From a2f32fc234548e350c8a0b49bdf55d16fb5d1e69 Mon Sep 17 00:00:00 2001
From: resitdemir <resit.demir@tubitak.gov.tr>
Date: Thu, 28 Sep 2023 07:49:42 +0000
Subject: [PATCH] Updating Target Attributes For Barbican Policy

Barbican policy contains target attributes which need to be updated in request context
like "target.secret.project.id". Otherwise certificate menu throws permission denied errors.
Also we need to set "target.secret.read" and "target.secret.read_project_access"
but i did not find a way how to set them.

Change-Id: I51631d0be023fc091b32aaeb71145c2893454bba
---
 skyline_apiserver/api/v1/policy.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/skyline_apiserver/api/v1/policy.py b/skyline_apiserver/api/v1/policy.py
index 33f9390..00fc936 100644
--- a/skyline_apiserver/api/v1/policy.py
+++ b/skyline_apiserver/api/v1/policy.py
@@ -57,6 +57,11 @@ def _generate_target(profile: schemas.Profile) -> Dict[str, str]:
         "target.limit.domain.id": profile.project.domain.id,
         "target.limit.project_id": profile.project.domain.id,
         "target.limit.project.domain_id": profile.project.domain.id,
+        # barbican
+        "target.container.project_id": profile.project.id,
+        "target.secret.project_id": profile.project.id,
+        "target.order.project_id": profile.project.id,
+        "target.secret.creator_id": profile.user.id,
         # ironic
         "allocation.owner": profile.project.id,
         "node.lessee": profile.project.id,