Reviewed: https://review.openstack.org/330443 Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=969309ffae15a56474e5a66100979a6bd76c356f Submitter: Jenkins Branch: master
commit 969309ffae15a56474e5a66100979a6bd76c356f Author: Niall Bunting <niall.bunt...@hpe.com> Date: Thu Jun 16 10:30:52 2016 +0000 Change default policy to admin From: https://review.openstack.org/#/c/309346/ " I investigated the behaviour of the policy file when various policies are removed. A completely empty policy file will return a 403 Forbidden. As the user will not match with any of the policies. However, because glance has the policy ``default: ""``. It means that any policy that is not explicitly stated in the the policy.json, is by default usable by any member. I think that the ``default`` option is a potentially bad thing to have in the policy.json file, due to the ability to give permissions without explicitly stating it. " Therefore we should change ``"default": "",`` to ``"default": "role:admin",``. To make sure that members don't inherit policies that they shouldn't in the future. From a operators perspective it should be more secure to have an opt-in rather than opt-out. Change-Id: I57f9d4791126360079a941c1ff4cb2bbb86298d5 Closes-Bug: 1593177 ** Changed in: glance Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1593177 Title: The default policy should be admin Status in Glance: Fix Released Bug description: From: https://review.openstack.org/#/c/309346/ " I investigated the behaviour of the policy file when various policies are removed. A completely empty policy file will return a 403 Forbidden. As the user will not match with any of the policies. However, because glance has the policy ``default: ""``. It means that any policy that is not explicitly stated in the the policy.json, is by default usable by any member. I think that the ``default`` option is a potentially bad thing to have in the policy.json file, due to the ability to give permissions without explicitly stating it. " Therefore we should change ``"default": "",`` to ``"default": "role:admin",``. To make sure that members don't inherit policies that they shouldn't in the future. From a operators perspective it should be more secure to have an opt-in rather than opt-out. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1593177/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp