Glance

scrubber creates queued files containing unencrypted uris

Bug #1180884 reported by John Lenihan on 2013-05-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Glance	Fix Released	Undecided	John Lenihan	Glance 2013.2 "havana"

Bug Description

The scrubber can sometimes create queue files under certain conditions. in _delete(), if there is a store.UnsupportedBackend or exception.NotFound exception the uri is stored in the queue file in unencryped form.

From glance/store/scrubber.py:

    def _delete(self, id, uri, now):
        file_path = os.path.join(self.datadir, str(id))
        if CONF.metadata_encryption_key is not None:
            uri = crypt.urlsafe_decrypt(CONF.metadata_encryption_key, uri)
        try:
            LOG.debug(_("Deleting %(uri)s") % {'uri': uri})
            # Here we create a request context with credentials to support
            # delayed delete when using multi-tenant backend storage
            ctx = context.RequestContext(auth_tok=self.registry.auth_tok,
                                         user=self.admin_user,
                                         tenant=self.admin_tenant)
            store.delete_from_backend(ctx, uri)
        except store.UnsupportedBackend:
            msg = _("Failed to delete image from store (%(id)s).")
            LOG.error(msg % {'id': id})
            if CONF.metadata_encryption_key is not None:
                uri = crypt.urlsafe_encrypt(CONF.metadata_encryption_key, uri, 64)
            write_queue_file(file_path, uri, now)
        except exception.NotFound:
            msg = _("Image not found in store (%(id)s).")
            LOG.error(msg % {'id': id})
            if CONF.metadata_encryption_key is not None:
                uri = crypt.urlsafe_encrypt(CONF.metadata_encryption_key, uri, 64)
            write_queue_file(file_path, uri, now)

self.registry.update_image(id, {'status': 'deleted'})
utils.safe_remove(file_path)

Fix to follow shortly.

John Lenihan (john-lenihan-k) on 2013-05-16

Changed in glance:
assignee:	nobody → John Lenihan (john-lenihan-k)
assignee:	John Lenihan (john-lenihan-k) → nobody
assignee:	nobody → John Lenihan (john-lenihan-k)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-05-16: Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/29405

Changed in glance:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-06-27: Fix merged to glance (master)

Reviewed: https://review.openstack.org/29405
Committed: http://github.com/openstack/glance/commit/7d3cdc51acaf093b0ce393ffd522e238c4eeb0e5
Submitter: Jenkins
Branch: master

commit 7d3cdc51acaf093b0ce393ffd522e238c4eeb0e5
Author: John Lenihan <email address hidden>
Date: Wed Jun 19 09:25:09 2013 +0000

Fix for unencrypted uris in scrubber queue files

    The scrubber can write unencrypted uris in queue files in
    certain conditions. This fixes the problem by removing the
    lines which write the queue files when exceptions occur.

Test included.

Fixes bug 1180884

Change-Id: If742a84cea1bd1f5abf99fb0e3cbd1e0c1623171

Changed in glance:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-07-17

Changed in glance:
milestone:	none → havana-2
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-10-17

Changed in glance:
milestone:	havana-2 → 2013.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.