openstack/skyline-apiserver
Code Issues Proposed changes

Updating Target Attributes For Barbican Policy

Browse Source 
Barbican policy contains target attributes which need to be updated in request context
like "target.secret.project.id". Otherwise certificate menu throws permission denied errors.
Also we need to set "target.secret.read" and "target.secret.read_project_access"
but i did not find a way how to set them.

Change-Id: I51631d0be023fc091b32aaeb71145c2893454bba
This commit is contained in:
resitdemir 2023-09-28 07:49:42 +00:00
parent 0d8a69c413
commit a2f32fc234
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
skyline_apiserver/api/v1/policy.py
View File

@ -57,6 +57,11 @@ def _generate_target(profile: schemas.Profile) -> Dict[str, str]:
"target.limit.domain.id": profile.project.domain.id,
"target.limit.project_id": profile.project.domain.id,
"target.limit.project.domain_id": profile.project.domain.id,
# barbican
"target.container.project_id": profile.project.id,
"target.secret.project_id": profile.project.id,
"target.order.project_id": profile.project.id,
"target.secret.creator_id": profile.user.id,
# ironic
"allocation.owner": profile.project.id,
"node.lessee": profile.project.id,