openstack/openstack-helm
Code Issues Proposed changes

Update glance default policy values

Browse Source 
There was an issue with the metadef APIs in glance, detailed in
the latest OSSN[0] that they have the potential to leak resources.

This change updates the default policy for the metadef APIs to
be disabled by default.

[0] https://wiki.openstack.org/wiki/OSSN/OSSN-0088

Change-Id: I7377b3a2f3784fe7da78bdd7aba146328cc0f406
This commit is contained in:
Gage Hugo 2021-03-09 15:52:48 -06:00
parent 80c8f6d6d3
commit aab5ee7711
3 changed files with 22 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
glance/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Glance description: OpenStack-Helm Glance
name: glance name: glance
version: 0.1.5 version: 0.1.6
home: https://docs.openstack.org/glance/latest/ home: https://docs.openstack.org/glance/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
sources: sources:

40
glance/values.yaml
View File

@ -220,26 +220,26 @@ conf:
modify_task: role:admin modify_task: role:admin
deactivate: '' deactivate: ''
reactivate: '' reactivate: ''
get_metadef_namespace: '' get_metadef_namespace: '!'
get_metadef_namespaces: '' get_metadef_namespaces: '!'
modify_metadef_namespace: '' modify_metadef_namespace: '!'
add_metadef_namespace: '' add_metadef_namespace: '!'
get_metadef_object: '' get_metadef_object: '!'
get_metadef_objects: '' get_metadef_objects: '!'
modify_metadef_object: '' modify_metadef_object: '!'
add_metadef_object: '' add_metadef_object: '!'
list_metadef_resource_types: '' list_metadef_resource_types: '!'
get_metadef_resource_type: '' get_metadef_resource_type: '!'
add_metadef_resource_type_association: '' add_metadef_resource_type_association: '!'
get_metadef_property: '' get_metadef_property: '!'
get_metadef_properties: '' get_metadef_properties: '!'
modify_metadef_property: '' modify_metadef_property: '!'
add_metadef_property: '' add_metadef_property: '!'
get_metadef_tag: '' get_metadef_tag: '!'
get_metadef_tags: '' get_metadef_tags: '!'
modify_metadef_tag: '' modify_metadef_tag: '!'
add_metadef_tag: '' add_metadef_tag: '!'
add_metadef_tags: '' add_metadef_tags: '!'
glance: glance:
DEFAULT: DEFAULT:
log_config_append: /etc/glance/logging.conf log_config_append: /etc/glance/logging.conf

1
releasenotes/notes/glance.yaml
View File

@ -6,3 +6,4 @@ glance:
- 0.1.3 Revert - Change issuer to clusterissuer - 0.1.3 Revert - Change issuer to clusterissuer
- 0.1.4 Update RBAC apiVersion from /v1beta1 to /v1 - 0.1.4 Update RBAC apiVersion from /v1beta1 to /v1
- 0.1.5 Change Issuer to ClusterIssuer - 0.1.5 Change Issuer to ClusterIssuer
- 0.1.6 Update glance default policy values