VMDK:
When parsing a VMDK file to calculate its size, the format_inspector
determines the location of the Descriptor section by reading two
uint64 from the headers of the file and uses them to create the
descriptor CaptureRegion.
It would be possible to craft a VMDK file that commands the
format_inspector to create a very big CaptureRegion, thus exhausting
resources on the glance-api process.
This patch binds the beginning of the descriptor to 0x200 and limits
the size of the CaptureRegion to 1MB, similar to how the VMDK
descriptor is parsed by qemu.
VHDX:
It is a bit more involved, but similar: when looking for the
VIRTUAL_DISK_SIZE metadata, the format_inspector was creating an
unbounded CaptureRegion.
In the same way as it seems to be done in Qemu, we now limit the upper
bound of this CaptureRegion.
Change-Id: I3ec5a33df20e1cfb6673f4ff1c7c91aacd065532
Update the data migration current release to '2023_1'. Added
empty migration scripts to rule out regression scenarios as well.
Change-Id: Ic97825dd9c38ec1c759e5ca610a19c93fe4ca6a6
Since openstack release naming conventions has changed, current test
which check data migration version will not work as expected and same
is also blocking our gate. Removing this job and test to unblock the
gate.
NOTE: Going forward glance PTL/team needs to change the database
migration version without fail at the start of release cycle.
Change-Id: Idcb12a6c450d4ce4ee859e6e1f02fb71adf8c1d5
tox.ini started failing with Tox4 which had some
incompatible changes. One is passenv where we need
to pass each value in newline otherwise, it fails with
error:
failed with pass_env values cannot contain whitespace,
use comma to have multiple values in a single line,
invalid values found.....
Fixing tox.ini for tox4 changes.
Change-Id: I0a377c9329cef8b251b800018fc0d7f784008329
This does two things:
1. It makes us check that the QCOW backing_file is unset on those
types of images. Nova and Cinder do this already to prevent an
arbitrary (and trivial to accomplish) host file exposure exploit.
2. It makes us restrict VMDK files to only allowed subtypes. These
files can name arbitrary files on disk as extents, providing the
same sort of attack. Default that list to just the types we believe
are actually useful for openstack, and which are monolithic.
The configuration option to specify allowed subtypes is added in
glance's config and not in the import options so that we can extend
this check later to image ingest. The format_inspector can tell us
what the type and subtype is, and we could reject those images early
and even in the case where image_conversion is not enabled.
Closes-Bug: #1996188
Change-Id: Idf561f6306cebf756c787d8eefdc452ce44bd5e0
The TC is removing the tag framework and has already removed most
of the tags mentioned in the README. This removes the link and
references.
Change-Id: Ia7c95728e3ee4cf7455dc2b7f663d36bb6759fcb
This is only a thing since Xena. Make that obvious to the reader.
Change-Id: I36b5ffa31c7ec429d06c64a44d567bbae8edbc99
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
test_cooperative_reader_of_iterator_stop_iteration_err passes an empty
list to utils.CooperativeReader since "[l * 3 for l in '']" evaluates to
an empty list. The
test_cooperative_reader_unbounded_read_on_empty_iterator also
initializes utils.CooperativeReader this way.
The function's docstring is a copy/paste of
test_cooperative_reader_of_iterator's. Judging by the method's name, it
seems its goal was to make sure the StopIteration exception was properly
handled in CooperativeReader.read(), which is already tested by the
following methods:
- test_cooperative_reader_of_iterator
- test_cooperative_reader_on_iterator_with_buffer
- test_cooperative_reader_unbounded_read_on_iterator
- test_cooperative_reader_preserves_size_chunk_equals_read
- test_cooperative_reader_preserves_size_chunk_less_then_read
- test_cooperative_reader_preserves_size_chunk_more_then_read
- test_cooperative_reader_unbounded_read_on_empty_iterator
The test_cooperative_reader_of_iterator_stop_iteration_err therefore
seems useless and is removed in this commit.
Change-Id: I28834aab2602f59cbfa3ba061ab245af7ac56c40
Compute-driver: vmwareapi.VMwareVCDriver does not support
VirtualSriovEthernetCard
Change-Id: I1d4b0dee3c70454c0d595cb4a69606990b96b35a
Partial-Bug: #1779781
It looks like a raise statement was left in the virtual_size property
handler for VMDK, which should have been converted to a log at some
point. All the other inspectors return zero for virtual_size if the
format does not match or they are unable to parse the data. This
converts that raise to a log, and adds a test to make sure we make it
far enough in the processing of the complex VMDK format to ensure that
behavior.
Closes-Bug: #1983279
Change-Id: I0352ab6b2c00055de094ac5902b8d50941d06dcf
This patch:
- uses "glance" instead of "MY_SERVICE";
- uses the already existing public glance endpoint id rather than
"ENDPOINT_ID";
- uses the already existing "GLANCE_PASS" rather than introducing
"MY_PASSWORD".
Closes-Bug: #1990854
Change-Id: I8f5214b879818ec5f1a62d369274ad0d67396b9b
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for antelope. Also,
updating the template name to generic one.
See also the PTI in governance [1].
[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html
Change-Id: I9c3e19cf1a2c74381395d49ee3d792bbd92b603a
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I2331185f4b69cbcaf8f60265cd92f363cfc9936f
The response returned from the Create Tags API
'/v2/metadefs/namespaces/{namespace_name}/tags' does not match
the response in api-ref.
This patch corrects the api-ref response.
Closes-Bug: #1939690
Change-Id: Icdafa6f55b434977d83148a0b0a958f35e99afac
Based on the operator feedback, we have updated the RBAC
community wide goal to drop the system scope from all the
OpenStack services except Ironic and Keystone[1]. We are keeping
scope_type in policy-in-code and every policy will be scoped
to project whihc will help to return better error code (403)
if system token is used to access the glance APIs (in case
deployment having Ironic, Keystone using the scope checks).
[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html
Change-Id: Ie3174593454e35d23a3e2be439a9213bbfa1a89e