Glance

Users (without admin privileges) can change ACTIVE_IMMUTABLE properties of their own images when deactivated.

Bug #1517060 reported by Alexey Galkin on 2015-11-17

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
Glance	Fix Released	High	Niall Bunting
Kilo	Fix Released	High	Niall Bunting	Glance 2015.1.3
Liberty	Fix Committed	High	Niall Bunting

Bug Description

Steps to reproduce:

1. Create a new image with 'active' status.
2. Deactivate this image from admin. (image should have a 'deactivated' status)
3. Use this curl request:
curl -X PUT http://localhost:9292/v1/images/<USER_IMAGE_ID> -H 'X-Auth-Token: <USER_TOKEN>' -H 'x-image-meta-size: 1234567'
4. Verify that created image have a '1234567' size.

Mike Fedosin (mfedosin) on 2015-11-17

Changed in glance:
status:	New → Confirmed

Revision history for this message

wangxiyuan (wangxiyuan) wrote on 2015-11-18:

I think it has no relate to 'deactivated' status.

Either 'active' or 'deactivated', users can both change the image's size through v1 API.

So maybe the problem is that size can be updated via v1 api.
We should reach an agreement that whether we should support it.

In v1, I see that image can be created with size input(only location and copy_from), but size can be changed with every image.

Revision history for this message

Niall Bunting (niall-bunting) wrote on 2015-11-19:

@wangxiyuan It seems to me when the image is activated you get 403 - Forbidden to modify 'size' of active image.

IMO we just need to make sure that this is also true of deactivated images.

Changed in glance:
assignee:	nobody → Niall Bunting (niall-bunting)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-19: Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/247532

Changed in glance:
status:	Confirmed → In Progress

Revision history for this message

Erno Kuvaja (jokke) wrote on 2015-11-19: Re: User (without admin privileges) can change size your own image with 'deactivated' status.

As per the deactivation spec only the image data is inaccessible during the deactivation. All the rest operations (that does not touch the actual image data) should work normally.

http://specs.openstack.org/openstack/glance-specs/specs/kilo/deactivate-image.html

Changed in glance:
status:	In Progress → Invalid

Revision history for this message

Erno Kuvaja (jokke) wrote on 2015-11-19:

If these operations have been permitted on v2 api already we should revert those changes.

Revision history for this message

Erno Kuvaja (jokke) wrote on 2015-11-19:

Brain fart, I mean denied.

Stuart McLaren (stuart-mclaren) on 2015-11-19

Changed in glance:
status:	Invalid → Confirmed

Revision history for this message

Erno Kuvaja (jokke) wrote on 2015-11-19:

So pulling back my previous comments. This bug enables user to set ACTIVE_IMMUTABLE properties of the deactivated images, which obviously should not be the case. Not just size but this affects all of the field that should be immutable after the image has transitioned active.

Changed in glance:
status:	Confirmed → In Progress
importance:	Undecided → High

Revision history for this message

wangxiyuan (wangxiyuan) wrote on 2015-11-20:

@Niall, Sorry, I missed the"without admin privileges". You are right.

Abhishek Kekane (abhishek-kekane) on 2015-11-20

tags:

added: liberty-backport-potential

Revision history for this message

Erno Kuvaja (jokke) wrote on 2015-11-23:

This applies to all keys in ACTIVE_IMMUTABLE list.

Flavio Percoco (flaper87) on 2015-11-23

tags:

removed: liberty-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-23: Fix merged to glance (master)

#10

Reviewed: https://review.openstack.org/247532
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=fbe964a0f20b9ab708b85634c3d707630d403dcd
Submitter: Jenkins
Branch: master

commit fbe964a0f20b9ab708b85634c3d707630d403dcd
Author: NiallBunting <email address hidden>
Date: Thu Nov 19 14:02:06 2015 +0000

Disallow user modifing ACTIVE_IMMUTABLE of deactivated images

    Currently the user can change the ACTIVE_IMMUTABLE properties whilst
    the image is 'deactivated'. This should not be the case once an image
    has become 'active'.

    APIImpact
    Change-Id: I744fbce90893008ef49568c3cba47bf0e26dec9d
    Closes-Bug: 1517060
    Closes-Bug: 1517963

Changed in glance:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-23: Fix proposed to glance (stable/kilo)

#11

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/248717

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-23: Fix proposed to glance (stable/liberty)

#12

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/248723

Erno Kuvaja (jokke) on 2015-11-23

summary:	- User (without admin privileges) can change size your own image with - 'deactivated' status. + User (without admin privileges) can change ACTIVE_IMMUTABLE properties + of image when deactivated.
summary:	- User (without admin privileges) can change ACTIVE_IMMUTABLE properties - of image when deactivated. + Users (without admin privileges) can change ACTIVE_IMMUTABLE properties + of their own images when deactivated.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-30: Fix merged to glance (stable/liberty)

#13

Reviewed: https://review.openstack.org/248723
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=0f001b2f13ee0a16b09b0854164431239dad3b69
Submitter: Jenkins
Branch: stable/liberty

commit 0f001b2f13ee0a16b09b0854164431239dad3b69
Author: NiallBunting <email address hidden>
Date: Thu Nov 19 14:02:06 2015 +0000

Disallow user modifing ACTIVE_IMMUTABLE of deactivated images

    Currently the user can change the ACTIVE_IMMUTABLE properties whilst
    the image is 'deactivated'. This should not be the case once an image
    has become 'active'.

    APIImpact
    Change-Id: I744fbce90893008ef49568c3cba47bf0e26dec9d
    Closes-Bug: 1517060
    Closes-Bug: 1517963
    (cherry picked from commit fbe964a0f20b9ab708b85634c3d707630d403dcd)

Revision history for this message

Thierry Carrez (ttx) wrote on 2015-12-02: Fix included in openstack/glance 12.0.0.0b1

#14

This issue was fixed in the openstack/glance 12.0.0.0b1 development milestone.

Doug Hellmann (doug-hellmann) on 2015-12-02

Changed in glance:
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-12-06: Fix merged to glance (stable/kilo)

#15

Reviewed: https://review.openstack.org/248717
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=417c02ae8ae362713dc7c46740f1af7e2a9d55c2
Submitter: Jenkins
Branch: stable/kilo

commit 417c02ae8ae362713dc7c46740f1af7e2a9d55c2
Author: NiallBunting <email address hidden>
Date: Thu Nov 19 14:02:06 2015 +0000

Disallow user modifing ACTIVE_IMMUTABLE of deactivated images

    Currently the user can change the ACTIVE_IMMUTABLE properties whilst
    the image is 'deactivated'. This should not be the case once an image
    has become 'active'.

    APIImpact
    Change-Id: I744fbce90893008ef49568c3cba47bf0e26dec9d
    Closes-Bug: 1517060
    Closes-Bug: 1517963
    (cherry picked from commit fbe964a0f20b9ab708b85634c3d707630d403dcd)

Revision history for this message

Thierry Carrez (ttx) wrote on 2015-12-21: Fix included in openstack/glance 11.0.1

#16

This issue was fixed in the openstack/glance 11.0.1 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-10:

#17

This issue was fixed in the openstack/glance 11.0.1 release.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1517963

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.