969309ffae
From: https://review.openstack.org/#/c/309346/ " I investigated the behaviour of the policy file when various policies are removed. A completely empty policy file will return a 403 Forbidden. As the user will not match with any of the policies. However, because glance has the policy ``default: ""``. It means that any policy that is not explicitly stated in the the policy.json, is by default usable by any member. I think that the ``default`` option is a potentially bad thing to have in the policy.json file, due to the ability to give permissions without explicitly stating it. " Therefore we should change ``"default": "",`` to ``"default": "role:admin",``. To make sure that members don't inherit policies that they shouldn't in the future. From a operators perspective it should be more secure to have an opt-in rather than opt-out. Change-Id: I57f9d4791126360079a941c1ff4cb2bbb86298d5 Closes-Bug: 1593177
7 lines
206 B
YAML
7 lines
206 B
YAML
---
|
|
upgrade:
|
|
- The ``default`` policy in ``policy.json`` now uses the
|
|
admin role rather than any role. This is to make the
|
|
policy file restrictive rather than permissive and
|
|
tighten security.
|