On Mon, Jan 20, 2014 at 6:02 AM, Tom Leaman <t...@tomleaman.co.uk> wrote:
> I'm looking at a possible bug here but I just want to confirm > that I'm not missing something obvious. > > I'm currently working with Devstack on Ubuntu 12.04 LTS > > Once Devstack is up and running, I'm creating a file > /etc/glance/property-protections.conf as follows: > > [^foo_property$] > create = @ > read = @ > update = admin > delete = admin > > [.*] > create = @ > read = @ > update = @ > delete = @ > > I'm then referencing this in my glance-api.conf and restarting the glance > api service. > > My understanding is that, as the demo user (which does not have the admin > role), I should > be able to set foo_property='some_value' but once set, I should not be > able to modify or delete it > which I currently am able to do. > > I have tried changing the various operations to '!' and confirmed that > those will prevent me from > executing those operations (returning 403 as expected). I've also double > checked that the demo user > has not somehow acquired the admin role. > > Tom > > I'm seeing the same behavior. I'll keep digging, but meanwhile would you be so kind as to file a bug (if you haven't already!) Thanks so much for pointing this out. > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
