f8551de8c9
This restricts all metadef resource manipulation to admin-only, but still allow users to see everything. There are multiple low-grade security issues with the metadef API, detailed in the related bug. Restricting resource manipulation to admin-only solves most of these concerns. SecurityImpact Depends-On: https://review.opendev.org/c/openstack/tempest/+/780108 Change-Id: I333c58e73c202c1f523030e54e03f2868459b595 Related-Bug: #1916926
10 lines
347 B
YAML
10 lines
347 B
YAML
---
|
|
security:
|
|
- |
|
|
The default policy for the `metadef` API has changed from "open to
|
|
everyone" to "only admins can create and modify resources". We
|
|
believe that this is by far the most common use-case and the only
|
|
sane default. See Bug 1916926_ for more details.
|
|
|
|
.. _1916926: https://bugs.launchpad.net/glance/+bug/1916926/
|