acl get policy breaks octavia and not working as expected
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Barbican |
New
|
Undecided
|
Douglas Mendizábal |
Bug Description
Steps to produce.
env
Barbican 2024.1 with enforce_
2 users in the same project with member role each
user 1: create a secret with default acl eg. {"read": {"project-access": true}
user 2: can decrypt secret but can't read the acl (openstack acl get)
The policy is:
"True:%
Which should allow user 2 to read as the acl however a 403 is returned
The rule:secret_
This is an issue as when creating a octavia listener with a barbican secret it will fail as octavia attempts to GET the acl
Changed in barbican: | |
assignee: | nobody → Douglas Mendizábal (dougmendizabal) |
Should also mention this also affects the secret_ acls:put_ patch and secret_acls:delete rules too which needs to change to allow octavia to work.