Added new rule in policy.json and applied that rule to
'download_image' policy.
For example,
"restricted": "not ('test_key':(test_key)s and role:_member_)"
"download_image": "role:admin or rule:restricted"
So if 'download_image' policy is enforced then in above case only admin or
user who satisfies rule 'restricted' will able to download image. Other users
will not be able to download the image and will get 403 Forbidden response.
In addition, delete property access should be restricted for other users
so that they will not be able to delete the property of the image.
[test_key]
create = admin,member
read = admin,member,_member_
update = admin,member
delete = admin,member
Added new method to create dictionary-like mashup of image core and custom
properties.
Modified v1 and v2 api to add download restriction.
Modified logic of caching to restrict download for v1 and v2 api.
DocImpact:
Need to add new rule in policy.json
"restricted": "not ('test_key':%(test_key)s and role:_member_)"
blueprint: restrict-downloading-images-protected-properties
Change-Id: I05bad0441952150bd15b831ac1b1a0bb9ae79c74
0656386e99