From 96169ab5a0e91f8ed506429b079358b540a4c405 Mon Sep 17 00:00:00 2001
From: Aaron Rosen <aaronorosen@gmail.com>
Date: Wed, 7 May 2014 17:49:04 -0700
Subject: [PATCH] make uploading an image as public admin only by default

Uploading an image with --is-public=True should by default only be allowed
by an admin tenant. Allowing anyone to upload an image as is_public is likely
a security concern. This changes the previous default behavior glance had
of allowing anyone to upload an image as is_public previously by default.

DocImpact
Closes-bug: 1317314

Change-Id: I60d2257115e9207e09b50d9f950076b7fe8237d7
---
 etc/policy.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/policy.json b/etc/policy.json
index d8f0a78cb6..8b7e6871dd 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -7,7 +7,7 @@
     "get_image": "",
     "get_images": "",
     "modify_image": "",
-    "publicize_image": "",
+    "publicize_image": "role:admin",
     "copy_from": "",
 
     "download_image": "",