Reviewed: https://review.openstack.org/330443
Committed:
https://git.openstack.org/cgit/openstack/glance/commit/?id=969309ffae15a56474e5a66100979a6bd76c356f
Submitter: Jenkins
Branch: master
commit 969309ffae15a56474e5a66100979a6bd76c356f
Author: Niall Bunting <niall.bunt...@hpe.com>
Date: Thu Jun 16 10:30:52 2016 +0000
Change default policy to admin
From: https://review.openstack.org/#/c/309346/
"
I investigated the behaviour of the policy file when various policies
are removed.
A completely empty policy file will return a 403 Forbidden. As the user
will not match with any of the policies.
However, because glance has the policy ``default: ""``. It means that
any policy that is not explicitly stated in the the policy.json, is
by default usable by any member. I think that the ``default`` option
is a potentially bad thing to have in the policy.json file, due to the
ability to give permissions without explicitly stating it.
"
Therefore we should change ``"default": "",`` to ``"default":
"role:admin",``. To make sure that members don't inherit policies that
they shouldn't in the future. From a operators perspective it should be
more secure to have an opt-in rather than opt-out.
Change-Id: I57f9d4791126360079a941c1ff4cb2bbb86298d5
Closes-Bug: 1593177
** Changed in: glance
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1593177
Title:
The default policy should be admin
Status in Glance:
Fix Released
Bug description:
From: https://review.openstack.org/#/c/309346/
"
I investigated the behaviour of the policy file when various policies are
removed.
A completely empty policy file will return a 403 Forbidden. As the
user will not match with any of the policies.
However, because glance has the policy ``default: ""``. It means that any
policy that is not explicitly stated in the the policy.json, is by default
usable by any member. I think that the ``default`` option is a potentially bad
thing to have in the policy.json file, due to the ability to give permissions
without explicitly stating it.
"
Therefore we should change ``"default": "",`` to ``"default":
"role:admin",``. To make sure that members don't inherit policies that they
shouldn't in the future. From a operators perspective it should be more secure
to have an opt-in rather than opt-out.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1593177/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
