Glance

  1. Bug #1996188
  2. Comment #60

Comment 60 for bug 1996188

Revision history for this message
Rajat Dhasmana (whoami-rajat) wrote : Re: Arbitrary file access through custom VMDK flat descriptor

Hi Brian,

thanks for pointing out the place where we call convert_image from the drivers.
I understand we're converting a volume but eventually it is an upload volume to image operation in which the user has supplied the image_id so we should use that.
Regarding getting the image ID, there are 2 ways to do it:
1) in volume_utils: get it from volume.glance_metadata
https://opendev.org/openstack/cinder/src/commit/12fb54ad60762017da4aa02290bc2c5c7d5b697b/cinder/volume/volume_utils.py#L1347-L1348

2) in image_utils: get it from image_meta
https://opendev.org/openstack/cinder/src/commit/12fb54ad60762017da4aa02290bc2c5c7d5b697b/cinder/image/image_utils.py#L844

The upload_volume is called just below the the convert_image call and we have all the parameters necessary to fetch image_id from the above 2 options.
https://opendev.org/openstack/cinder/src/commit/12fb54ad60762017da4aa02290bc2c5c7d5b697b/cinder/volume/drivers/remotefs.py#L1109-L1114