If access to some attributes is forbidden (f.e. get_image_location
policy is set to role:admin and user is not admin) glance should
just exclude these attributes from image-show, image-list output
instead of generating Forbidden exception.
Otherwise, the policies such as get_image_location is not useful.
Reviewed: https:/ /review. openstack. org/233622 /git.openstack. org/cgit/ openstack/ glance/ commit/ ?id=f07f36fa378 9a4997b84639530 e5d6ab1c603983
Committed: https:/
Submitter: Jenkins
Branch: master
commit f07f36fa3789a49 97b84639530e5d6 ab1c603983
Author: kairat_kushaev <email address hidden>
Date: Mon Oct 12 15:56:58 2015 +0300
Allow image-list if access to attrs is forbidden
If access to some attributes is forbidden (f.e. get_image_location
policy is set to role:admin and user is not admin) glance should
just exclude these attributes from image-show, image-list output
instead of generating Forbidden exception.
Otherwise, the policies such as get_image_location is not useful.
APIImpact a1f7e9b3f1dac9d 7e10710d72a
SecurityImpact
Change-Id: I5a6f587086e926
Closes-bug: #1502136