commit 38ecf5b51fef1293e9c1d95d8110c50ae5997f28
Author: Pan <email address hidden>
Date: Thu Aug 25 12:56:07 2016 -0400
Remove consumer check for project_id to match containers
I believe this is the correct behavior, as it would match how
containers handles these operations. This change facilitates
the LBaaS Barbican TLS workflow (which should be the same as
what other services will use in the future too).
The RBAC settings for consumer POST should be set to
use the same ACL rules as container GET (plus admin).
The RBAC settings for consumer DELETE should be:
* Any user with Delete permissions on the Container
* Any user that both: has ACL Read access to the Container; is a member
of the project that created the Consumer being deleted
Reviewed: https:/ /review. openstack. org/251168 /git.openstack. org/cgit/ openstack/ barbican/ commit/ ?id=38ecf5b51fe f1293e9c1d95d81 10c50ae5997f28
Committed: https:/
Submitter: Jenkins
Branch: master
commit 38ecf5b51fef129 3e9c1d95d8110c5 0ae5997f28
Author: Pan <email address hidden>
Date: Thu Aug 25 12:56:07 2016 -0400
Remove consumer check for project_id to match containers
I believe this is the correct behavior, as it would match how
containers handles these operations. This change facilitates
the LBaaS Barbican TLS workflow (which should be the same as
what other services will use in the future too).
The RBAC settings for consumer POST should be set to
use the same ACL rules as container GET (plus admin).
The RBAC settings for consumer DELETE should be:
* Any user with Delete permissions on the Container
* Any user that both: has ACL Read access to the Container; is a member
of the project that created the Consumer being deleted
Change-Id: Ie8478457389393 4c2887814a200e7 386314b4f18
Closes-Bug: #1519170