"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "barbican/api/controllers/__init__.py" between
barbican-11.0.0.tar.gz and barbican-12.0.0.tar.gz

About: OpenStack Barbican is the OpenStack Key Manager service. It provides secure storage, provisioning and management of secret data.
The "Wallaby" series (latest release).

__init__.py  (barbican-11.0.0):__init__.py  (barbican-12.0.0)
skipping to change at line 12 skipping to change at line 12
# not use this file except in compliance with the License. You may obtain # not use this file except in compliance with the License. You may obtain
# a copy of the License at # a copy of the License at
# #
# http://www.apache.org/licenses/LICENSE-2.0 # http://www.apache.org/licenses/LICENSE-2.0
# #
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import collections
import collections.abc
from oslo_policy import policy from oslo_policy import policy
import pecan import pecan
from webob import exc from webob import exc
from barbican import api from barbican import api
from barbican.common import accept from barbican.common import accept
from barbican.common import utils from barbican.common import utils
from barbican import i18n as u from barbican import i18n as u
skipping to change at line 158 skipping to change at line 159
def flatten(d, parent_key=''): def flatten(d, parent_key=''):
"""Flatten a nested dictionary """Flatten a nested dictionary
Converts a dictionary with nested values to a single level flat Converts a dictionary with nested values to a single level flat
dictionary, with dotted notation for each key. dictionary, with dotted notation for each key.
""" """
items = [] items = []
for k, v in d.items(): for k, v in d.items():
new_key = parent_key + '.' + k if parent_key else k new_key = parent_key + '.' + k if parent_key else k
if isinstance(v, collections.MutableMapping): if isinstance(v, collections.abc.MutableMapping):
items.extend(flatten(v, new_key).items()) items.extend(flatten(v, new_key).items())
else: else:
items.append((new_key, v)) items.append((new_key, v))
return dict(items) return dict(items)
class ACLMixin(object): class ACLMixin(object):
def get_acl_tuple(self, req, **kwargs): def get_acl_tuple(self, req, **kwargs):
return None, None return None, None
skipping to change at line 210 skipping to change at line 211
{'read_project_access': False, 'list_project_access': False } {'read_project_access': False, 'list_project_access': False }
""" """
ctxt = _get_barbican_context(req) ctxt = _get_barbican_context(req)
if not ctxt: if not ctxt:
return {} return {}
acl_dict = {acl.operation: acl.operation for acl in acl_list acl_dict = {acl.operation: acl.operation for acl in acl_list
if ctxt.user in acl.to_dict_fields().get('users', [])} if ctxt.user in acl.to_dict_fields().get('users', [])}
co_dict = {'%s_project_access' % acl.operation: acl.project_access for co_dict = {'%s_project_access' % acl.operation: acl.project_access for
acl in acl_list if acl.project_access is not None} acl in acl_list if acl.project_access is not None}
if not co_dict:
"""
The co_dict is empty when the entity (secret or container) has no
acls in its acl_list. This causes any policy with
"%(target.secret.read_project_access)s"
or
"%(target.container.read_project_access)s"
to always evaluate to False. This is probelmatic because we want
to allow project access by default (with additional role checks).
To work around this we allow read here.
When the entity has an acl, co_dict will use the value from the
database, and this if statement will be skipped.
"""
co_dict = {'read_project_access': True}
acl_dict.update(co_dict) acl_dict.update(co_dict)
return acl_dict return acl_dict
 End of changes. 3 change blocks. 
2 lines changed or deleted 20 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)