Promote sysinv to registry admin
This commit gives 'registry admin' powers to the 'sysinv' user for pushing and pulling all repos. Using sysinv instead of the keystone admin will prevent lockout of the keystone admin user if the credentials change. The old 'admin' will continue to have admin powers. Partial-bug: 1882117 Change-Id: I0544525e218a7a16d560e2a96c2a878696b75837 Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
This commit is contained in:
parent
d2c3cae672
commit
9aed7196fa
|
@ -180,10 +180,10 @@ func filterAccessList(ctx context.Context, scope string, requestedAccessList []a
|
|||
grantedAccessList := make([]auth.Access, 0, len(requestedAccessList))
|
||||
for _, access := range requestedAccessList {
|
||||
if access.Type == "repository" {
|
||||
// filter access to repos if the user is not "admin"
|
||||
// filter access to repos if the user is not "admin" or "sysinv"
|
||||
// need to have a "/" at the end because it adds one at the beginning of the fcn
|
||||
// probably to prevent people making accounts like "adminnot" to steal admin powers
|
||||
if !strings.HasPrefix(access.Name, scope) && scope != "admin/" {
|
||||
if !strings.HasPrefix(access.Name, scope) && scope != "admin/" && scope != "sysinv/" {
|
||||
dcontext.GetLogger(ctx).Debugf("Resource scope not allowed: %s", access.Name)
|
||||
continue
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue