Policy checks for get_image, get_images not enforced when launching instances
Bug #1411239 reported by
Matthias Runge
This bug affects 3 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Dashboard (Horizon) |
In Progress
|
Medium
|
Unassigned | ||
Bug Description
I'm trying to prevent a user to boot from a glance image (for whatever reason)
I went ahead and changed glance_policy:
"get_image": "role:admin",
"get_images": "role:admin",
still a normal user can see and apparently boot from glance. Shouldn't that be prevented by policy checks?
Revision history for this message
| Matthias Runge (mrunge) wrote | #1 |
| Changed in horizon: | |
| assignee: | nobody → Wang Bo (chestack) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to horizon (master) | #2 |
| Changed in horizon: | |
| status: | New → In Progress |
Revision history for this message
| Wang Bo (chestack) wrote Re: policy checks for get_image, get_images not working | #3 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Change abandoned on horizon (master) | #4 |
Revision history for this message
| Gary W. Smith (gary-w-smith) wrote | #5 |
| summary: |
- policy checks for get_image, get_images not working + Policy checks for get_image, get_images not enforced when launching + instances |
| Changed in horizon: | |
| assignee: | Wang Bo (chestack) → nobody |
| status: | In Progress → New |
| importance: | Undecided → Medium |
| milestone: | none → next |
| Changed in horizon: | |
| assignee: | nobody → Marek Lyčka (mareklycka) |
| Changed in horizon: | |
| status: | New → In Progress |
| Changed in horizon: | |
| assignee: | Marek Lyčka (mareklycka) → nobody |
To post a comment you must log in.
project/images still shows up the list of images.