interoperable image import requires exposing the tasks api
Bug #1711468 reported by
Brian Rosmaita
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
Critical
|
Brian Rosmaita |
Bug Description
The Tasks API was made admin-only in Mitaka by changing the get_task, get_tasks, add_task, and modify_task policies to require "role:admin" by default. The interoperable image import process introduced in Pike requires an ordinary user to have (at least) the add_task permission (although the user does not create the task directly, and in fact, should have no knowledge that a task is being used behind the scenes to do the image import).
We need a way to allow non-admin credentials to manipulate tasks, but not allow access to tasks directly via the Tasks API.
It would be nice to get this resolved in Pike. Otherwise operators may not want to try out the interoperable image import.
Changed in glance: | |
assignee: | nobody → Brian Rosmaita (brian-rosmaita) |
importance: | Undecided → Critical |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/494732
Review: https:/