Image Import call does not honour enabled methods config option

Bug #1754634 reported by Erno Kuvaja on 2018-03-09
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Critical
Brian Rosmaita
Queens
Critical
Brian Rosmaita

Bug Description

Regardless what is configured import call will always accept all the methods. This means that for example one cannot turn 'web-download' method off if the image import feature is enabled.

This can be easily corrected by changing the request de-serializer to check the method in the request against the config option rather than hardcoded list.

Erno Kuvaja (jokke) on 2018-03-09
Changed in glance:
importance: Undecided → Critical
Changed in glance:
status: New → In Progress
assignee: nobody → Brian Rosmaita (brian-rosmaita)
milestone: none → rocky-1

Reviewed: https://review.openstack.org/551274
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=e1738033dfab389727e61c76eb0312f392f0ff41
Submitter: Zuul
Branch: master

commit e1738033dfab389727e61c76eb0312f392f0ff41
Author: Brian Rosmaita <email address hidden>
Date: Fri Mar 9 08:06:47 2018 -0500

    Use config opt value to determine import methods

    Instead of validating import requests by checking the provided
    import-method against a hard-coded list, use the values in the
    appropriate configuration option.

    Change-Id: Iefac190a4adf5f08df538e04db3e07e261ad1bd9
    Closes-bug: #1754634

Changed in glance:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/554291
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=2221868690e004a74de313fb2cba41045fe99bc8
Submitter: Zuul
Branch: stable/queens

commit 2221868690e004a74de313fb2cba41045fe99bc8
Author: Brian Rosmaita <email address hidden>
Date: Fri Mar 9 08:06:47 2018 -0500

    Use config opt value to determine import methods

    Instead of validating import requests by checking the provided
    import-method against a hard-coded list, use the values in the
    appropriate configuration option.

    Change-Id: Iefac190a4adf5f08df538e04db3e07e261ad1bd9
    Closes-bug: #1754634
    (cherry picked from commit e1738033dfab389727e61c76eb0312f392f0ff41)

tags: added: queens-backport-potential

This issue was fixed in the openstack/glance 17.0.0.0b1 development milestone.

This issue was fixed in the openstack/glance 16.0.1 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers