Restrict users from downloading protected image
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-api-site |
Fix Released
|
Medium
|
Diane Fleming | ||
openstack-manuals |
Fix Released
|
Medium
|
Darren Chan |
Bug Description
https:/
commit 0656386e99b0c9e
Author: Abhishek Kekane <email address hidden>
Date: Wed Jun 4 13:55:06 2014 +0000
Restrict users from downloading protected image
Added new rule in policy.json and applied that rule to
'download_
For example,
"restricted": "not ('test_
"download_
So if 'download_image' policy is enforced then in above case only admin or
user who satisfies rule 'restricted' will able to download image. Other users
will not be able to download the image and will get 403 Forbidden response.
In addition, delete property access should be restricted for other users
so that they will not be able to delete the property of the image.
[test_key]
create = admin,member
read = admin,member,
update = admin,member
delete = admin,member
Added new method to create dictionary-like mashup of image core and custom
properties.
Modified v1 and v2 api to add download restriction.
Modified logic of caching to restrict download for v1 and v2 api.
DocImpact:
Need to add new rule in policy.json
"restricted": "not ('test_
blueprint: restrict-
Change-Id: I05bad044195215
Changed in openstack-manuals: | |
milestone: | none → juno |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in openstack-manuals: | |
assignee: | Anne Gentle (annegentle) → nobody |
Changed in openstack-manuals: | |
assignee: | nobody → Darren Chan (dazzachan) |
Needs to be added both to Cloud Admin Guide in openstack/ openstack- manuals and also indicated why they'd get a 403 in the Image API v1 and v2 docs in openstack/api-site.