Public bug reported: Several APIs in glance use a pattern where an image is fetched from the backend before performing an operation, updating an image for example.
The API code for updating an image calls the image repository, which ultimately enforces the policy for get_image [0][1]. This can be confusing for operators modifying the policy for modify_image and wondering why it hasn't taken effect if the get_image policy short- circuits the operation. [0] https://github.com/openstack/glance/blob/master/glance/api/v2/images.py#L445 [2] https://github.com/openstack/glance/blob/master/glance/api/policy.py#L123-L124 ** Affects: glance Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1915582 Title: Nested policy enforcement is confusing to end users and operators Status in Glance: New Bug description: Several APIs in glance use a pattern where an image is fetched from the backend before performing an operation, updating an image for example. The API code for updating an image calls the image repository, which ultimately enforces the policy for get_image [0][1]. This can be confusing for operators modifying the policy for modify_image and wondering why it hasn't taken effect if the get_image policy short- circuits the operation. [0] https://github.com/openstack/glance/blob/master/glance/api/v2/images.py#L445 [2] https://github.com/openstack/glance/blob/master/glance/api/policy.py#L123-L124 To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1915582/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
