commit 57bb421e85de6a223fb687c8dd628e41072c09e1
Author: Lucas de Ataides <email address hidden>
Date: Thu Oct 26 13:47:28 2023 -0300
Update Glance config according to OSSN-0090
The security note OSSN-0090 [1] from Openstack describes a
configuration that makes it possible to open some known attack vectors
by which malicious data modification can occur.
The vulnerability only occurs if one of the following parameters are
set to True in Glance's configuration: `show_multiple_locations` or
`show_image_direct_url`. In the case of the STX-Openstack app, the
`show_image_direct_url` was being set to True in the app's plugin [2].
It looks like this configuration was just transported from when the
app's plugin was dettached from sysinv [3], which itself, was based on
an even older commit [4]. Unfortunately, the commit message of [4] has
no explanation on why this was required.
This commit changes the app's plugin to define both the
`show_image_direct_url` and the `show_multiple_locations` parameters to
`False`, since we can easily avoid the security issue described in [1]
by doing that, and it does not impact on the applications
functionalities, as seen in the test plan for this change.
Test Plan:
PASS: Build python3-k8sapp-openstack and stx-openstack-helmf-fluxcd
packages
PASS: Build STX-Openstack helm charts
PASS: Upload / apply / remove STX-Openstack app
PASS: Inspection of /etc/glance/glance-api.conf shows that both the show_multiple_locations and show_image_direct_url parameters are
set to `False`
Using OpenStack's CLI:
PASS: Image commands are executed as expected: `openstack image list`, `openstack image show`
PASS: Create an image
PASS: Delete an image
PASS: Create a bootable volume from an image
PASS: Boot a VM using an image as the source
PASS: Boot a VM using the bootable volume as a source
PASS: Delete both VMs and the volume
Using Horizon dashboard:
PASS: All tenants are able to see and inspect images
PASS: Create an image
PASS: Delete an image
PASS: Create a bootable volume from an image
PASS: Boot a VM using an image as the source
PASS: Boot a VM using the bootable volume as a source
PASS: Delete both VMs and the volume
Closes-Bug: 1993606
Change-Id: I20f241224234353363c632085e3e41b91f97abf5
Signed-off-by: Lucas de Ataides <email address hidden>
Reviewed: https:/ /review. opendev. org/c/starlingx /openstack- armada- app/+/899419 /opendev. org/starlingx/ openstack- armada- app/commit/ 57bb421e85de6a2 23fb687c8dd628e 41072c09e1
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 57bb421e85de6a2 23fb687c8dd628e 41072c09e1
Author: Lucas de Ataides <email address hidden>
Date: Thu Oct 26 13:47:28 2023 -0300
Update Glance config according to OSSN-0090
The security note OSSN-0090 [1] from Openstack describes a
configuration that makes it possible to open some known attack vectors
by which malicious data modification can occur.
The vulnerability only occurs if one of the following parameters are locations` or image_direct_ url`. In the case of the STX-Openstack app, the image_direct_ url` was being set to True in the app's plugin [2].
set to True in Glance's configuration: `show_multiple_
`show_
`show_
It looks like this configuration was just transported from when the
app's plugin was dettached from sysinv [3], which itself, was based on
an even older commit [4]. Unfortunately, the commit message of [4] has
no explanation on why this was required.
This commit changes the app's plugin to define both the image_direct_ url` and the `show_multiple_ locations` parameters to ties, as seen in the test plan for this change.
`show_
`False`, since we can easily avoid the security issue described in [1]
by doing that, and it does not impact on the applications
functionali
[1] https:/ /wiki.openstack .org/wiki/ OSSN/OSSN- 0090 /opendev. org/starlingx/ openstack- armada- app/src/ branch/ master/ python3- k8sapp- openstack/ k8sapp_ openstack/ k8sapp_ openstack/ helm/glance. py#L155 /review. opendev. org/c/starlingx /openstack- armada- app/+/688190 /review. opendev. org/c/starlingx /config/ +/611948
[2] https:/
[3] https:/
[4] https:/
Test Plan: k8sapp- openstack and stx-openstack- helmf-fluxcd glance- api.conf shows that both the
show_ multiple_ locations and show_image_ direct_ url parameters are
PASS: Build python3-
packages
PASS: Build STX-Openstack helm charts
PASS: Upload / apply / remove STX-Openstack app
PASS: Inspection of /etc/glance/
set to `False`
Using OpenStack's CLI:
list`, `openstack image show`
PASS: Image commands are executed as expected: `openstack image
PASS: Create an image
PASS: Delete an image
PASS: Create a bootable volume from an image
PASS: Boot a VM using an image as the source
PASS: Boot a VM using the bootable volume as a source
PASS: Delete both VMs and the volume
Using Horizon dashboard:
PASS: All tenants are able to see and inspect images
PASS: Create an image
PASS: Delete an image
PASS: Create a bootable volume from an image
PASS: Boot a VM using an image as the source
PASS: Boot a VM using the bootable volume as a source
PASS: Delete both VMs and the volume
Closes-Bug: 1993606
Change-Id: I20f24122423435 3363c632085e3e4 1b91f97abf5
Signed-off-by: Lucas de Ataides <email address hidden>