I agree it sounds scary that you can create that many images without any limit but that's like that by-design. Therefore, I don't think this is a security issue. For example, what would be the difference between creating 0-sized image without data and 0-sized images with data?
I mean, it's a normal workflow for users to create the image and then upload the data:
Glance has never had any kind of rate-limit and I hardly doubt it will in the near future. Rate limits are easy to have outside Glance and they could also be shared across multiple services by using things like haproxy.
I agree with Jeremy here, I'll also mark Glance's bug as Invalid. I'm open to debate on the Glance side, though.
Hey George,
I agree it sounds scary that you can create that many images without any limit but that's like that by-design. Therefore, I don't think this is a security issue. For example, what would be the difference between creating 0-sized image without data and 0-sized images with data?
I mean, it's a normal workflow for users to create the image and then upload the data:
$ glance image-create --name test
$ glance image-upload $IMAGE_ID < my_file.qcow2
Glance has never had any kind of rate-limit and I hardly doubt it will in the near future. Rate limits are easy to have outside Glance and they could also be shared across multiple services by using things like haproxy.
I agree with Jeremy here, I'll also mark Glance's bug as Invalid. I'm open to debate on the Glance side, though.