I'm looking at a possible bug here but I just want to confirm that I'm not missing something obvious.
I'm currently working with Devstack on Ubuntu 12.04 LTS Once Devstack is up and running, I'm creating a file /etc/glance/property-protections.conf as follows: [^foo_property$] create = @ read = @ update = admin delete = admin [.*] create = @ read = @ update = @ delete = @ I'm then referencing this in my glance-api.conf and restarting the glance api service. My understanding is that, as the demo user (which does not have the admin role), I should be able to set foo_property='some_value' but once set, I should not be able to modify or delete it which I currently am able to do. I have tried changing the various operations to '!' and confirmed that those will prevent me from executing those operations (returning 403 as expected). I've also double checked that the demo user has not somehow acquired the admin role. Tom _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
