yahoo-eng-team team mailing list archive

[Scott Devoid <devoid@xxxxxxx>]

Public bug reported:

API calls in glance.api.v1.images call the _enforce() helper method for
various actions: "create_image", "update_image", "delete_image", etc.
but do not pass the image as the target for the policy check. [1]

This means that you cannot provide access to these APIs on a per-object
basis. Furthermore it is inconsistent with the way other projects handle
policy checks.

[1]
https://github.com/openstack/glance/blob/master/glance/api/v1/images.py#L154

** Affects: glance
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1346648

Title:
  glance v1 API missing target for policy checks

Status in OpenStack Image Registry and Delivery Service (Glance):
  New

Bug description:
  API calls in glance.api.v1.images call the _enforce() helper method
  for various actions: "create_image", "update_image", "delete_image",
  etc. but do not pass the image as the target for the policy check. [1]

  This means that you cannot provide access to these APIs on a per-
  object basis. Furthermore it is inconsistent with the way other
  projects handle policy checks.

  [1]
  https://github.com/openstack/glance/blob/master/glance/api/v1/images.py#L154

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1346648/+subscriptions