yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1205018] Re: With set_image_location policy can still update image_locations

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Fri, 05 Sep 2014 10:08:30 -0000
Reply-to: Bug 1205018 <1205018@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
** Changed in: glance
       Status: Fix Committed => Fix Released

** Changed in: glance
    Milestone: None => juno-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1205018

Title:
  With set_image_location policy can still update image_locations

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Released

Bug description:
  Latest devstack:

  The following policy set (nb: set_image_location is enforced):

  $ cat /etc/glance/policy.json
  {
      "context_is_admin":  "role:admin",
      "default": "",
      "set_image_location": "!",
      "manage_image_cache": "role:admin"
  }

  A request to set location returns 200:

  $ curl -v -i -k -X PUT -H "x-auth-token: `cat ~/token`" -H "x-image-meta-locations: ab" http://localhost:9292/v1/images/9028edc3-0dbb-4141-a544-38016f774138
  * About to connect() to localhost port 9292 (#0)
  *   Trying 127.0.0.1... connected
  > PUT /v1/images/9028edc3-0dbb-4141-a544-38016f774138 HTTP/1.1
  > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
  > Host: localhost:9292
  > Accept: */*
  > x-auth-token: TOKEN
  > x-image-meta-locations: ab
  >
  < HTTP/1.1 200 OK
  HTTP/1.1 200 OK
  < Content-Length: 411
  Content-Length: 411
  < Content-Type: application/json
  Content-Type: application/json
  < Location: http://localhost:9292/v1/images/9028edc3-0dbb-4141-a544-38016f774138
  Location: http://localhost:9292/v1/images/9028edc3-0dbb-4141-a544-38016f774138
  < X-Openstack-Request-Id: req-fd41247d-55d5-4a38-9e78-05057f4c0495
  X-Openstack-Request-Id: req-fd41247d-55d5-4a38-9e78-05057f4c0495
  < Date: Thu, 25 Jul 2013 17:16:51 GMT
  Date: Thu, 25 Jul 2013 17:16:51 GMT

  <
  * Connection #0 to host localhost left intact
  * Closing connection #0
  {"image": {"status": "queued", "deleted": false, "container_format": null, "min_ram": 0, "updated_at": "2013-07-25T17:16:51", "owner": "ecc4670241e842c991b8737802468e20", "min_disk": 0, "is_public": false, "deleted_at": null, "id": "9028edc3-0dbb-4141-a544-38016f774138", "size": 0, "name": "s1", "checksum": null, "created_at": "2013-07-25T17:16:02", "disk_format": null, "properties": {}, "protected": false}}

  
  and creates entries in the image_locations table:

  $ mysql -uroot -pxxx -h localhost glance -e 'select * from image_locations where image_id="9028edc3-0dbb-4141-a544-38016f774138"'
  +----+--------------------------------------+-------+---------------------+---------------------+------------+---------+-----------+
  | id | image_id                             | value | created_at          | updated_at          | deleted_at | deleted | meta_data |
  +----+--------------------------------------+-------+---------------------+---------------------+------------+---------+-----------+
  | 14 | 9028edc3-0dbb-4141-a544-38016f774138 | a     | 2013-07-25 17:16:51 | 2013-07-25 17:16:51 | NULL       |       0 | €}q.     |
  | 15 | 9028edc3-0dbb-4141-a544-38016f774138 | b     | 2013-07-25 17:16:51 | 2013-07-25 17:16:51 | NULL       |       0 | €}q.     |
  +----+--------------------------------------+-------+---------------------+---------------------+------------+---------+-----------+

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1205018/+subscriptions