diff --git a/templates/glance-api-paste.ini.j2 b/templates/glance-api-paste.ini.j2
index e6f10e82..59451acd 100644
--- a/templates/glance-api-paste.ini.j2
+++ b/templates/glance-api-paste.ini.j2
@@ -39,7 +39,6 @@ paste.composite_factory = glance.api:root_app_factory
 /: apiversions
 /v1: apiv1app
 /v2: apiv2app
-/v3: apiv3app
 
 [app:apiversions]
 paste.app_factory = glance.api.versions:create_resource
@@ -50,9 +49,6 @@ paste.app_factory = glance.api.v1.router:API.factory
 [app:apiv2app]
 paste.app_factory = glance.api.v2.router:API.factory
 
-[app:apiv3app]
-paste.app_factory = glance.api.v3.router:API.factory
-
 [filter:healthcheck]
 paste.filter_factory = oslo_middleware:Healthcheck.factory
 backends = disable_by_file
@@ -89,20 +85,3 @@ enabled = yes  #DEPRECATED
 paste.filter_factory =  oslo_middleware.cors:filter_factory
 oslo_config_project = glance
 oslo_config_program = glance-api
-# Basic Headers (Automatic)
-# Accept = Origin, Accept, Accept-Language, Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma
-# Expose = Origin, Accept, Accept-Language, Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma
-
-# Glance Headers
-# Accept = Content-MD5, X-Image-Meta-Checksum, X-Storage-Token, Accept-Encoding
-# Expose = X-Image-Meta-Checksum
-
-# Keystone Headers
-# Accept = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id
-# Expose = X-Auth-Token, X-Subject-Token, X-Service-Token
-
-# Request ID Middleware Headers
-# Accept = X-OpenStack-Request-ID
-# Expose = X-OpenStack-Request-ID
-latent_allow_headers = Content-MD5, X-Image-Meta-Checksum, X-Storage-Token, Accept-Encoding, X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
-latent_expose_headers = X-Image-Meta-Checksum, X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
diff --git a/templates/glance-glare-paste.ini.j2 b/templates/glance-glare-paste.ini.j2
new file mode 100644
index 00000000..621c0607
--- /dev/null
+++ b/templates/glance-glare-paste.ini.j2
@@ -0,0 +1,60 @@
+# Use this pipeline for no auth - DEFAULT
+[pipeline:glare-api]
+pipeline = cors healthcheck versionnegotiation osprofiler unauthenticated-context rootapp
+
+# Use this pipeline for keystone auth
+[pipeline:glare-api-keystone]
+pipeline = cors healthcheck versionnegotiation osprofiler authtoken context rootapp
+
+[composite:rootapp]
+paste.composite_factory = glance.api:root_app_factory
+/: apiversions
+/v0.1: glareapi
+
+[app:apiversions]
+paste.app_factory = glance.api.glare.versions:create_resource
+
+[app:glareapi]
+paste.app_factory = glance.api.glare.v0_1.router:API.factory
+
+[filter:healthcheck]
+paste.filter_factory = oslo_middleware:Healthcheck.factory
+backends = disable_by_file
+disable_by_file_path = /etc/glance/healthcheck_disable
+
+[filter:versionnegotiation]
+paste.filter_factory = glance.api.middleware.version_negotiation:GlareVersionNegotiationFilter.factory
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+delay_auth_decision = true
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+
+[filter:cors]
+paste.filter_factory =  oslo_middleware.cors:filter_factory
+oslo_config_project = glance
+oslo_config_program = glance-glare
+# Basic Headers (Automatic)
+# Accept = Origin, Accept, Accept-Language, Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma
+# Expose = Origin, Accept, Accept-Language, Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma
+
+# Glance Headers
+# Accept = Content-MD5, Accept-Encoding
+
+# Keystone Headers
+# Accept = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id
+# Expose = X-Auth-Token, X-Subject-Token, X-Service-Token
+
+# Request ID Middleware Headers
+# Accept = X-OpenStack-Request-ID
+# Expose = X-OpenStack-Request-ID
+latent_allow_headers = Content-MD5, Accept-Encoding, X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
+latent_expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
diff --git a/templates/policy.json.j2 b/templates/policy.json.j2
index 4bbc8b46..f49bc084 100644
--- a/templates/policy.json.j2
+++ b/templates/policy.json.j2
@@ -25,10 +25,10 @@
 
     "manage_image_cache": "role:admin",
 
-    "get_task": "",
-    "get_tasks": "",
-    "add_task": "",
-    "modify_task": "",
+    "get_task": "role:admin",
+    "get_tasks": "role:admin",
+    "add_task": "role:admin",
+    "modify_task": "role:admin",
 
     "deactivate": "",
     "reactivate": "",
diff --git a/tests/test-install-glance.yml b/tests/test-install-glance.yml
index 3bce55e3..52913beb 100644
--- a/tests/test-install-glance.yml
+++ b/tests/test-install-glance.yml
@@ -88,12 +88,12 @@
     keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
     glance_venv_tag: "testing"
     glance_developer_mode: true
-    glance_git_install_branch: 7d5c3710ce2739a8ac356208d4e104f2ce3ec9ab
-    glance_requirements_git_install_branch: 332278d456e06870150835564342570ec9d5f5a0
+    glance_git_install_branch: stable/mitaka
+    glance_requirements_git_install_branch: f8cf7eba898a1424549c730d6692ec4e9573c0ed # HEAD of "master" as of 23.03.2016
     glance_service_password: "secrete"
     glance_profiler_hmac_key: "secrete"
     openrc_os_auth_url: "http://127.0.0.1:5000/v3"
     openrc_os_password: "{{ keystone_auth_admin_password }}"
     openrc_os_domain_name: "Default"
     memcached_servers: 127.0.0.1
-    memcached_encryption_key: "secrete"
\ No newline at end of file
+    memcached_encryption_key: "secrete"
diff --git a/tests/test-install-keystone.yml b/tests/test-install-keystone.yml
index 4b3af745..25f17dac 100644
--- a/tests/test-install-keystone.yml
+++ b/tests/test-install-keystone.yml
@@ -68,8 +68,8 @@
     keystone_galera_database: keystone
     keystone_venv_tag: "testing"
     keystone_developer_mode: true
-    keystone_git_install_branch: a55128044f763f5cfe2fdc57c738eaca97636448
-    keystone_requirements_git_install_branch: 332278d456e06870150835564342570ec9d5f5a0
+    keystone_git_install_branch: stable/mitaka
+    keystone_requirements_git_install_branch: f8cf7eba898a1424549c730d6692ec4e9573c0ed # HEAD of "master" as of 23.03.2016
     keystone_auth_admin_token: "SuperSecreteTestToken"
     keystone_auth_admin_password: "SuperSecretePassword"
     keystone_service_password: "secrete"
@@ -80,4 +80,4 @@
     keystone_rabbitmq_vhost: /keystone
     keystone_rabbitmq_servers: 10.100.100.2
     keystone_rabbitmq_use_ssl: true
-    galera_client_drop_config_file: false
\ No newline at end of file
+    galera_client_drop_config_file: false