The admin role judge exception caused the policy to fail

1. What is the problem?

Caused the policy to fail When use 'admin' role to create pod,
Error response is "Unauthorized to create pods".

2. What is the solution to the problem?
In context, the 'HTTP_X_ROLE' maybe include mutilple role, so use
'admin' in environ.get('HTTP_X_ROLE') to judge rather than equality.

Change-Id: If0a765603e56e0325a31f7a3e0202f52fd1cbe38
This commit is contained in:
zhangxiaohan 2018-08-21 09:37:44 +08:00
parent c2dcd4f660
commit bcc307ae5b
2 changed files with 2 additions and 2 deletions

View File

@ -119,7 +119,7 @@ def _extract_context_from_environ(environ):
context_paras[key] = environ.get(context_paras[key])
role = environ.get('HTTP_X_ROLE')
# TODO(zhiyuan): replace with policy check
context_paras['is_admin'] = role == 'admin'
context_paras['is_admin'] = 'admin' in role.split(',') if role else False
return t_context.Context(**context_paras)

View File

@ -55,7 +55,7 @@ def extract_context_from_environ():
context_paras[key] = environ.get(context_paras[key])
role = environ.get('HTTP_X_ROLE')
context_paras['is_admin'] = role == 'admin'
context_paras['is_admin'] = 'admin' in role.split(',') if role else False
return Context(**context_paras)