Public bug reported: API calls in glance.api.v1.images call the _enforce() helper method for various actions: "create_image", "update_image", "delete_image", etc. but do not pass the image as the target for the policy check. [1]
This means that you cannot provide access to these APIs on a per-object basis. Furthermore it is inconsistent with the way other projects handle policy checks. [1] https://github.com/openstack/glance/blob/master/glance/api/v1/images.py#L154 ** Affects: glance Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1346648 Title: glance v1 API missing target for policy checks Status in OpenStack Image Registry and Delivery Service (Glance): New Bug description: API calls in glance.api.v1.images call the _enforce() helper method for various actions: "create_image", "update_image", "delete_image", etc. but do not pass the image as the target for the policy check. [1] This means that you cannot provide access to these APIs on a per- object basis. Furthermore it is inconsistent with the way other projects handle policy checks. [1] https://github.com/openstack/glance/blob/master/glance/api/v1/images.py#L154 To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1346648/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
