Update glance default policy values

There was an issue with the metadef APIs in glance, detailed in the latest OSSN[0] that they have the potential to leak resources. This change updates the default policy for the metadef APIs to be disabled by default. [0] https://wiki.openstack.org/wiki/OSSN/OSSN-0088 Change-Id: I7377b3a2f3784fe7da78bdd7aba146328cc0f406
2021-03-09 15:52:48 -06:00 · 2021-03-09 15:52:48 -06:00 · aab5ee7711
commit aab5ee7711
parent 80c8f6d6d3
3 changed files with 22 additions and 21 deletions
--- a/glance/Chart.yaml
+++ b/glance/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Glance
 name: glance
-version: 0.1.5
+version: 0.1.6
 home: https://docs.openstack.org/glance/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
 sources:
--- a/glance/values.yaml
+++ b/glance/values.yaml
@ -220,26 +220,26 @@ conf:
    modify_task: role:admin
    deactivate: ''
    reactivate: ''
-    get_metadef_namespace: ''
-    get_metadef_namespaces: ''
-    modify_metadef_namespace: ''
-    add_metadef_namespace: ''
-    get_metadef_object: ''
-    get_metadef_objects: ''
-    modify_metadef_object: ''
-    add_metadef_object: ''
-    list_metadef_resource_types: ''
-    get_metadef_resource_type: ''
-    add_metadef_resource_type_association: ''
-    get_metadef_property: ''
-    get_metadef_properties: ''
-    modify_metadef_property: ''
-    add_metadef_property: ''
-    get_metadef_tag: ''
-    get_metadef_tags: ''
-    modify_metadef_tag: ''
-    add_metadef_tag: ''
-    add_metadef_tags: ''
+    get_metadef_namespace: '!'
+    get_metadef_namespaces: '!'
+    modify_metadef_namespace: '!'
+    add_metadef_namespace: '!'
+    get_metadef_object: '!'
+    get_metadef_objects: '!'
+    modify_metadef_object: '!'
+    add_metadef_object: '!'
+    list_metadef_resource_types: '!'
+    get_metadef_resource_type: '!'
+    add_metadef_resource_type_association: '!'
+    get_metadef_property: '!'
+    get_metadef_properties: '!'
+    modify_metadef_property: '!'
+    add_metadef_property: '!'
+    get_metadef_tag: '!'
+    get_metadef_tags: '!'
+    modify_metadef_tag: '!'
+    add_metadef_tag: '!'
+    add_metadef_tags: '!'
  glance:
    DEFAULT:
      log_config_append: /etc/glance/logging.conf
--- a/releasenotes/notes/glance.yaml
+++ b/releasenotes/notes/glance.yaml
@ -6,3 +6,4 @@ glance:
  - 0.1.3 Revert - Change issuer to clusterissuer
  - 0.1.4 Update RBAC apiVersion from /v1beta1 to /v1
  - 0.1.5 Change Issuer to ClusterIssuer
+  - 0.1.6 Update glance default policy values