Most of Glance's current checks are implemented in the API controllers
but in Kilo, Glance added the ability to actually define meaningful
policy rules around images and image members. In an effort to harden
our default config as best as we can, we should check to see if the
user trying to perform some of these actions are either an admin or the
owner of the image.
Reviewed: https:/ /review. openstack. org/178429 /git.openstack. org/cgit/ stackforge/ os-ansible- deployment/ commit/ ?id=8bebbc6e530 efe26c98f396b24 c0ea00971093d3
Committed: https:/
Submitter: Jenkins
Branch: master
commit 8bebbc6e530efe2 6c98f396b24c0ea 00971093d3
Author: Ian Cordasco <email address hidden>
Date: Tue Apr 28 16:48:11 2015 -0500
Harden our copy of Glance's policy
Most of Glance's current checks are implemented in the API controllers
but in Kilo, Glance added the ability to actually define meaningful
policy rules around images and image members. In an effort to harden
our default config as best as we can, we should check to see if the
user trying to perform some of these actions are either an admin or the
owner of the image.
Change-Id: I2dcf4d828c9be8 8143174de30a6b5 9d655ab0539
Closes-bug: 1408363