7635 Commits

Author SHA1 Message Date
Zuul
ce8251f8e1 Merge "Drop tag assertion from README" 2023-02-15 08:53:38 +00:00
Gonéri Le Bouder
b27b26a6a8 doc/useful-image-properties: add missing `` to close a code block
Change-Id: I93301d51fb5f750693abbe07cb587d68ed0bd690
2023-02-09 12:39:13 -05:00
Zuul
f9597a7b4e Merge "Add multihash info in glance documentation" 2023-02-09 15:50:48 +00:00
Zuul
85be85d4f9 Merge "Fixes the api-ref response" 2023-02-09 15:50:45 +00:00
Zuul
32c5587d41 Merge "Update the RADOS authentication link" 2023-02-09 15:50:42 +00:00
pragathi93
438758db2f Add multihash info in glance documentation
New docs added for os_hash_algo in user guide and admin guide.

Change-Id: Id78be3935998b9c5acdd0706393117e892e5ab59
Closes-bug:#1871419
2023-02-08 21:30:44 +01:00
Zuul
0f8e5ef017 Merge "Update migration constant" 2023-02-08 15:45:16 +00:00
Zuul
3929db2c73 Merge "Limit CaptureRegion sizes in format_inspector for VMDK and VHDX" 2023-02-06 10:59:35 +00:00
Guillaume Espanel
d4d33ee30f Limit CaptureRegion sizes in format_inspector for VMDK and VHDX
VMDK:
When parsing a VMDK file to calculate its size, the format_inspector
determines the location of the Descriptor section by reading two
uint64 from the headers of the file and uses them to create the
descriptor CaptureRegion.

It would be possible to craft a VMDK file that commands the
format_inspector to create a very big CaptureRegion, thus exhausting
resources on the glance-api process.

This patch binds the beginning of the descriptor to 0x200 and limits
the size of the CaptureRegion to 1MB, similar to how the VMDK
descriptor is parsed by qemu.

VHDX:
It is a bit more involved, but similar: when looking for the
VIRTUAL_DISK_SIZE metadata, the format_inspector was creating an
unbounded CaptureRegion.

In the same way as it seems to be done in Qemu, we now limit the upper
bound of this CaptureRegion.

Change-Id: I3ec5a33df20e1cfb6673f4ff1c7c91aacd065532
2023-02-03 08:04:17 -08:00
Zuul
e39ef4e43d Merge "Fix cinder tests for refactoring effort" 2023-02-02 22:09:18 +00:00
Zuul
907c562654 Merge "Enforce image safety during image_conversion" 2023-01-24 22:59:54 +00:00
Abhishek Kekane
9786936915 Update migration constant
Update the data migration current release to '2023_1'. Added
empty migration scripts to rule out regression scenarios as well.

Change-Id: Ic97825dd9c38ec1c759e5ca610a19c93fe4ca6a6
2023-01-18 04:57:34 +00:00
Abhishek Kekane
d07187f710 Remove migration constant job and test
Since openstack release naming conventions has changed, current test
which check data migration version will not work as expected and same
is also blocking our gate. Removing this job and test to unblock the
gate.

NOTE: Going forward glance PTL/team needs to change the database
migration version without fail at the start of release cycle.

Change-Id: Idcb12a6c450d4ce4ee859e6e1f02fb71adf8c1d5
2023-01-16 14:40:29 +00:00
Zuul
e9b40e1316 Merge "Release notes for Antelope Milestone 2" 26.0.0.0b2 2023-01-04 06:37:20 +00:00
Pranali Deore
544d5d54a6 Release notes for Antelope Milestone 2
Change-Id: I087911d9cd70d2c2fec9ff8cb002446d51bb4f60
2023-01-03 07:26:45 +00:00
whoami-rajat
0e70f66165 Fix cinder tests for refactoring effort
We are refactoring the glance cinder store[1] to support the
extend in-use feature[2] due to which cinder store tests on
glance side are failing[3] as they aren't able to locate the
files in their new location.
This patch fixes the issue to import from new path while keeping
backward compatibility to import from old path to pass gate until
the new changes have merged.

[1] https://review.opendev.org/c/openstack/glance_store/+/843103
[2] https://review.opendev.org/c/openstack/glance_store/+/868742
[3] https://zuul.opendev.org/t/openstack/build/41a1abf9c749476bb10a56600ca07f0e

Change-Id: Ib9f7160fdbac74fc419faa6b3ab8acb17400d392
2023-01-03 11:52:04 +05:30
Pranali Deore
f7f5389426 Refresh Glance example configs for antelope milestone 2
Change-Id: I8c9f9057f8601f31f5292450cc05819d24bf0d5c
2023-01-03 05:25:46 +00:00
Ghanshyam Mann
e2cd7251f4 Fix tox4 error
tox.ini started failing with Tox4 which had some
incompatible changes. One is passenv where we need
to pass each value in newline otherwise, it fails with
error:

 failed with pass_env values cannot contain whitespace,
 use comma to have multiple values in a single line,
 invalid values found.....

Fixing tox.ini for tox4 changes.

Change-Id: I0a377c9329cef8b251b800018fc0d7f784008329
2022-12-26 00:23:59 +00:00
Dan Smith
0d6282a016 Enforce image safety during image_conversion
This does two things:

1. It makes us check that the QCOW backing_file is unset on those
types of images. Nova and Cinder do this already to prevent an
arbitrary (and trivial to accomplish) host file exposure exploit.
2. It makes us restrict VMDK files to only allowed subtypes. These
files can name arbitrary files on disk as extents, providing the
same sort of attack. Default that list to just the types we believe
are actually useful for openstack, and which are monolithic.

The configuration option to specify allowed subtypes is added in
glance's config and not in the import options so that we can extend
this check later to image ingest. The format_inspector can tell us
what the type and subtype is, and we could reject those images early
and even in the case where image_conversion is not enabled.

Closes-Bug: #1996188
Change-Id: Idf561f6306cebf756c787d8eefdc452ce44bd5e0
2022-12-19 15:26:49 +00:00
Zuul
bc9856ea9c Merge "Quota configuration: improve example oslo_limit section" 2022-12-15 18:48:23 +00:00
Zuul
8728466a15 Merge "vmware does't support VirtualSriovEthernetCard" 2022-12-15 18:48:21 +00:00
Zuul
da999f4256 Merge "docs: Add note about introduction of per-tenant quotas" 2022-12-15 18:05:13 +00:00
Zuul
8d7eba6617 Merge "add openstack-python3-zed-jobs-arm64 job" 2022-12-15 15:50:56 +00:00
Zuul
7f81d99447 Merge "Remove useless test for the CooperativeReader class" 2022-12-15 15:24:20 +00:00
Zuul
e183eb429a Merge "Adds purge command to glancemanage man page" 2022-12-15 15:06:16 +00:00
renliang17
3f9d58dedd Update the RADOS authentication link
The original link has failed, update the link
https://docs.ceph.com/en/pacific/rados/configuration/auth-config-ref/.

Change-Id: Iecbcbce1cd8d02cf4db83f2178235fa14e2e1b4f
2022-12-15 15:08:58 +01:00
Dan Smith
ded97f6a72 Drop tag assertion from README
The TC is removing the tag framework and has already removed most
of the tags mentioned in the README. This removes the link and
references.

Change-Id: Ia7c95728e3ee4cf7455dc2b7f663d36bb6759fcb
2022-12-05 10:59:14 -08:00
Stephen Finucane
ef835a3cf2 docs: Add note about introduction of per-tenant quotas
This is only a thing since Xena. Make that obvious to the reader.

Change-Id: I36b5ffa31c7ec429d06c64a44d567bbae8edbc99
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2022-12-02 11:40:31 +00:00
Cyril Roelandt
328f4fe25a Remove useless test for the CooperativeReader class
test_cooperative_reader_of_iterator_stop_iteration_err passes an empty
list to utils.CooperativeReader since "[l * 3 for l in '']" evaluates to
an empty list. The
test_cooperative_reader_unbounded_read_on_empty_iterator also
initializes utils.CooperativeReader this way.

The function's docstring is a copy/paste of
test_cooperative_reader_of_iterator's.  Judging by the method's name, it
seems its goal was to make sure the StopIteration exception was properly
handled in CooperativeReader.read(), which is already tested by the
following methods:

- test_cooperative_reader_of_iterator
- test_cooperative_reader_on_iterator_with_buffer
- test_cooperative_reader_unbounded_read_on_iterator
- test_cooperative_reader_preserves_size_chunk_equals_read
- test_cooperative_reader_preserves_size_chunk_less_then_read
- test_cooperative_reader_preserves_size_chunk_more_then_read
- test_cooperative_reader_unbounded_read_on_empty_iterator

The test_cooperative_reader_of_iterator_stop_iteration_err therefore
seems useless and is removed in this commit.

Change-Id: I28834aab2602f59cbfa3ba061ab245af7ac56c40
2022-11-22 20:24:17 +01:00
yuqian
475193b11d vmware does't support VirtualSriovEthernetCard
Compute-driver: vmwareapi.VMwareVCDriver does not support
VirtualSriovEthernetCard

Change-Id: I1d4b0dee3c70454c0d595cb4a69606990b96b35a
Partial-Bug: #1779781
2022-11-21 21:57:17 +01:00
Dan Smith
199722a65a Fix unintentional exception inspecting VMDK
It looks like a raise statement was left in the virtual_size property
handler for VMDK, which should have been converted to a log at some
point. All the other inspectors return zero for virtual_size if the
format does not match or they are unable to parse the data. This
converts that raise to a log, and adds a test to make sure we make it
far enough in the processing of the complex VMDK format to ensure that
behavior.

Closes-Bug: #1983279

Change-Id: I0352ab6b2c00055de094ac5902b8d50941d06dcf
2022-11-09 07:35:54 -08:00
Zuul
3b37f17d3b Merge "Fix a document description error" 2022-11-03 09:08:08 +00:00
OpenStack Proposal Bot
75051dd5a2 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Iffb7fca5fcc96ab5e3898ccf62e9bb9a38045185
2022-10-17 03:24:30 +00:00
jneeee
bbc0df8d40 Fix a document description error
use_keystone_quotas should be use_keystone_limits. Just like in
Elsewhere.

Closes-bug: #1992974
Change-Id: I226ca5b77345ff1284d3cc09b4a719f1373ea084
2022-10-14 21:35:59 +08:00
Zuul
3224e05ef4 Merge "Fix a wrong assertion method" 2022-10-12 14:07:45 +00:00
likui
4da0077d7b add openstack-python3-zed-jobs-arm64 job
This is a non-voting job to validate py3 unittests on ARM64

Change-Id: Ie229c57654a8827d2274f6ab812310bdd989db4b
Task: #40402
Story: 2007938
2022-10-10 09:38:19 +08:00
Cyril Roelandt
1409cc94b7 Quota configuration: improve example oslo_limit section
This patch:
- uses "glance" instead of "MY_SERVICE";
- uses the already existing public glance endpoint id rather than
  "ENDPOINT_ID";
- uses the already existing "GLANCE_PASS" rather than introducing
  "MY_PASSWORD".

Closes-Bug: #1990854
Change-Id: I8f5214b879818ec5f1a62d369274ad0d67396b9b
2022-09-27 03:01:13 +02:00
OpenStack Proposal Bot
dc11640d2f Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I10c667d0b20a3756bb3bab176c3d1676a0ebb485
2022-09-16 03:55:56 +00:00
Zuul
22f9c58c83 Merge "Imported Translations from Zanata" 2022-09-15 13:35:00 +00:00
OpenStack Proposal Bot
e0dce903ac Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I09f6ee2b2aae62ebd33bb0c1a4fdb8d63be50fa1
2022-09-15 04:13:49 +00:00
499257d2b6 Switch to 2023.1 Python3 unit tests and generic template name
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for antelope. Also,
updating the template name to generic one.

See also the PTI in governance [1].

[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html

Change-Id: I9c3e19cf1a2c74381395d49ee3d792bbd92b603a
2022-09-14 17:19:29 +00:00
3217a9fb71 Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: I2331185f4b69cbcaf8f60265cd92f363cfc9936f
2022-09-14 17:19:27 +00:00
Takashi Natsume
5d9cd0e711 Fix a wrong assertion method
Replace 'has_calls' with 'assert_has_calls'.

Change-Id: I0af1e8cd33eb7785aeffa1ac774063303ffbb090
Closes-Bug: 1989268
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
2022-09-11 10:18:29 +00:00
OpenStack Proposal Bot
d45b7c26af Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Ia8e6b451edc545d5ba2bfd996b819fada401f307
25.0.0.0rc1 25.0.0
2022-09-11 03:37:31 +00:00
Mridula Joshi
2872130bb9 Fixes the api-ref response
The response returned from the Create Tags API
'/v2/metadefs/namespaces/{namespace_name}/tags' does not match
the response in api-ref.
This patch corrects the api-ref response.

Closes-Bug: #1939690
Change-Id: Icdafa6f55b434977d83148a0b0a958f35e99afac
2022-09-06 12:17:23 +00:00
OpenStack Proposal Bot
d7db4e5623 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I7f1051ef4a13fa31e5a260ee74741c51608e39f6
2022-09-06 04:10:47 +00:00
Zuul
fbe32cb44b Merge "RBAC updates: drop system scope" 25.0.0.0b3 2022-09-01 19:15:24 +00:00
Zuul
2f4dd20d5e Merge "Release notes for Zed Milestone 3" 2022-09-01 06:15:54 +00:00
ghanshyam mann
f7b0d1cba1 RBAC updates: drop system scope
Based on the operator feedback, we have updated the RBAC
community wide goal to drop the system scope from all the
OpenStack services except Ironic and Keystone[1]. We are keeping
scope_type in policy-in-code and every policy will be scoped
to project whihc will help to return better error code (403)
if system token is used to access the glance APIs (in case
deployment having Ironic, Keystone using the scope checks).

[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html

Change-Id: Ie3174593454e35d23a3e2be439a9213bbfa1a89e
2022-09-01 01:52:43 +05:30
Zuul
7206dda223 Merge "Minor fix on Interoperable Image Import admin doc" 2022-08-30 13:09:23 +00:00