074f8f474b
Currently in order to list artifacts from all tenants, keyclock token must include 'admin' role. The same goes for getting artifact from different realms, or download blob of artifact from different realm. The following changes enable more flexbility: to list artifacts from all tenants, user can define artifact:list_all_artifacts in policy.yaml with his own choice for role. E.G. "artifact:list_all_artifacts": "role:su_role" ^ this will allow any user with role "su_role" to list artifacts from any realm. The same logic holds for getting artifact from other realm (get_any_artifact), or download blob from artifact in any realm (download_from_any_artifact) Change-Id: Iaaa7f4b366230e0c5e4bee136bcdf9d072d498d8 |
||
---|---|---|
.. | ||
__init__.py | ||
api.py | ||
models.py |