Comment 6 for bug 1519170
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to barbican (master) | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: master
commit 38ecf5b51fef129
Author: Pan <email address hidden>
Date: Thu Aug 25 12:56:07 2016 -0400
Remove consumer check for project_id to match containers
I believe this is the correct behavior, as it would match how
containers handles these operations. This change facilitates
the LBaaS Barbican TLS workflow (which should be the same as
what other services will use in the future too).
The RBAC settings for consumer POST should be set to
use the same ACL rules as container GET (plus admin).
The RBAC settings for consumer DELETE should be:
* Any user with Delete permissions on the Container
* Any user that both: has ACL Read access to the Container; is a member
of the project that created the Consumer being deleted
Change-Id: Ie8478457389393
Closes-Bug: #1519170