"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "barbican/common/policies/secretstores.py" between
barbican-11.0.0.tar.gz and barbican-12.0.0.tar.gz

About: OpenStack Barbican is the OpenStack Key Manager service. It provides secure storage, provisioning and management of secret data.
The "Wallaby" series (latest release).

secretstores.py  (barbican-11.0.0):secretstores.py  (barbican-12.0.0)
skipping to change at line 15 skipping to change at line 15
# http://www.apache.org/licenses/LICENSE-2.0 # http://www.apache.org/licenses/LICENSE-2.0
# #
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
from oslo_policy import policy from oslo_policy import policy
_READER = "role:reader"
rules = [ rules = [
policy.DocumentedRuleDefault( policy.DocumentedRuleDefault(
name='secretstores:get', name='secretstores:get',
check_str='rule:admin', check_str=f'rule:all_users or {_READER}',
scope_types=[], scope_types=['project', 'system'],
description='Get list of available secret store backends.', description='Get list of available secret store backends.',
operations=[ operations=[
{ {
'path': '/v1/secret-stores', 'path': '/v1/secret-stores',
'method': 'GET' 'method': 'GET'
} }
] ]
), ),
policy.DocumentedRuleDefault( policy.DocumentedRuleDefault(
name='secretstores:get_global_default', name='secretstores:get_global_default',
check_str='rule:admin', check_str=f'rule:all_users or {_READER}',
scope_types=[], scope_types=['project', 'system'],
description='Get a reference to the secret store that is used as ' + description='Get a reference to the secret store that is used as ' +
'default secret store backend for the deployment.', 'default secret store backend for the deployment.',
operations=[ operations=[
{ {
'path': '/v1/secret-stores/global-default', 'path': '/v1/secret-stores/global-default',
'method': 'GET' 'method': 'GET'
} }
] ]
), ),
policy.DocumentedRuleDefault( policy.DocumentedRuleDefault(
name='secretstores:get_preferred', name='secretstores:get_preferred',
check_str='rule:admin', check_str=f'rule:all_users or {_READER}',
scope_types=[], scope_types=['project', 'system'],
description='Get a reference to the preferred secret store if ' + description='Get a reference to the preferred secret store if ' +
'assigned previously.', 'assigned previously.',
operations=[ operations=[
{ {
'path': '/v1/secret-stores/preferred', 'path': '/v1/secret-stores/preferred',
'method': 'GET' 'method': 'GET'
} }
] ]
), ),
policy.DocumentedRuleDefault( policy.DocumentedRuleDefault(
name='secretstore_preferred:post', name='secretstore_preferred:post',
check_str='rule:admin', check_str='rule:admin',
scope_types=[], scope_types=['project'],
description='Set a secret store backend to be preferred store ' + description='Set a secret store backend to be preferred store ' +
'backend for their project.', 'backend for their project.',
operations=[ operations=[
{ {
'path': '/v1/secret-stores/{ss-id}/preferred', 'path': '/v1/secret-stores/{ss-id}/preferred',
'method': 'POST' 'method': 'POST'
} }
] ]
), ),
policy.DocumentedRuleDefault( policy.DocumentedRuleDefault(
name='secretstore_preferred:delete', name='secretstore_preferred:delete',
check_str='rule:admin', check_str='rule:admin',
scope_types=[], scope_types=['project'],
description='Remove preferred secret store backend setting for ' + description='Remove preferred secret store backend setting for ' +
'their project.', 'their project.',
operations=[ operations=[
{ {
'path': '/v1/secret-stores/{ss-id}/preferred', 'path': '/v1/secret-stores/{ss-id}/preferred',
'method': 'DELETE' 'method': 'DELETE'
} }
] ]
), ),
policy.DocumentedRuleDefault( policy.DocumentedRuleDefault(
name='secretstore:get', name='secretstore:get',
check_str='rule:admin', check_str=f'rule:all_users or {_READER}',
scope_types=[], scope_types=['project', 'system'],
description='Get details of secret store by its ID.', description='Get details of secret store by its ID.',
operations=[ operations=[
{ {
'path': '/v1/secret-stores/{ss-id}', 'path': '/v1/secret-stores/{ss-id}',
'method': 'GET' 'method': 'GET'
} }
] ]
), ),
] ]
 End of changes. 7 change blocks. 
10 lines changed or deleted 12 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)