Need to add url encode before give response to image show for v1

Bug #1471215 reported by Vadim Rovachev on 2015-07-03
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

If we use http proxy ip like a glance endpoint and add metadata for image in bug:
then http response have wrong HTTP type.

reproduced on branch: stable/juno

Steps to reproduce:
Precondition steps:
httpproxy glance endpoint:
host ip with runned glance-api:

Step 1. Create glance image, e.g.:
glance image-create --name test --id <uuid> --disk-format qcow2 --container-format bare --file <file>

Step 2. Show glance image using v1 glance api and using curl:
glance --debug --os-image-api-version 1 image-show <uuid>

curl -v -i -X HEAD -H 'X-Auth-Token: <keystone-token>'<uuid>

Step 3. Add metadata like in bug: using horizon or python v2 glance client. e.g.:

Step 4. Repead step 2.

Expected result: GET 200 responce

Actual result Responses: 502 Bad Gateway:

curl -v -i -X HEAD -H 'X-Auth-Token: <keystone-token>'<uuid>

glance --debug --os-image-api-version 1 image-show <uuid>


If we use for CURl request host ip(bypass httpproxy glance endpoint) we have 200 OK.
curl -v -i -X HEAD -H 'X-Auth-Token: <keystone-token>'<uuid>

If we use for CLI request os-image-url like a host ip (bypass httpproxy glance endpoint) we have 200 OK.

description: updated
Erno Kuvaja (jokke) wrote :

Hi Vadim,

Thanks for reporting this bug. Could you please verify to me if this behavior is only with current stable/juno or if stable/kilo & master are affected also?

As Juno is on Support Phase II ( I'm not fully convinced that this issue is critical enough to fix it there.

Do you know the mechanism for this issue to surface? is it the '<' and '>' characters in the headers or what is causing this specifically with the proxies? Also is this issue existing with one specific proxy or is it common with multiple ones? If you could specify the proxies tested, that would be helpful.

Changed in glance:
status: New → Incomplete
Mike Fedosin (mfedosin) wrote :

Erno, this is an issue in v1 api, where we transfer image metadata in headers. Glanceclient doesn't verify compliance with http, where '<' and '>' are forbidden, but HAproxy does. And it results as en error, if some property value contains these symbols.

In v2, where we transfer image metadata in body, it doesn't happen.

Glance does not support V1 and its has been removed since Ussuri.

Changed in glance:
status: Incomplete → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers