yahoo-eng-team team mailing list archive

[Lance Bragstad <1915582@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Several APIs in glance use a pattern where an image is fetched from the
backend before performing an operation, updating an image for example.

The API code for updating an image calls the image repository, which
ultimately enforces the policy for get_image [0][1]. This can be
confusing for operators modifying the policy for modify_image and
wondering why it hasn't taken effect if the get_image policy short-
circuits the operation.

[0] https://github.com/openstack/glance/blob/master/glance/api/v2/images.py#L445
[2] https://github.com/openstack/glance/blob/master/glance/api/policy.py#L123-L124

** Affects: glance
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1915582

Title:
  Nested policy enforcement is confusing to end users and operators

Status in Glance:
  New

Bug description:
  Several APIs in glance use a pattern where an image is fetched from
  the backend before performing an operation, updating an image for
  example.

  The API code for updating an image calls the image repository, which
  ultimately enforces the policy for get_image [0][1]. This can be
  confusing for operators modifying the policy for modify_image and
  wondering why it hasn't taken effect if the get_image policy short-
  circuits the operation.

  [0] https://github.com/openstack/glance/blob/master/glance/api/v2/images.py#L445
  [2] https://github.com/openstack/glance/blob/master/glance/api/policy.py#L123-L124

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1915582/+subscriptions