glance/source at b159aa8b644338360f6e90d34af40a662246fe47 - glance - OpenDev: Free Software Needs Free Tools

openstack/glance

History

Ian Cordasco b159aa8b64 Pass a real image target to the policy enforcer

Previously, every call to policy.enforce passed an empty dictionary as
the target. This prevents operators from using tenant specific
restrictions in their policy.json files since the target will always be
an empty dictionary.

If you try to restrict some actions so an image owner (users with the
correct tenant id) can perform actions, the check categorically fails
because the target is okay is an empty dictionary. By passing the
ImageTarget instance wrapping an Image, we can properly grant access to
the image owner(s) based on tenant (e.g., owner:%(tenant)). Without this
fix, the only check that actually works in glance is a RoleCheck (e.g.,
role:admin).

Partial-bug: 1346648
Implements: blueprint pass-targets-to-policy-enforcer
Change-Id: Id914c478ca7c4dfde3f08028d8b70c623f26b6e9

2015-03-12 01:16:44 +00:00

..

Adding an image status transition diagram for dev doc

2013-11-25 13:13:56 +08:00

Adding an image status transition diagram for dev doc

2013-11-25 13:13:56 +08:00

Generate glance-manage.conf

2014-12-18 10:23:32 -06:00

authentication.rst

Adjust authentication.rst doc to reference "identity_uri"

2014-10-11 20:56:36 +01:00

cache.rst

Add detail description of image_cache_max_size

2015-02-07 09:00:47 +09:00

common-image-properties.rst

Fix doc formatting issue

2013-07-05 16:10:21 -04:00

conf.py

Stop using intersphinx

2014-09-12 22:47:21 +02:00

configuring.rst

Merge "Eventlet green threads not released back to pool"

2015-03-09 22:35:21 +00:00

controllingservers.rst

Update documentation surrounding the api and registry servers

2014-06-18 09:29:28 -05:00

db.rst

glance-manage should work like nova-manage

2013-11-06 14:59:33 +05:30

formats.rst

Add the OVA container format

2014-03-03 19:44:21 -08:00

glanceapi.rst

Sync glance docs with metadefs api changes

2014-09-10 10:48:38 -07:00

glanceclient.rst

Updates OpenStack LLC with OpenStack Foundation

2013-02-17 19:19:43 -08:00

glancemetadefcatalogapi.rst

Sync glance docs with metadefs api changes

2014-09-10 10:48:38 -07:00

identifiers.rst

Updates OpenStack LLC with OpenStack Foundation

2013-02-17 19:19:43 -08:00

index.rst

Include Metadata Defs Concepts in Dev Docs

2014-09-29 15:49:41 -06:00

installing.rst

Merge "Adds openSUSE in the installing documentation"

2015-03-09 22:36:16 +00:00

metadefs-concepts.rst

Include Metadata Defs Concepts in Dev Docs

2014-09-29 15:49:41 -06:00

notifications.rst

notifier: remove notifier_strategy compat support

2014-06-16 21:36:46 +01:00

policies.rst

Pass a real image target to the policy enforcer

2015-03-12 01:16:44 +00:00

property-protections.rst

Consider @,! in properties protection rule as a configuration error

2014-01-07 14:06:24 +00:00

statuses.rst

Fix document issue of image recover status

2015-01-05 15:41:36 +13:00