| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The test_inject_image_metadata test was doing some completely
nonsensical mock behavior, like mocking something after we have
run the method under test, and re-mocking the image repo with the
thing that was supposed to change so that the assertions were not
even checking the actual behavior. None of the three tests were
actually testing the desired behavior.
In the case of the admin_user test, it was also asserting that things
were not run that *should* be, probably because the mocks were done
after the execution and asserting that they *were* run would never
work.
This also wires up the image and image_repo mocks that were in
setUp(), but unused (and incorrect) so that we can assert the calls
are actually as we expect.
Change-Id: Ifc2f49d49ff62c49c7dd1d2174a78bb1451b7bf3
|
|\ \ \ \ \
| |/ / / / |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This adds a set_image_extra_properties() method to the action wrapper.
It specifically disallows setting os_glance_* properties, for two
reasons. First, several (such as the task lock and the store lists)
need special handling to be atomic. Second, setting os_glance_*
properties from image metadata injection is almost definitely
destined for failure, now or later, as it would muck with our
internals. As discussed during the work to formally reserve that
namespace from the API, we also need to make sure operators do not
set these keys during injection.
This makes us drop any such keys, with appropriate logging. The
next patch will make the metadata injection task use this and is
the point at which we will actually change that behavior.
Change-Id: I0574ee3daf08d59b4547e353c921451e756e09f6
|
|\ \ \ \ \
| |/ / / / |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This makes the image_conversion plugin use the action wrapper for
its image inspection and mutation activities.
Note that several important actions from the execute handler are not
asserted in the test, so this adds those checks to make sure they
are actually happening.
Change-Id: I575dbc45781aaed521aeb5ef085322ad2018f378
|
|\ \ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Related: blueprint messages-api
Change-Id: Icd56ce4f0fb0b70fdfc649474766b638a707fdd0
|
|\ \ \ \ \ \ |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This commit updates glance's zuul configuration to tack on a job
dedicated to protecting API authroization. The tests for this job live
in glance-tempest-plugin and they currently test full support for
project-reader and project-admin against the images API.
Future changes will update the policies in glance to consume
system-scope and additional test coverage will be added to
glance-tempest-plugin. But, until that happens, having protection
testing as part of the check and gate jobs is vital to ensuring we don't
inadvertently expose sensitive information or APIs to users.
This level of testing will also be useful in the future if we decide to
refactor authorization logic out of various parts of glance and into a
consistent layer.
Depends-On: https://review.opendev.org/c/openstack/glance-tempest-plugin/+/775742
Change-Id: Iddee8144fb21b7ac2dec4e7fbc62c132c186fa89
|
|\ \ \ \ \ \ \
| | |_|/ / / /
| |/| | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The tests for the image_conversion plugin were missing basically all
of the places where the task can fail (or NOP). This adds tests for
those things to validate behavior before moving the task to use the
import wrapper.
Note that in the process, I found a potential bug in the handling of
the metadata response from qemu-img when probing for the format. We
tolerate "format" being missing from the result, but will end up
passing None as an argument to 'qemu-img convert', which will fail.
This fixes that to raise RuntimeError in line with the existing
behavior of "raise RuntimeError if any error is reported".
Change-Id: I8f1d03275e6ec51a802cc4b4107f3ab648f535a1
|
|\ \ \ \ \ \ \
| |/ / / / / / |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Previously, the only attribute of the image that an import plugin
could change was the status. In order to convert the rest of the
plugins to use the wrapper, we need to define additional properties
that they can mutate. This removes set_image_status() and replaces
it with set_image_attribute() which allows a subset of those
properties to be set.
This also ends up passing the action wrapper to all plugin init
methods by way of just putting it straight into the kwargs that we
give to everything. That is added here as setup for the patches to
follow which depend on it.
Change-Id: Id613cfd61760c383c7c3cc6aea3f37eecb5ed4d9
|
|\ \ \ \ \ \ \
| |/ / / / / / |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
If web-download fails to stage the image, no subsequent import to
store tasks could have run. Thus, we should remove all of them from
"importing" and add them to "failed" so that it is obvious from the
outside that we failed.
This is another good reason for having the $image/tasks API, but we
also should not continue advertising "yes we're importing to $store"
when we are not.
Change-Id: Iebbb2dcb767ecf3c965f34f1ca04af20a2039be1
Closes-Bug: #1914826
|
|\ \ \ \ \ \ \
| |/ / / / / /
| | / / / / /
| |/ / / / /
|/| | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The _internal_plugins/* tasks are not getting passed the
ImportActionWrapper, and thus are doing things against the image
that do not respect the task lock, nor apply multiple updates
atomically.
This fixes that and brings them in line with the base tasks, using the
wrapper for things like getting the image_id. The copy_image task
looks at the image for a few other things that are not exposed out
of the wrapper, so I left the image_repo.get() in that task until I
can extend it. They are read-only though, so not a big deal.
The web-download test also was not passing the right options to
that task (confusing task_repo and image_repo), which this cleans
up as well. It was also missing validation of the code that reverts
the state to 'queued' when web-download fails, so that is added here
as well.
Change-Id: I6db86b3e17a6a2f78745b40381b9419fb4404a4e
Related-Bug: #1914826
|
|\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This commit addresses follow-on concerns from:
https://review.opendev.org/c/openstack/glance/+/763920
Change-Id: I1785da0a791691c08b299e74c02b0c576477d88e
|
|\ \ \ \ \ \ |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This adds some text to the documentation about configuring the import
mechanism, including details about shared vs. local staging
directories. It also clarifies that *all* import methods require the
staging directory to be configured, as well as cleans up some
single-store-specific wording in this area.
Related to blueprint distributed-image-import
Change-Id: I726abe5d1104510e8da0e94f90f2b36d43b82cbe
|
|\ \ \ \ \ \ \
| |/ / / / / /
| | | | | / /
| |_|_|_|/ /
|/| | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This implements distributed image import support, which addresses
the problem when one API worker has staged the image and another
receives the import request.
The general approach is that when a worker stages the image, it
records its self-reference URL in the image's extra_properties. When
the import request comes in, any other host will proxy that HTTP
request direct to the original host instead of trying to do the import
itself.
Implements: blueprint distributed-image-import
Change-Id: I12daccb43c535b579c22f9d0742039b2ab42e929
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently it is not possible to configure the staging directory
URI of the functional workers. We need to be able to do that in order
to enable the stage cleaning behavior. Right now, they're all sharing
/tmp/staging, which will cause workers to conflict while running in
parallel. This causes them to use their private test directory,
which may also help some other spurious failures due to interaction.
Related-Bug: #1913625
Change-Id: Ic2ac2a528206c50c38e948a096daf9eb8e5eb715
|
|\ \ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This adds a method in glance.context that will give us a
keystoneauth1 client, authorized with the user's token, suitable for
calling directly to other services.
Related to blueprint distributed-image-import
Change-Id: I71ed8c80939b4cfab6a081c2f8cde63299fc7893
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This informs operators of glance's support status for secure RBAC as of
the Wallaby release. Eventually, this message will be removed when
glance adopts more support for secure RBAC personas.
This also forces glance to fail if it's configured improperly. This is
done to explicitly prevent ambiguity with authoritative decisions.
Related: blueprint secure-rbac
Change-Id: I06293de08dd3fdfbd60b9a65501d1198f40ff434
|
|\ \ \ \ \ \ |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The oslo.policy's Enforcer() object will transpose authorization
information from oslo.context RequestContext objects if you pass one
to enforce()[0].
This commit simplifies the enforcement code in glance by letting
oslo.policy handle the translation instead of glance. This allows us to
remove the to_policy_values() method maintained in glance since it's no
longer used.
[0] https://opendev.org/openstack/oslo.policy/commit/775641a5fc549c20be37cf862deca394bf7f2d21
Related: blueprint secure-rbac
Change-Id: Ie7f9a9201361c56e0f0a289ef93443b9e277357c
|
|\ \ \ \ \ \ \
| | |_|_|_|/ /
| |/| | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Updated API reference documentation for new API.
Change-Id: Ie69d4180e09fe4c670faaa7d3c31742d1fc581e2
Related: blueprint messages-api
|
|\ \ \ \ \ \ \
| |/ / / / / / |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Added new API /v2/images/{id}/tasks to show tasks associated with
image. This API will return list of tasks associated for valid image
else returns 404 not found if image is not present. This API also
initiates task scrubbing before returning tasks to user.
Implements: blueprint messages-api
Change-Id: Ib3cacb4dd4d75de32e539f8a3b48bdaa762e6d8e
|
|\ \ \ \ \ \ \
| |/ / / / / / |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Made provision to pass image_id, request_id and user_id information
while creating new task.
Partially-Implements: blueprint messages-api
Change-Id: I299a222eeef81431143db3ba7fc08365c924326b
|
|\ \ \ \ \ \ \
| |/ / / / / / |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
req.context has been used in various places in import_image and create
method, this patch extract that in a variable for furthrer use.
Change-Id: I9d09769f971477b4d9a9a3a7d458deb19d1f3c8c
Related: blueprint messages-api
|
|\ \ \ \ \ \ \ |
|
| | |_|/ / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Any time we have a migration for a given release, we want to make sure
that we have a definition for each phase, even if it is empty. This
adds a test that makes sure we conform to that in the future, to help
reduce reviewer load and requiring the tribal knowledge at the point
of review.
While doing this, this also validates that the migration files fit
a general pattern of release_phaseNN_description.py format.
Change-Id: Iaea8a81b64503ad82525eb8edd609253ff1d47b9
|
|\ \ \ \ \ \ \
| | |_|/ / / /
| |/| | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Now that we're setting scope_types on policies, oslo.policy will throw
an InvalidScope exception if configured to do so. We should handle this
when we call enforcement so that we can bubble up an appropriate
Forbidden exception to the user.
Related: blueprint secure-rbac
Change-Id: I50fe718d3b50af0d662fda6fa0fbd3e29783e063
|
|\ \ \ \ \ \ \
| |/ / / / / /
|/| | / / / /
| | |/ / / /
| |/| | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Added 3 new columns 'image_id', 'request_id' and 'user_id' to task
table. This is a base patch for adding new API to show task
information to the user.
Partially-Implements: blueprint messages-api
Change-Id: I4946c25375f1dc54d8f550f21c97bdf5b3005877
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
These policy check strings model uniform, consistent personas that we'd
like to implement across OpenStack APIs. Doing this consistently will
improve user experience for end-users and operators who are struggling
to maintain drift in RBAC implementations across OpenStack.
Subsequent patches will use these check strings in new policy defaults.
Additionally, future patches will introduce check string for
system-personas when glance is a better position to adopt system-scope
for administrative APIs.
Related: blueprint secure-rbac
Change-Id: Id09ad3d3a6e96d9d77a9f8a43c755b1b6b9c9b7d
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
To implement proper scope checking, we need some updated libraries that
properly handle tokens and relay that information to the underlying
service. This commit updates the oslo.policy, oslo.context, oslo.log,
and keystonemiddleware requirements to versions that understand all the
various scopes so that we can update the default policies.
Additionally, this commit updates transitive dependencies in
requirements.txt and lower-constraints.txt to install properly with
lower-constraints defined.
Implements: blueprint secure-rbac
Change-Id: I7dec6b9919e7679aff1a0bb5db1e806384730386
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Glance has a vestigial policy override knob that allows an operator
to force a 403 response when attempting to get an image from the DB
that is not found. This runs contrary to the API documentation, and
creates a (potential) interoperability concern across clouds with
differing policies on this topic.
This removes that override and changes the test from validating this
override to validating that it can no longer happen.
APIImpact
Change-Id: Ie24e3eb2f31d10d2ab9af62a0b645e8bdd0c2ff2
Closes-Bug: #1915543
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
With change[1], the validation check for volume type during service
startup happens for single store also. (previously only for multi store).
This introduced an additional call to get_cinderclient failing assert
in test_migrate_image_after_upgrade.
Similar code changes can cause future failures on glance gate and the code
changes doesn't exist in glance. To address this, this patch loosens
up the strict checking on call count for every method and just verifies
it was called.
[1] https://review.opendev.org/c/openstack/glance_store/+/774703
Closes-Bug: #1916011
Change-Id: I8852bb02732845c145cca9483b0b33e0a9d73d9e
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The enforce scope script should bounce the glance API after setting
configuration values for scope enforcement, not keystone.
Change-Id: Ia6c556be679f9cd81f9920ff33fa089b79afde10
|
|\ \ \ \ \
| | |/ / /
| |/| | | |
|