From e7c7a2851e08aa64ca95ba7cb8c02516febdb311 Mon Sep 17 00:00:00 2001
From: Ghanshyam Mann <gmann@ghanshyammann.com>
Date: Thu, 29 Oct 2020 12:20:17 -0500
Subject: [PATCH] Modify glance's copy_image permission for
 nova-ceph-multistore

nova-ceph-multistore setup needs non-admin users to copy the image.
To allow that glance's policy was overriden to allow public
images to copy. This restriction again can cause issue if there
is any new copy image tempest test try to copy private image with
admin users.
- https://review.opendev.org/#/c/742546/

Let's allow everyone to copy every image to make it work
for all type of test credentials.

Change-Id: Ia65afdfb8989909441dba55faeed2d78cc7f1ee7
---
 playbooks/ceph/glance-copy-policy.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/playbooks/ceph/glance-copy-policy.yaml b/playbooks/ceph/glance-copy-policy.yaml
index 3e9f7f0201e6..2b9d25fc502f 100644
--- a/playbooks/ceph/glance-copy-policy.yaml
+++ b/playbooks/ceph/glance-copy-policy.yaml
@@ -7,4 +7,8 @@
         create: True
         mode: 0777
         block: |
-          echo $'{"copy_image": "\'public\':%(visibility)s"}' > /etc/glance/policy.json
+          # This policy is default to admin only in glance. Override
+          # here to allow everyone and every type of image (private
+          # or public) to copy. This way we will be able to test copy
+          # image via non-admin as well as on private images.
+          echo $'{"copy_image": ""}' > /etc/glance/policy.json