ImageRef for server create/rebuild/rescue etc are accepted as random url
Bug #1607229 reported by
Ghanshyam Mann
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Ghanshyam Mann |
Bug Description
Currently imageRef in server create, rebuild and rescue
operation can be accepted as random url which contains image
UUID and fetch the UUID from that.
ImageRef in server creation etc are UUID only and valid against glance.
Currently nova used to fetch the UUID from ImageRef url and proceed.
As /images proxy APIs are deprecated, it make sense to strict
the imageRef to UUID only and return 400 when non UUID(random url) is requested.
Changed in nova: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → newton-3 |
Changed in nova: | |
status: | Triaged → In Progress |
assignee: | nobody → Ghanshyam Mann (ghanshyammann) |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/338802 /git.openstack. org/cgit/ openstack/ nova/commit/ ?id=cbd3ec476f7 69c42e5b2a0ef8c 996b60935e7f6c
Committed: https:/
Submitter: Jenkins
Branch: master
commit cbd3ec476f769c4 2e5b2a0ef8c996b 60935e7f6c
Author: ghanshyam <email address hidden>
Date: Thu Jul 28 16:11:47 2016 +0900
Strict ImageRef validation to UUID only
Currently imageRef in server create, rebuild and rescue
operation can be accepted as random url which contains image
UUID and fetch the UUID from that.
As /images proxy APIs are deprecated, and ImageRef in
server creation etc are UUID only and valid against glance.
This patch makes imageRef handling as UUID only and
return 400 if non UUID are requested.
NOTE- Previously nova use to allow the empty string which was
ok in case of boot from volume.
We will keep the same behavior of allowing empty string in case of
boot from volume only and 400 in all other case.
Closes-Bug: #1607229
Change-Id: I49f4da62c1b5b3 fd8c5f67039ae11 3f76722b26c