openstack/barbican
Code Issues Proposed changes

Merge "Update secret:delete policy to allow admin to delete secret"

Browse Source
This commit is contained in:
Zuul 2023-10-02 12:17:09 +00:00 committed by Gerrit Code Review
commit fa8e52ccb7
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
barbican/common/policies/secrets.py
View File

@ -83,7 +83,8 @@ rules = [
name='secret:get', name='secret:get',
check_str=( check_str=(
"True:%(enforce_new_defaults)s and " "True:%(enforce_new_defaults)s and "
"(rule:secret_project_admin or " "(role:admin or "
"rule:secret_project_admin or "
"(rule:secret_project_member and rule:secret_owner) or " "(rule:secret_project_member and rule:secret_owner) or "
"(rule:secret_project_member and rule:secret_is_not_private) or " "(rule:secret_project_member and rule:secret_is_not_private) or "
"rule:secret_acl_read)"), "rule:secret_acl_read)"),
@ -118,7 +119,8 @@ rules = [
name='secret:delete', name='secret:delete',
check_str=( check_str=(
"True:%(enforce_new_defaults)s and " "True:%(enforce_new_defaults)s and "
"(rule:secret_project_admin or " "(role:admin or "
"rule:secret_project_admin or "
"(rule:secret_project_member and rule:secret_owner) or " "(rule:secret_project_member and rule:secret_owner) or "
"(rule:secret_project_member and rule:secret_is_not_private))"), "(rule:secret_project_member and rule:secret_is_not_private))"),
scope_types=['project'], scope_types=['project'],