = self.container.creator_id
+        return ('container', acl)
+
    @pecan.expose(generic=True)
    def index(self, **kwargs):
        pecan.abort(405)  # HTTP 405 Method Not Allowed as default