Browse Source

The admin role judge exception caused the policy to fail

1. What is the problem?

Caused the policy to fail When use 'admin' role to create pod,
Error response is "Unauthorized to create pods".

2. What is the solution to the problem?
In context, the 'HTTP_X_ROLE' maybe include mutilple role, so use
'admin' in environ.get('HTTP_X_ROLE') to judge rather than equality.

Change-Id: If0a765603e56e0325a31f7a3e0202f52fd1cbe38
changes/87/593987/2
zhangxiaohan 3 years ago
parent
commit
bcc307ae5b
2 changed files with 2 additions and 2 deletions
  1. +1
    -1
      tricircle/api/controllers/root.py
  2. +1
    -1
      tricircle/common/context.py

+ 1
- 1
tricircle/api/controllers/root.py View File

@ -119,7 +119,7 @@ def _extract_context_from_environ(environ):
context_paras[key] = environ.get(context_paras[key])
role = environ.get('HTTP_X_ROLE')
# TODO(zhiyuan): replace with policy check
context_paras['is_admin'] = role == 'admin'
context_paras['is_admin'] = 'admin' in role.split(',') if role else False
return t_context.Context(**context_paras)


+ 1
- 1
tricircle/common/context.py View File

@ -55,7 +55,7 @@ def extract_context_from_environ():
context_paras[key] = environ.get(context_paras[key])
role = environ.get('HTTP_X_ROLE')
context_paras['is_admin'] = role == 'admin'
context_paras['is_admin'] = 'admin' in role.split(',') if role else False
return Context(**context_paras)


Loading…
Cancel
Save