Merge "barbican: fix values overrides for stein and ocata"

2020-01-25 20:16:44 +00:00 · 2020-01-25 20:16:44 +00:00 · 91fb5219aa
commit 91fb5219aa
parent 1258061410 2cb3d41544
5 changed files with 24 additions and 4 deletions
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@ -322,14 +322,10 @@ conf:
    admin_or_creator: rule:admin or rule:creator
    all_but_audit: rule:admin or rule:observer or rule:creator
    all_users: rule:admin or rule:observer or rule:creator or rule:audit or rule:service_admin
-    secret_project_match: project:%(target.secret.project_id)s
    secret_acl_read: "'read':%(target.secret.read)s"
    secret_private_read: "'False':%(target.secret.read_project_access)s"
-    secret_creator_user: user:%(target.secret.creator_id)s
-    container_project_match: project:%(target.container.project_id)s
    container_acl_read: "'read':%(target.container.read)s"
    container_private_read: "'False':%(target.container.read_project_access)s"
-    container_creator_user: user:%(target.container.creator_id)s
    secret_non_private_read: rule:all_users and rule:secret_project_match and not rule:secret_private_read
    secret_decrypt_non_private_read: rule:all_but_audit and rule:secret_project_match
      and not rule:secret_private_read
--- a/barbican/values_overrides/ocata.yaml
+++ b/barbican/values_overrides/ocata.yaml
@ -0,0 +1,6 @@
+conf:
+  policy:
+    secret_project_match: project:%(target.secret.project_id)s
+    secret_creator_user: user:%(target.secret.creator_id)s
+    container_project_match: project:%(target.container.project_id)s
+    container_creator_user: user:%(target.container.creator_id)s
--- a/barbican/values_overrides/pike.yaml
+++ b/barbican/values_overrides/pike.yaml
@ -0,0 +1,6 @@
+conf:
+  policy:
+    secret_project_match: project:%(target.secret.project_id)s
+    secret_creator_user: user:%(target.secret.creator_id)s
+    container_project_match: project:%(target.container.project_id)s
+    container_creator_user: user:%(target.container.creator_id)s
--- a/barbican/values_overrides/queens.yaml
+++ b/barbican/values_overrides/queens.yaml
@ -0,0 +1,6 @@
+conf:
+  policy:
+    secret_project_match: project:%(target.secret.project_id)s
+    secret_creator_user: user:%(target.secret.creator_id)s
+    container_project_match: project:%(target.container.project_id)s
+    container_creator_user: user:%(target.container.creator_id)s
--- a/barbican/values_overrides/rocky.yaml
+++ b/barbican/values_overrides/rocky.yaml
@ -0,0 +1,6 @@
+conf:
+  policy:
+    secret_project_match: project:%(target.secret.project_id)s
+    secret_creator_user: user:%(target.secret.creator_id)s
+    container_project_match: project:%(target.container.project_id)s
+    container_creator_user: user:%(target.container.creator_id)s