diff options
author | Abhishek Kekane <akekane@redhat.com> | 2021-03-09 09:45:58 +0000 |
---|---|---|
committer | Dan Smith <dansmith@redhat.com> | 2021-03-15 07:59:05 -0700 |
commit | f8551de8c9d660be3d6820918c1aaab0d235c98d (patch) | |
tree | 9e66c8fd6ece11303a7ff19af64a8d8a98fa0d48 /api-ref | |
parent | 50cd037bcd04a2996dada2f65bcbbc40d89d9ddb (diff) | |
download | glance-f8551de8c9d660be3d6820918c1aaab0d235c98d.tar.gz |
Make some metadef operations admin-only
This restricts all metadef resource manipulation to admin-only, but
still allow users to see everything. There are multiple low-grade
security issues with the metadef API, detailed in the related bug.
Restricting resource manipulation to admin-only solves most of these
concerns.
SecurityImpact
Depends-On: https://review.opendev.org/c/openstack/tempest/+/780108
Change-Id: I333c58e73c202c1f523030e54e03f2868459b595
Related-Bug: #1916926
Diffstat (limited to 'api-ref')
-rw-r--r-- | api-ref/source/v2/metadefs-index.rst | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/api-ref/source/v2/metadefs-index.rst b/api-ref/source/v2/metadefs-index.rst index a00f22c1e..a1f2d8430 100644 --- a/api-ref/source/v2/metadefs-index.rst +++ b/api-ref/source/v2/metadefs-index.rst @@ -55,6 +55,10 @@ constraints, and the resource types to which it can be associated. See <http://docs.openstack.org/developer/glance/metadefs-concepts.html>`_ in the Glance Developer documentation for more information. +.. note:: By default, only admins can manipulate the data exposed by + this API, but all users may list and show public + resources. This changed from a default of "open to all" in + the Wallaby release. .. include:: metadefs-namespaces.inc .. include:: metadefs-resourcetypes.inc |