From 0a2561748319cb5a787c1ec8e55e6d8ef38c4812 Mon Sep 17 00:00:00 2001 From: Harry Rybacki Date: Fri, 15 Jun 2018 12:10:34 -0400 Subject: [PATCH] Ensure orders policy-in-code matches controller Policy-in-code for orders API did not map properly to orders controller. Moved `ordeR:put` rule to `orderS:put` to all in line with what is expected. Change-Id: I18fc3e9d2772e3f9813aad2a79e8864cf0511abf --- barbican/common/policies/orders.py | 4 ++-- ...ap-policy-to-match-controller-1673ec7c88235227.yaml | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/remap-policy-to-match-controller-1673ec7c88235227.yaml diff --git a/barbican/common/policies/orders.py b/barbican/common/policies/orders.py index 0772ad2e4..77ff8c3b4 100644 --- a/barbican/common/policies/orders.py +++ b/barbican/common/policies/orders.py @@ -18,10 +18,10 @@ rules = [ 'rule:admin_or_creator'), policy.RuleDefault('orders:get', 'rule:all_but_audit'), + policy.RuleDefault('orders:put', + 'rule:admin_or_creator'), policy.RuleDefault('order:get', 'rule:all_users'), - policy.RuleDefault('order:put', - 'rule:admin_or_creator'), policy.RuleDefault('order:delete', 'rule:admin'), ] diff --git a/releasenotes/notes/remap-policy-to-match-controller-1673ec7c88235227.yaml b/releasenotes/notes/remap-policy-to-match-controller-1673ec7c88235227.yaml new file mode 100644 index 000000000..e9f999654 --- /dev/null +++ b/releasenotes/notes/remap-policy-to-match-controller-1673ec7c88235227.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + Remap the `order:put` to `orders:put` to align with language in the orders + controller. +upgrade: + - | + (For deployments overriding default policies) After upgrading, please review + Barbican policy files and ensure that you port any rules tied to `order:put` + are remapped to `orders:put`.