Glance

Checksum of deactivated image can be modified for 'deactivated' images

Bug #1517963 reported by Stuart McLaren on 2015-11-19

This bug report is a duplicate of: Bug #1517060: Users (without admin privileges) can change ACTIVE_IMMUTABLE properties of their own images when deactivated.. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Glance	Fix Committed	Undecided	Niall Bunting
	Kilo	Fix Committed	Undecided	Unassigned	Glance 2015.1.3

Bug Description

Similar to bug 1517060 for 'size', the checksum of a deactivated image can be changed via the v1 api.

Tags:

Niall Bunting (niall-bunting) on 2015-11-19

Changed in glance:
assignee:	nobody → Niall Bunting (niall-bunting)

OpenStack Infra (hudson-openstack) on 2015-11-19

Changed in glance:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-23: Fix merged to glance (master)

Reviewed: https://review.openstack.org/247532
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=fbe964a0f20b9ab708b85634c3d707630d403dcd
Submitter: Jenkins
Branch: master

commit fbe964a0f20b9ab708b85634c3d707630d403dcd
Author: NiallBunting <email address hidden>
Date: Thu Nov 19 14:02:06 2015 +0000

Disallow user modifing ACTIVE_IMMUTABLE of deactivated images

    Currently the user can change the ACTIVE_IMMUTABLE properties whilst
    the image is 'deactivated'. This should not be the case once an image
    has become 'active'.

    APIImpact
    Change-Id: I744fbce90893008ef49568c3cba47bf0e26dec9d
    Closes-Bug: 1517060
    Closes-Bug: 1517963

Changed in glance:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-23: Fix proposed to glance (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/248717

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-23: Fix proposed to glance (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/248723

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-30: Fix merged to glance (stable/liberty)

Reviewed: https://review.openstack.org/248723
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=0f001b2f13ee0a16b09b0854164431239dad3b69
Submitter: Jenkins
Branch: stable/liberty

commit 0f001b2f13ee0a16b09b0854164431239dad3b69
Author: NiallBunting <email address hidden>
Date: Thu Nov 19 14:02:06 2015 +0000

Disallow user modifing ACTIVE_IMMUTABLE of deactivated images

    Currently the user can change the ACTIVE_IMMUTABLE properties whilst
    the image is 'deactivated'. This should not be the case once an image
    has become 'active'.

    APIImpact
    Change-Id: I744fbce90893008ef49568c3cba47bf0e26dec9d
    Closes-Bug: 1517060
    Closes-Bug: 1517963
    (cherry picked from commit fbe964a0f20b9ab708b85634c3d707630d403dcd)

tags:

added: in-stable-liberty

Revision history for this message

Thierry Carrez (ttx) wrote on 2015-12-02: Fix included in openstack/glance 12.0.0.0b1

This issue was fixed in the openstack/glance 12.0.0.0b1 development milestone.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-12-06: Fix merged to glance (stable/kilo)

Reviewed: https://review.openstack.org/248717
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=417c02ae8ae362713dc7c46740f1af7e2a9d55c2
Submitter: Jenkins
Branch: stable/kilo

commit 417c02ae8ae362713dc7c46740f1af7e2a9d55c2
Author: NiallBunting <email address hidden>
Date: Thu Nov 19 14:02:06 2015 +0000

Disallow user modifing ACTIVE_IMMUTABLE of deactivated images

    Currently the user can change the ACTIVE_IMMUTABLE properties whilst
    the image is 'deactivated'. This should not be the case once an image
    has become 'active'.

    APIImpact
    Change-Id: I744fbce90893008ef49568c3cba47bf0e26dec9d
    Closes-Bug: 1517060
    Closes-Bug: 1517963
    (cherry picked from commit fbe964a0f20b9ab708b85634c3d707630d403dcd)

tags:

added: in-stable-kilo

Revision history for this message

Thierry Carrez (ttx) wrote on 2015-12-21: Fix included in openstack/glance 11.0.1

This issue was fixed in the openstack/glance 11.0.1 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-10:

This issue was fixed in the openstack/glance 11.0.1 release.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1517060 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.