yahoo-eng-team team mailing list archive

[Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>]

** Changed in: glance/grizzly
   Importance: Undecided => High

** Changed in: glance/grizzly
       Status: New => Fix Released

** Changed in: glance/grizzly
    Milestone: None => 2013.1

** Changed in: glance/grizzly
     Assignee: (unassigned) => Dan Prince (dan-prince)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1098962

Title:
  glance image-download can display backend Swift password

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Released
Status in Glance essex series:
  Fix Committed
Status in Glance folsom series:
  Fix Released
Status in Glance grizzly series:
  Fix Released

Bug description:
  Using the latest release of Glance Grizzly (git 2d9b3f1)  on Fedora
  17.

  It appears that Glance can return a 404 message which contains the
  backend Swift store password when there are errors obtaining the image
  from Swift.

  Example:

  [root@nova1 image]# glance image-download foo
  Request returned failure status.
  404 Not Found
  Swift could not find image at uri swift+http://admin%3Aadmin:AABBCC112233@127.0.0.1:5000/v2.0/glance/b0bd4daf-0cef-448e-b5f2-3033d0f5a73a
      (HTTP 404)

  ----

  The above could happen for any user that can access the Glance server.

  A simple way to replicate this is to do something like this:

  1) Setup Glance using Swift as a backend (single tenant mode).

  2)  Remove or block an image from the swift account where images are
  stored.

  3) Attempt to download the same image (which you removed from Swift)
  from Glance.

  ---

  The root cause of the issue appears to be that the Swift store can
  raise NotFound exceptions with the backend location URI in them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1098962/+subscriptions