Add upload_image policy for glance v1 api
Bug #1254521 reported by
Iccha Sethi
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
Medium
|
Yanis Guenane |
Bug Description
Currently there exists no policy to control data uploads.
https:/
Changed in glance: | |
assignee: | nobody → Yanis Guenane (yanis-guenane) |
Changed in glance: | |
importance: | Undecided → Medium |
Changed in glance: | |
milestone: | none → icehouse-2 |
status: | Fix Committed → Fix Released |
Changed in glance: | |
milestone: | icehouse-2 → 2014.1 |
To post a comment you must log in.
There are 3 ways an upload image can be specified :
* location
* file
* copy-from
For file and location I agree that the upload_image policy should be applied. For the copy-from, not entirely.
--copy-from takes an <IMAGE_URL>, this will work only if the user has access to this URI, else the user will be presented with a 403 Forbidden.
Should we apply an upload_image policy also for copy-from, or strictly for location and file ?