[lxc-devel] [lxd/master] lxd/rbac: Fix checks by matching proper name
stgraber on Github
lxc-bot at linuxcontainers.org
Mon Dec 7 22:11:11 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 460 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201207/902be920/attachment.bin>
-------------- next part --------------
From 3a726c2472b875fb7be66a357d77f5796fdb1eab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 7 Dec 2020 17:10:29 -0500
Subject: [PATCH] lxd/rbac: Fix checks by matching proper name
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The data from RBAC uses resource IDs not project names, so we need to
map things through r.resources.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/rbac/server.go | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/lxd/rbac/server.go b/lxd/rbac/server.go
index 48c15569ea..7faeb1a949 100644
--- a/lxd/rbac/server.go
+++ b/lxd/rbac/server.go
@@ -332,7 +332,17 @@ func (r *Server) UserAccess(username string) (*UserAccess, error) {
continue
}
- access.Projects[k] = v
+ // Look for project name.
+ for projectName, resourceId := range r.resources {
+ if k != resourceId {
+ continue
+ }
+
+ access.Projects[projectName] = v
+ break
+ }
+
+ // Ignore unknown projects.
}
return &access, nil
More information about the lxc-devel
mailing list