Make some metadef operations admin-only

This restricts all metadef resource manipulation to admin-only, but still allow users to see everything. There are multiple low-grade security issues with the metadef API, detailed in the related bug. Restricting resource manipulation to admin-only solves most of these concerns. SecurityImpact Depends-On: https://review.opendev.org/c/openstack/tempest/+/780108 Change-Id: I333c58e73c202c1f523030e54e03f2868459b595 Related-Bug: #1916926
author: Abhishek Kekane <akekane@redhat.com> 2021-03-09 09:45:58 +0000
committer: Dan Smith <dansmith@redhat.com> 2021-03-15 07:59:05 -0700
commit: f8551de8c9d660be3d6820918c1aaab0d235c98d (patch)
tree: 9e66c8fd6ece11303a7ff19af64a8d8a98fa0d48 /api-ref
parent: 50cd037bcd04a2996dada2f65bcbbc40d89d9ddb (diff)
download: glance-f8551de8c9d660be3d6820918c1aaab0d235c98d.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/api-ref/source/v2/metadefs-index.rst b/api-ref/source/v2/metadefs-index.rst
index a00f22c1e..a1f2d8430 100644
--- a/api-ref/source/v2/metadefs-index.rst
+++ b/api-ref/source/v2/metadefs-index.rst
@@ -55,6 +55,10 @@ constraints, and the resource types to which it can be associated.  See
 <http://docs.openstack.org/developer/glance/metadefs-concepts.html>`_ in the
 Glance Developer documentation for more information.
 
+.. note:: By default, only admins can manipulate the data exposed by
+          this API, but all users may list and show public
+          resources. This changed from a default of "open to all" in
+          the Wallaby release.
 
 .. include:: metadefs-namespaces.inc
 .. include:: metadefs-resourcetypes.inc
author	Abhishek Kekane <akekane@redhat.com>	2021-03-09 09:45:58 +0000
committer	Dan Smith <dansmith@redhat.com>	2021-03-15 07:59:05 -0700
commit	f8551de8c9d660be3d6820918c1aaab0d235c98d (patch)
tree	9e66c8fd6ece11303a7ff19af64a8d8a98fa0d48 /api-ref
parent	50cd037bcd04a2996dada2f65bcbbc40d89d9ddb (diff)
download	glance-f8551de8c9d660be3d6820918c1aaab0d235c98d.tar.gz