Add policy rule to block image-backed servers with 0 root disk flavor
This adds a new policy rule which defaults to behave in a
backward compatible way, but will allow operators to enforce
that servers created with a zero disk flavor must also be
volume-backed servers.
Allowing users to upload their own images and create image-backed
servers on local disk with zero root disk size flavors can be
potentially hazardous if the size of the image is unexpectedly
large, since it can consume the local disk (or shared storage pool).
It should be noted that disabling the new policy rule will
result in a non-backward compatible API behavior change and no
microversion is being introduced for this because enforcement via
a new microversion would not close the security gap on any previous
microversions.
Related compute API reference and user documentation is updated
to mention the policy rule along with a release note since
this is tied to a security bug, which will be backported to stable
branches.
NOTE(mriedem): The doc/source/user/flavors.rst conflict is due to
not having Ia57c93ef1e72ccf134ba6fc7fcb85ab228d68a47 in Pike.
Rather than backport that, or drop the note about volume-backed
instances for this backport, I have elected to just copy the wording
for that particular section on "Root Disk GB".
The nova/tests/functional/wsgi/test_servers.py conflict is due to
not having I294c54e5a22dd6e5b226a4b00e7cd116813f0704 in Pike.
Change-Id: Id67e1285a0522474844de130c9263e11868f67fb
Closes-Bug: #1739646
(cherry picked from commit 763fd62464e9a0753e061171cc1fd826055bbc01)
(cherry picked from commit 7bcd581c78bb5916bf4b52e213322e7b56283572)
Reviewed: https:/ /review. openstack. org/563700 /git.openstack. org/cgit/ openstack/ nova/commit/ ?id=0bf75621bbd 25d4ce8a3588f11 2cf714891556eb
Committed: https:/
Submitter: Zuul
Branch: stable/pike
commit 0bf75621bbd25d4 ce8a3588f112cf7 14891556eb
Author: Matt Riedemann <email address hidden>
Date: Fri Apr 13 13:44:33 2018 -0400
Add policy rule to block image-backed servers with 0 root disk flavor
This adds a new policy rule which defaults to behave in a
backward compatible way, but will allow operators to enforce
that servers created with a zero disk flavor must also be
volume-backed servers.
Allowing users to upload their own images and create image-backed
servers on local disk with zero root disk size flavors can be
potentially hazardous if the size of the image is unexpectedly
large, since it can consume the local disk (or shared storage pool).
It should be noted that disabling the new policy rule will
result in a non-backward compatible API behavior change and no
microversion is being introduced for this because enforcement via
a new microversion would not close the security gap on any previous
microversions.
Related compute API reference and user documentation is updated
to mention the policy rule along with a release note since
this is tied to a security bug, which will be backported to stable
branches.
Conflicts:
doc/ source/ user/flavors. rst
nova/ tests/functiona l/wsgi/ test_servers. py
NOTE(mriedem): The doc/source/ user/flavors. rst conflict is due to f134ba6fc7fcb85 ab228d68a47 in Pike. functional/ wsgi/test_ servers. py conflict is due to e5b226a4b00e7cd 116813f0704 in Pike.
not having Ia57c93ef1e72cc
Rather than backport that, or drop the note about volume-backed
instances for this backport, I have elected to just copy the wording
for that particular section on "Root Disk GB".
The nova/tests/
not having I294c54e5a22dd6
Change-Id: Id67e1285a05224 74844de130c9263 e11868f67fb 53e061171cc1fd8 26055bbc01) 6bf4b52e213322e 7b56283572)
Closes-Bug: #1739646
(cherry picked from commit 763fd62464e9a07
(cherry picked from commit 7bcd581c78bb591