openstack/glance

Go to file

Ian Cordasco b159aa8b64 Pass a real image target to the policy enforcer

Previously, every call to policy.enforce passed an empty dictionary as
the target. This prevents operators from using tenant specific
restrictions in their policy.json files since the target will always be
an empty dictionary.

If you try to restrict some actions so an image owner (users with the
correct tenant id) can perform actions, the check categorically fails
because the target is okay is an empty dictionary. By passing the
ImageTarget instance wrapping an Image, we can properly grant access to
the image owner(s) based on tenant (e.g., owner:%(tenant)). Without this
fix, the only check that actually works in glance is a RoleCheck (e.g.,
role:admin).

Partial-bug: 1346648
Implements: blueprint pass-targets-to-policy-enforcer
Change-Id: Id914c478ca7c4dfde3f08028d8b70c623f26b6e9

2015-03-12 01:16:44 +00:00

Pass a real image target to the policy enforcer

2015-03-12 01:16:44 +00:00

Merge "Eventlet green threads not released back to pool"

2015-03-09 22:35:21 +00:00

Pass a real image target to the policy enforcer

2015-03-12 01:16:44 +00:00

Update rally-jobs files

2014-11-25 01:18:12 +04:00

Move from oslo.config to oslo_config

2015-01-12 14:34:22 +00:00

.coveragerc

Update .coveragerc

2013-02-06 16:47:06 +02:00

.gitignore

Prevents swap files from being found by Git

2015-02-19 07:59:34 -08:00

.gitreview

Add .gitreview config file for gerrit.

2011-10-24 11:02:16 -04:00

.mailmap

Add a mailmap entry for myself

2014-02-11 12:00:44 +08:00

.testr.conf

Switch to testrepository for running tests

2014-01-29 08:30:55 +08:00

babel.cfg

Added first step of babel-based translations.

2012-02-28 02:00:37 -08:00

CONTRIBUTING.rst

Workflow documentation is now in infra-manual

2014-12-05 03:30:36 +00:00

HACKING.rst

Replace '_' with '_LI', '_LE', '_LW', '_LC'

2014-12-19 02:34:55 -08:00

LICENSE

Add a LICENSE file.

2012-01-03 10:14:01 -05:00

MANIFEST.in

Update version code from oslo.

2013-01-13 14:27:48 -08:00

openstack-common.conf

Synchronising oslo-incubator service module

2015-02-25 04:19:03 -08:00

pylintrc

Packaging fixups

2010-10-21 15:51:44 -04:00

README.rst

Fix rendering of readme document

2015-01-07 11:07:06 +00:00

requirements.txt

Merge "Updated from global requirements"

2015-03-10 03:33:16 +00:00

run_tests.sh

Provide a quick way to run flake8

2014-12-29 02:15:36 -05:00

setup.cfg

Remove Python 2.6 classifier

2014-11-25 17:00:14 +01:00

setup.py

Updated from global requirements

2014-06-19 13:54:45 -04:00

test-requirements.txt

Switch to mox3

2015-01-26 10:59:26 +01:00

tox.ini

Merge "Work toward Python 3.4 support and testing"

2015-02-06 21:55:19 +00:00

README.rst

Glance

Glance is a project that defines services for discovering, registering, retrieving and storing virtual machine images.

Use the following resources to learn more: