From 494f49b881d1e85ef3f8a45fd94fd4435649dc93 Mon Sep 17 00:00:00 2001 From: "phillip.toohill" Date: Thu, 25 Sep 2025 09:49:14 -0500 Subject: [PATCH] fix: Adjusting glance download_image policy (#1209) (cherry picked from commit 5cdede92eb8f8cca0811bf4af77cc36ed44eb59f) --- base-helm-configs/glance/glance-helm-overrides.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/base-helm-configs/glance/glance-helm-overrides.yaml b/base-helm-configs/glance/glance-helm-overrides.yaml index a4c8602d..5e47ac46 100644 --- a/base-helm-configs/glance/glance-helm-overrides.yaml +++ b/base-helm-configs/glance/glance-helm-overrides.yaml @@ -122,10 +122,11 @@ conf: "admin_required": "role:admin or role:glance_admin" "default": "role:admin or role:glance_admin" "context_is_admin": "role:admin or role:glance_admin" + "service_api": "role:service" "publicize_image": "role:glance_admin" "communitize_image": "role:glance_admin" - "download_image": "role:service or role:glance_admin or rule:context_is_admin or rule:service_api or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))" - "get_image": "role:service or role:glance_admin or rule:context_is_admin or rule:service_api or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))" + "download_image": "rule:context_is_admin or rule:service_api or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s))" + "get_image": "rule:context_is_admin or rule:service_api or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))" logging: logger_root: level: INFO