Glance

Add upload_image policy for glance v1 api

Bug #1254521 reported by Iccha Sethi on 2013-11-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Glance	Fix Released	Medium	Yanis Guenane	Glance 2014.1 "icehouse"

Bug Description

Currently there exists no policy to control data uploads.

https://bugs.launchpad.net/glance/+bug/1250918 is for adding upload_image policy in glance v2 api, this bug is for adding it to the glance v1 api.

Yanis Guenane (yanis-guenane) on 2013-11-25

Changed in glance:
assignee:	nobody → Yanis Guenane (yanis-guenane)

Revision history for this message

Yanis Guenane (yanis-guenane) wrote on 2013-11-25:

There are 3 ways an upload image can be specified :

  * location
  * file
  * copy-from

For file and location I agree that the upload_image policy should be applied. For the copy-from, not entirely.

--copy-from takes an <IMAGE_URL>, this will work only if the user has access to this URI, else the user will be presented with a 403 Forbidden.

Should we apply an upload_image policy also for copy-from, or strictly for location and file ?

Revision history for this message

Yanis Guenane (yanis-guenane) wrote on 2013-11-25:

On top of what I've said above, location policy is already handled by set_image_location. So the policy to define would only concern uploading data via --file option

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-11-26: Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/58559

Changed in glance:
status:	New → In Progress

Iccha Sethi (iccha-sethi) on 2013-11-26

Changed in glance:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-12-05: Fix merged to glance (master)

Reviewed: https://review.openstack.org/58559
Committed: http://github.com/openstack/glance/commit/ab7ea6baf7e67ee6353257f112e315369dd8d36e
Submitter: Jenkins
Branch: master

commit ab7ea6baf7e67ee6353257f112e315369dd8d36e
Author: Yanis Guenane <email address hidden>
Date: Tue Nov 26 15:55:09 2013 +0000

Set upload_image policy to control data upload

    There was no policy to control data upload.
    Up until today, the add_image policy was a all or nothing, from metadata
    to the actual data. Now, with the combination of add_image and upload_image
    an administrator will have finer control over the whole chain.

Change-Id: I1a7966ffb5c63dd8239a54fe2963b031d9fe1f9a
Closes-bug: #1254521

Changed in glance:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2014-01-22

Changed in glance:
milestone:	none → icehouse-2
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-04-17

Changed in glance:
milestone:	icehouse-2 → 2014.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.