glance client allows override of header fields

We could add some more checking, but is this really a bug? What is the negative impact of allowing 'features' to be free-form?

This is also a deprecated client (please use python-glanceclient), so any work would be done on a stable branch for which we do not develop new features.

Setting to Low because of Brian's correct comment that the new python-glanceclient is where most of the work is nowadays. Also, I would think that if you put together a test method that shows that by passing in features dict of {'Content-Length: 0} overrides the main HTTP Content-Length header, you may have a case for a higher-priority fix...

I would buy doing this to prevent colliding with headers we explicitly depend on, but it would be frustrating to completely limit it to a specific set of headers. It would be nice to allow users to use new feature headers as they are released rather than having to wait for a client update. And I don't want to see this land on master, it should be done solely in stable/essex.

Well crap, it might make sense to do it on master for F3 then backport it. Let's go with that.

Fix proposed to branch: master
Review: https://review.openstack.org/9855

Reviewed: https://review.openstack.org/9855
Committed: http://github.com/openstack/glance/commit/920096f0f6c7fdc20d906b58e202a5d505dd3a4e
Submitter: Jenkins
Branch: master

commit 920096f0f6c7fdc20d906b58e202a5d505dd3a4e
Author: Lars Gellrich <email address hidden>
Date: Mon Jul 16 15:20:33 2012 +0000

    Prevent client from overriding important headers.

    The glance client offered the opportunity to override
    important headers via the features parameter during image
    creation or update.

    Created a blacklist of unsupported features like:
    content-length
    content-type
    x-image-meta-size

    These headers should not be overriden by the client.

    Fixes LP Bug #1023892

    Change-Id: I14aac59e00a2672fd98f6dab221096ab5de86855