Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Partial fingerprint fails OpenFGA access check #249

Closed
stgraber opened this issue Nov 29, 2023 · 2 comments
Closed

Partial fingerprint fails OpenFGA access check #249

stgraber opened this issue Nov 29, 2023 · 2 comments
Assignees
@stgraber
Labels
Bug Confirmed to be a bug Easy Good for new contributors

Comments

@stgraber
Copy link
Member 

stgraber@castiana:~$ incus config trust show 6869d3aab3ed
Error: User does not have entitlement "can_view" on object "certificate:6869d3aab3ed"
stgraber@castiana:~$ incus config trust show 6869d3aab3edd9158b6143bda41d8fddad40ea91e64970af96f0dcb262f08db7
name: ansible-ovn-ic
type: client
restricted: true
projects:
- lab-ovn-ic
certificate: |
  -----BEGIN CERTIFICATE-----
  MIIB1DCCAVugAwIBAgIRANHZisOsLaQ+axTDP5eYHOcwCgYIKoZIzj0EAwMwMjEZ
  MBcGA1UEChMQTGludXggQ29udGFpbmVyczEVMBMGA1UEAwwMcm9vdEBhbnNpYmxl
  MB4XDTIzMTEyOTAzNTA0OVoXDTMzMTEyNjAzNTA0OVowMjEZMBcGA1UEChMQTGlu
  dXggQ29udGFpbmVyczEVMBMGA1UEAwwMcm9vdEBhbnNpYmxlMHYwEAYHKoZIzj0C
  AQYFK4EEACIDYgAEZ3WGhX+7ztrd8OHOr4meLJSAZE0y2/sAw4RUDwEcxdmETJSe
  xLXlTIiZSFhUsF5EokDKzE3P2+Hgfw7Itr+kldm7pOHx3kwYec2xHJ4zOsbKUS4B
  fB2ZpZZRm3G2t4E0ozUwMzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
  BQUHAwIwDAYDVR0TAQH/BAIwADAKBggqhkjOPQQDAwNnADBkAjAcLdqYwVYM204c
  AMHRHHDGzkK7AS0qA5eTgnnu7YYIMa8w3AHp0AVJZYal20eD8vkCMGd44jAdAFX9
  hGJ8ILYLjVDImCWOnTYEMj2TZRHAZokY9AXa+gdp/TXp6vztpOiQZA==
  -----END CERTIFICATE-----
fingerprint: 6869d3aab3edd9158b6143bda41d8fddad40ea91e64970af96f0dcb262f08db7
stgraber@castiana:~$

Expansion should be performed prior to access check in this case.
@stgraber stgraber added Bug Confirmed to be a bug Easy Good for new contributors labels Nov 29, 2023
@stgraber stgraber changed the title Partial certificate fingerprint fails OpenFGA access check Partial fingerprint fails OpenFGA access check Dec 4, 2023
@stgraber
Copy link
Member Author

stgraber commented Dec 4, 2023

This affects both certificates and images.

@stgraber stgraber self-assigned this Dec 4, 2023
@stgraber
Copy link
Member Author

stgraber commented Dec 4, 2023

Got a fix for that one

stgraber added a commit to stgraber/incus that referenced this issue Dec 4, 2023
@stgraber
incusd: Pass an expander to the authorizer
1aa25be 
Closes lxc#249

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
stgraber added a commit to stgraber/incus that referenced this issue Dec 4, 2023
@stgraber
incusd: Add expansion of image and certificate fingerprints
d0b1b92 
Closes lxc#249

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
stgraber added a commit to stgraber/incus that referenced this issue Dec 5, 2023
@stgraber
incusd: Add expansion of image and certificate fingerprints
052c836 
Closes lxc#249

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
stgraber added a commit to stgraber/incus that referenced this issue Dec 5, 2023
@stgraber
incusd: Add expansion of image and certificate fingerprints
0e1e62d 
Closes lxc#249

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
@tych0 tych0 closed this as completed in c4c246d Dec 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stgraber stgraber

Labels
Bug Confirmed to be a bug Easy Good for new contributors
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stgraber