From aab5ee77113c03865cc863f1a22a3730a86235c8 Mon Sep 17 00:00:00 2001
From: Gage Hugo <gagehugo@gmail.com>
Date: Tue, 9 Mar 2021 15:52:48 -0600
Subject: [PATCH] Update glance default policy values

There was an issue with the metadef APIs in glance, detailed in
the latest OSSN[0] that they have the potential to leak resources.

This change updates the default policy for the metadef APIs to
be disabled by default.

[0] https://wiki.openstack.org/wiki/OSSN/OSSN-0088

Change-Id: I7377b3a2f3784fe7da78bdd7aba146328cc0f406
---
 glance/Chart.yaml              |  2 +-
 glance/values.yaml             | 40 +++++++++++++++++-----------------
 releasenotes/notes/glance.yaml |  1 +
 3 files changed, 22 insertions(+), 21 deletions(-)

diff --git a/glance/Chart.yaml b/glance/Chart.yaml
index 7e9aa3dd8f..83173350e3 100644
--- a/glance/Chart.yaml
+++ b/glance/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Glance
 name: glance
-version: 0.1.5
+version: 0.1.6
 home: https://docs.openstack.org/glance/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
 sources:
diff --git a/glance/values.yaml b/glance/values.yaml
index 1428c29945..df1370c7e0 100644
--- a/glance/values.yaml
+++ b/glance/values.yaml
@@ -220,26 +220,26 @@ conf:
     modify_task: role:admin
     deactivate: ''
     reactivate: ''
-    get_metadef_namespace: ''
-    get_metadef_namespaces: ''
-    modify_metadef_namespace: ''
-    add_metadef_namespace: ''
-    get_metadef_object: ''
-    get_metadef_objects: ''
-    modify_metadef_object: ''
-    add_metadef_object: ''
-    list_metadef_resource_types: ''
-    get_metadef_resource_type: ''
-    add_metadef_resource_type_association: ''
-    get_metadef_property: ''
-    get_metadef_properties: ''
-    modify_metadef_property: ''
-    add_metadef_property: ''
-    get_metadef_tag: ''
-    get_metadef_tags: ''
-    modify_metadef_tag: ''
-    add_metadef_tag: ''
-    add_metadef_tags: ''
+    get_metadef_namespace: '!'
+    get_metadef_namespaces: '!'
+    modify_metadef_namespace: '!'
+    add_metadef_namespace: '!'
+    get_metadef_object: '!'
+    get_metadef_objects: '!'
+    modify_metadef_object: '!'
+    add_metadef_object: '!'
+    list_metadef_resource_types: '!'
+    get_metadef_resource_type: '!'
+    add_metadef_resource_type_association: '!'
+    get_metadef_property: '!'
+    get_metadef_properties: '!'
+    modify_metadef_property: '!'
+    add_metadef_property: '!'
+    get_metadef_tag: '!'
+    get_metadef_tags: '!'
+    modify_metadef_tag: '!'
+    add_metadef_tag: '!'
+    add_metadef_tags: '!'
   glance:
     DEFAULT:
       log_config_append: /etc/glance/logging.conf
diff --git a/releasenotes/notes/glance.yaml b/releasenotes/notes/glance.yaml
index c469468914..7dfcd8c3ed 100644
--- a/releasenotes/notes/glance.yaml
+++ b/releasenotes/notes/glance.yaml
@@ -6,3 +6,4 @@ glance:
   - 0.1.3 Revert - Change issuer to clusterissuer
   - 0.1.4 Update RBAC apiVersion from /v1beta1 to /v1
   - 0.1.5 Change Issuer to ClusterIssuer
+  - 0.1.6 Update glance default policy values