)]}'
{"specs/rocky/approved/glance/policy-refactor.rst":[{"author":{"_account_id":20182,"name":"Bhagyashri Shewale","email":"bshewale@redhat.com","username":"bhagyashris"},"change_message_id":"eddc1b3716ca3acaf9899793a53f6bf3e18d1d46","unresolved":false,"context_lines":[{"line_number":28,"context_line":"problem with this design, which has only revealed itself as the v2 API has"},{"line_number":29,"context_line":"matured, is that operators want to use policies to control who can make API"},{"line_number":30,"context_line":"calls (as they can with most other OpenStack services).  In Glance, however,"},{"line_number":31,"context_line":"poicies directly affect the objects dealt with internally by Glance, and only"},{"line_number":32,"context_line":"indirectly affect API who can make API calls.  This makes it difficult for"},{"line_number":33,"context_line":"operators to configure Glance.  In addition, it has made it difficult to"},{"line_number":34,"context_line":"implement features."}],"source_content_type":"text/x-rst","patch_set":1,"id":"df7087c5_9de663b0","line":31,"range":{"start_line":31,"start_character":0,"end_line":31,"end_character":7},"updated":"2018-03-23 06:19:14.000000000","message":"small nit: policies","commit_id":"a5ce55d24c2f84ec4792c1d42a78c22ace201d57"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"7817a00dbc0713523110565336269b01176f46be","unresolved":false,"context_lines":[{"line_number":29,"context_line":"matured, is that operators want to use policies to control who can make API"},{"line_number":30,"context_line":"calls (as they can with most other OpenStack services).  In Glance, however,"},{"line_number":31,"context_line":"poicies directly affect the objects dealt with internally by Glance, and only"},{"line_number":32,"context_line":"indirectly affect API who can make API calls.  This makes it difficult for"},{"line_number":33,"context_line":"operators to configure Glance.  In addition, it has made it difficult to"},{"line_number":34,"context_line":"implement features."},{"line_number":35,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"7f96bb07_20ad10ea","line":32,"range":{"start_line":32,"start_character":18,"end_line":32,"end_character":21},"updated":"2018-01-19 19:54:14.000000000","message":"delete this word","commit_id":"a5ce55d24c2f84ec4792c1d42a78c22ace201d57"},{"author":{"_account_id":15054,"name":"wangxiyuan","email":"wangxiyuan1007@gmail.com","username":"wangxiyuan"},"change_message_id":"967c2249c8ecc2c9d703dbebb2a54baddfe4c089","unresolved":false,"context_lines":[{"line_number":82,"context_line":"   Note: it\u0027s not clear how far we can go with this for some calls.  If a"},{"line_number":83,"context_line":"   user is not allowed to make the PATCH call, it\u0027s true that the user won\u0027t"},{"line_number":84,"context_line":"   be able to modify image locations, but it\u0027s also true that the user won\u0027t"},{"line_number":85,"context_line":"   be able to update *any* image properties."},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"2. Be able to distinguish the workflow in effect, that is, that accessing an"},{"line_number":88,"context_line":"   image location as part of ``GET /v2/images/{image_id}/file`` is different"}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf659307_7545e26f","line":85,"updated":"2018-04-09 04:04:57.000000000","message":"If a user can\u0027t  update *any* image properties, he can\u0027t update the image location of cause IMO. If a user can update the image properties, maybe he is refused to  update the image location. So the policy can be defined like:\n\n\"image_update\": \"\"\n\"image_update:location\": \"role:admin\"\n\nThe the code can be like:\n\ndef update(context, image):\n    policy.enforce(\"image_update\",context,...)\n    if image.get(\"location\"):\n        policy.enforce(\"image_update:location\", context,....)","commit_id":"009de58731296d47906835119000fd7ae8b29abb"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"c0d7f69d5097b8d0526dcb3f6a69e885c3784d4d","unresolved":false,"context_lines":[{"line_number":82,"context_line":"   Note: it\u0027s not clear how far we can go with this for some calls.  If a"},{"line_number":83,"context_line":"   user is not allowed to make the PATCH call, it\u0027s true that the user won\u0027t"},{"line_number":84,"context_line":"   be able to modify image locations, but it\u0027s also true that the user won\u0027t"},{"line_number":85,"context_line":"   be able to update *any* image properties."},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"2. Be able to distinguish the workflow in effect, that is, that accessing an"},{"line_number":88,"context_line":"   image location as part of ``GET /v2/images/{image_id}/file`` is different"}],"source_content_type":"text/x-rst","patch_set":2,"id":"5f7c97a3_9c4f9733","line":85,"in_reply_to":"5f7c97a3_9bda4a49","updated":"2018-06-06 00:20:51.000000000","message":"Personally I think the only user who ever needs to remove locations is admin. When the image is deleted the deletion of location should be internal matter to Glance and not subject to policy.","commit_id":"009de58731296d47906835119000fd7ae8b29abb"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c393b76b44315c4dee9583deab0c8a12adc6d927","unresolved":false,"context_lines":[{"line_number":82,"context_line":"   Note: it\u0027s not clear how far we can go with this for some calls.  If a"},{"line_number":83,"context_line":"   user is not allowed to make the PATCH call, it\u0027s true that the user won\u0027t"},{"line_number":84,"context_line":"   be able to modify image locations, but it\u0027s also true that the user won\u0027t"},{"line_number":85,"context_line":"   be able to update *any* image properties."},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"2. Be able to distinguish the workflow in effect, that is, that accessing an"},{"line_number":88,"context_line":"   image location as part of ``GET /v2/images/{image_id}/file`` is different"}],"source_content_type":"text/x-rst","patch_set":2,"id":"5f7c97a3_9bda4a49","line":85,"in_reply_to":"bf659307_7545e26f","updated":"2018-06-05 14:52:45.000000000","message":"This is a good suggestion for how to arrange these in a logical way.  It would also work for other properties, like maybe:\n\n  old   -\u003e   new\n  set_image_location -\u003e modify_image:locations\n  publicize_image  -\u003e modify_image:visibility:public\n  communitize_image  -\u003e modify_image:visibility:community\n\nQuestion: how do we deal with delete_image_location ?","commit_id":"009de58731296d47906835119000fd7ae8b29abb"},{"author":{"_account_id":15054,"name":"wangxiyuan","email":"wangxiyuan1007@gmail.com","username":"wangxiyuan"},"change_message_id":"967c2249c8ecc2c9d703dbebb2a54baddfe4c089","unresolved":false,"context_lines":[{"line_number":87,"context_line":"2. Be able to distinguish the workflow in effect, that is, that accessing an"},{"line_number":88,"context_line":"   image location as part of ``GET /v2/images/{image_id}/file`` is different"},{"line_number":89,"context_line":"   from accessing an image location as part of ``GET /v2/images/{image_id}``."},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"   This doesn\u0027t necessarily mean that we will have to pass workflow information"},{"line_number":92,"context_line":"   into the policy layer; it\u0027s possible that judicious placement of where"},{"line_number":93,"context_line":"   policies are checked is sufficient to accomplish this."}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf659307_b5bdba69","line":90,"updated":"2018-04-09 04:04:57.000000000","message":"The location policy can be different for such case, for example:\n\nFor ``GET /v2/images/{image_id}/file``, the policy can be \"image_download: location\": \"role:admin or role:service\"\nFor ``GET /v2/images/{image_id}`, the policy can be \"image_get:location\": \"role:admin\"","commit_id":"009de58731296d47906835119000fd7ae8b29abb"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c393b76b44315c4dee9583deab0c8a12adc6d927","unresolved":false,"context_lines":[{"line_number":87,"context_line":"2. Be able to distinguish the workflow in effect, that is, that accessing an"},{"line_number":88,"context_line":"   image location as part of ``GET /v2/images/{image_id}/file`` is different"},{"line_number":89,"context_line":"   from accessing an image location as part of ``GET /v2/images/{image_id}``."},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"   This doesn\u0027t necessarily mean that we will have to pass workflow information"},{"line_number":92,"context_line":"   into the policy layer; it\u0027s possible that judicious placement of where"},{"line_number":93,"context_line":"   policies are checked is sufficient to accomplish this."}],"source_content_type":"text/x-rst","patch_set":2,"id":"5f7c97a3_dbd0c22e","line":90,"in_reply_to":"bf659307_b5bdba69","updated":"2018-06-05 14:52:45.000000000","message":"My thought was that we wouldn\u0027t need a policy on location for the GET v2/images/{id}/file since it\u0027s already covered by image_download (the location doesn\u0027t appear in the response).\n\nI like your idea of image_get:locations , it would be clear what it applies to, and would be extensible to other \"sensitive\" image properties.  We could replace the show_image_url config option with a \u0027image_get:direct_url\u0027 policy.","commit_id":"009de58731296d47906835119000fd7ae8b29abb"},{"author":{"_account_id":11904,"name":"Sean McGinnis","email":"sean.mcginnis@gmail.com","username":"SeanM"},"change_message_id":"8851716d0071f941d47fb4e160409e4dd5af5768","unresolved":false,"context_lines":[{"line_number":92,"context_line":"   into the policy layer; it\u0027s possible that judicious placement of where"},{"line_number":93,"context_line":"   policies are checked is sufficient to accomplish this."},{"line_number":94,"context_line":""},{"line_number":95,"context_line":"[Obviously, this section needs more work!  At this point, I want to assess the"},{"line_number":96,"context_line":"extent to which people are on board with the idea that we need to do something"},{"line_number":97,"context_line":"about the policy layer.]"},{"line_number":98,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"5f7c97a3_5b9e0055","line":95,"updated":"2018-05-17 20:44:19.000000000","message":"One more update coming? Or to be updated after spec is merged and more details are worked out in code?","commit_id":"009de58731296d47906835119000fd7ae8b29abb"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c393b76b44315c4dee9583deab0c8a12adc6d927","unresolved":false,"context_lines":[{"line_number":92,"context_line":"   into the policy layer; it\u0027s possible that judicious placement of where"},{"line_number":93,"context_line":"   policies are checked is sufficient to accomplish this."},{"line_number":94,"context_line":""},{"line_number":95,"context_line":"[Obviously, this section needs more work!  At this point, I want to assess the"},{"line_number":96,"context_line":"extent to which people are on board with the idea that we need to do something"},{"line_number":97,"context_line":"about the policy layer.]"},{"line_number":98,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"5f7c97a3_fbbeded2","line":95,"in_reply_to":"5f7c97a3_5b9e0055","updated":"2018-06-05 14:52:45.000000000","message":"I was hoping to have more info here before the spec is merged.  I may need a spec freeze exception.  (I thought someone else was going to pick this up.)","commit_id":"009de58731296d47906835119000fd7ae8b29abb"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"c0d7f69d5097b8d0526dcb3f6a69e885c3784d4d","unresolved":false,"context_lines":[{"line_number":92,"context_line":"   into the policy layer; it\u0027s possible that judicious placement of where"},{"line_number":93,"context_line":"   policies are checked is sufficient to accomplish this."},{"line_number":94,"context_line":""},{"line_number":95,"context_line":"[Obviously, this section needs more work!  At this point, I want to assess the"},{"line_number":96,"context_line":"extent to which people are on board with the idea that we need to do something"},{"line_number":97,"context_line":"about the policy layer.]"},{"line_number":98,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"5f7c97a3_3cd1a330","line":95,"in_reply_to":"5f7c97a3_fbbeded2","updated":"2018-06-06 00:20:51.000000000","message":"I think we can all agree that this work needs to happen and will not be done in Rocky and we do have the feature branch to get the work started. Let\u0027s not worry about merging this spec for Rocky either. We can always experiment in the feature branch and see what approach could work while working on the spec.","commit_id":"009de58731296d47906835119000fd7ae8b29abb"},{"author":{"_account_id":15054,"name":"wangxiyuan","email":"wangxiyuan1007@gmail.com","username":"wangxiyuan"},"change_message_id":"967c2249c8ecc2c9d703dbebb2a54baddfe4c089","unresolved":false,"context_lines":[{"line_number":95,"context_line":"[Obviously, this section needs more work!  At this point, I want to assess the"},{"line_number":96,"context_line":"extent to which people are on board with the idea that we need to do something"},{"line_number":97,"context_line":"about the policy layer.]"},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"Alternatives"},{"line_number":100,"context_line":"------------"},{"line_number":101,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf659307_555a1e50","line":98,"updated":"2018-04-09 04:04:57.000000000","message":"One more thing we should consider is the backward compatibility between the new policy structure and the old ones","commit_id":"009de58731296d47906835119000fd7ae8b29abb"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c393b76b44315c4dee9583deab0c8a12adc6d927","unresolved":false,"context_lines":[{"line_number":95,"context_line":"[Obviously, this section needs more work!  At this point, I want to assess the"},{"line_number":96,"context_line":"extent to which people are on board with the idea that we need to do something"},{"line_number":97,"context_line":"about the policy layer.]"},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"Alternatives"},{"line_number":100,"context_line":"------------"},{"line_number":101,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"5f7c97a3_787174de","line":98,"in_reply_to":"bf659307_555a1e50","updated":"2018-06-05 14:52:45.000000000","message":"That\u0027s a really good point.","commit_id":"009de58731296d47906835119000fd7ae8b29abb"}]}