Modify glance's copy_image permission for nova-ceph-multistore

nova-ceph-multistore setup needs non-admin users to copy the image. To allow that glance's policy was overriden to allow public images to copy. This restriction again can cause issue if there is any new copy image tempest test try to copy private image with admin users. - https://review.opendev.org/#/c/742546/ Let's allow everyone to copy every image to make it work for all type of test credentials. Change-Id: Ia65afdfb8989909441dba55faeed2d78cc7f1ee7
author: Ghanshyam Mann <gmann@ghanshyammann.com> 2020-10-29 12:20:17 -0500
committer: Ghanshyam Mann <gmann@ghanshyammann.com> 2020-10-29 12:20:17 -0500
commit: e7c7a2851e08aa64ca95ba7cb8c02516febdb311 (patch)
tree: 5e5673ce7866ec73b8c3841ac1fd23fe902fce4c
parent: 7dcc4cfea7da2ef1163e0a65618cb784f5159c6d (diff)
download: nova-e7c7a2851e08aa64ca95ba7cb8c02516febdb311.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/playbooks/ceph/glance-copy-policy.yaml b/playbooks/ceph/glance-copy-policy.yaml
index 3e9f7f0201..2b9d25fc50 100644
--- a/playbooks/ceph/glance-copy-policy.yaml
+++ b/playbooks/ceph/glance-copy-policy.yaml
@@ -7,4 +7,8 @@
         create: True
         mode: 0777
         block: |
-          echo $'{"copy_image": "\'public\':%(visibility)s"}' > /etc/glance/policy.json
+          # This policy is default to admin only in glance. Override
+          # here to allow everyone and every type of image (private
+          # or public) to copy. This way we will be able to test copy
+          # image via non-admin as well as on private images.
+          echo $'{"copy_image": ""}' > /etc/glance/policy.json
author	Ghanshyam Mann <gmann@ghanshyammann.com>	2020-10-29 12:20:17 -0500
committer	Ghanshyam Mann <gmann@ghanshyammann.com>	2020-10-29 12:20:17 -0500
commit	e7c7a2851e08aa64ca95ba7cb8c02516febdb311 (patch)
tree	5e5673ce7866ec73b8c3841ac1fd23fe902fce4c
parent	7dcc4cfea7da2ef1163e0a65618cb784f5159c6d (diff)
download	nova-e7c7a2851e08aa64ca95ba7cb8c02516febdb311.tar.gz