| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |_|_|_|/
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
VMDK:
When parsing a VMDK file to calculate its size, the format_inspector
determines the location of the Descriptor section by reading two
uint64 from the headers of the file and uses them to create the
descriptor CaptureRegion.
It would be possible to craft a VMDK file that commands the
format_inspector to create a very big CaptureRegion, thus exhausting
resources on the glance-api process.
This patch binds the beginning of the descriptor to 0x200 and limits
the size of the CaptureRegion to 1MB, similar to how the VMDK
descriptor is parsed by qemu.
VHDX:
It is a bit more involved, but similar: when looking for the
VIRTUAL_DISK_SIZE metadata, the format_inspector was creating an
unbounded CaptureRegion.
In the same way as it seems to be done in Qemu, we now limit the upper
bound of this CaptureRegion.
Change-Id: I3ec5a33df20e1cfb6673f4ff1c7c91aacd065532
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We are refactoring the glance cinder store[1] to support the
extend in-use feature[2] due to which cinder store tests on
glance side are failing[3] as they aren't able to locate the
files in their new location.
This patch fixes the issue to import from new path while keeping
backward compatibility to import from old path to pass gate until
the new changes have merged.
[1] https://review.opendev.org/c/openstack/glance_store/+/843103
[2] https://review.opendev.org/c/openstack/glance_store/+/868742
[3] https://zuul.opendev.org/t/openstack/build/41a1abf9c749476bb10a56600ca07f0e
Change-Id: Ib9f7160fdbac74fc419faa6b3ab8acb17400d392
|
| |\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This does two things:
1. It makes us check that the QCOW backing_file is unset on those
types of images. Nova and Cinder do this already to prevent an
arbitrary (and trivial to accomplish) host file exposure exploit.
2. It makes us restrict VMDK files to only allowed subtypes. These
files can name arbitrary files on disk as extents, providing the
same sort of attack. Default that list to just the types we believe
are actually useful for openstack, and which are monolithic.
The configuration option to specify allowed subtypes is added in
glance's config and not in the import options so that we can extend
this check later to image ingest. The format_inspector can tell us
what the type and subtype is, and we could reject those images early
and even in the case where image_conversion is not enabled.
Closes-Bug: #1996188
Change-Id: Idf561f6306cebf756c787d8eefdc452ce44bd5e0
|
| | |_|_|_|/
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Since openstack release naming conventions has changed, current test
which check data migration version will not work as expected and same
is also blocking our gate. Removing this job and test to unblock the
gate.
NOTE: Going forward glance PTL/team needs to change the database
migration version without fail at the start of release cycle.
Change-Id: Idcb12a6c450d4ce4ee859e6e1f02fb71adf8c1d5
|
| |\ \ \ \ \ |
|
| | | |/ / /
| |/| | |
| | | | |
| | | | | |
Change-Id: I087911d9cd70d2c2fec9ff8cb002446d51bb4f60
|
| |/ / / /
| | | |
| | | |
| | | | |
Change-Id: I8c9f9057f8601f31f5292450cc05819d24bf0d5c
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
tox.ini started failing with Tox4 which had some
incompatible changes. One is passenv where we need
to pass each value in newline otherwise, it fails with
error:
failed with pass_env values cannot contain whitespace,
use comma to have multiple values in a single line,
invalid values found.....
Fixing tox.ini for tox4 changes.
Change-Id: I0a377c9329cef8b251b800018fc0d7f784008329
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch:
- uses "glance" instead of "MY_SERVICE";
- uses the already existing public glance endpoint id rather than
"ENDPOINT_ID";
- uses the already existing "GLANCE_PASS" rather than introducing
"MY_PASSWORD".
Closes-Bug: #1990854
Change-Id: I8f5214b879818ec5f1a62d369274ad0d67396b9b
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Compute-driver: vmwareapi.VMwareVCDriver does not support
VirtualSriovEthernetCard
Change-Id: I1d4b0dee3c70454c0d595cb4a69606990b96b35a
Partial-Bug: #1779781
|
| |\ \ \ \ \ |
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is only a thing since Xena. Make that obvious to the reader.
Change-Id: I36b5ffa31c7ec429d06c64a44d567bbae8edbc99
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
| |\ \ \ \ \ |
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is a non-voting job to validate py3 unittests on ARM64
Change-Id: Ie229c57654a8827d2274f6ab812310bdd989db4b
Task: #40402
Story: 2007938
|
| |\ \ \ \ \ |
|
| | | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
test_cooperative_reader_of_iterator_stop_iteration_err passes an empty
list to utils.CooperativeReader since "[l * 3 for l in '']" evaluates to
an empty list. The
test_cooperative_reader_unbounded_read_on_empty_iterator also
initializes utils.CooperativeReader this way.
The function's docstring is a copy/paste of
test_cooperative_reader_of_iterator's. Judging by the method's name, it
seems its goal was to make sure the StopIteration exception was properly
handled in CooperativeReader.read(), which is already tested by the
following methods:
- test_cooperative_reader_of_iterator
- test_cooperative_reader_on_iterator_with_buffer
- test_cooperative_reader_unbounded_read_on_iterator
- test_cooperative_reader_preserves_size_chunk_equals_read
- test_cooperative_reader_preserves_size_chunk_less_then_read
- test_cooperative_reader_preserves_size_chunk_more_then_read
- test_cooperative_reader_unbounded_read_on_empty_iterator
The test_cooperative_reader_of_iterator_stop_iteration_err therefore
seems useless and is removed in this commit.
Change-Id: I28834aab2602f59cbfa3ba061ab245af7ac56c40
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Closes-Bug: #1647491
Change-Id: I92ec228ebe9ac8eadb56dfe152535d3d6eedd62f
Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
|
| | |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It looks like a raise statement was left in the virtual_size property
handler for VMDK, which should have been converted to a log at some
point. All the other inspectors return zero for virtual_size if the
format does not match or they are unable to parse the data. This
converts that raise to a log, and adds a test to make sure we make it
far enough in the processing of the complex VMDK format to ensure that
behavior.
Closes-Bug: #1983279
Change-Id: I0352ab6b2c00055de094ac5902b8d50941d06dcf
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
use_keystone_quotas should be use_keystone_limits. Just like in
Elsewhere.
Closes-bug: #1992974
Change-Id: I226ca5b77345ff1284d3cc09b4a719f1373ea084
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: Iffb7fca5fcc96ab5e3898ccf62e9bb9a38045185
|
| |\ \ \ \
| |_|/ /
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Replace 'has_calls' with 'assert_has_calls'.
Change-Id: I0af1e8cd33eb7785aeffa1ac774063303ffbb090
Closes-Bug: 1989268
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I10c667d0b20a3756bb3bab176c3d1676a0ebb485
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I09f6ee2b2aae62ebd33bb0c1a4fdb8d63be50fa1
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for antelope. Also,
updating the template name to generic one.
See also the PTI in governance [1].
[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html
Change-Id: I9c3e19cf1a2c74381395d49ee3d792bbd92b603a
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I2331185f4b69cbcaf8f60265cd92f363cfc9936f
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: Ia8e6b451edc545d5ba2bfd996b819fada401f307
|
| | |/
|/|
| |
| |
| |
| |
| | |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I7f1051ef4a13fa31e5a260ee74741c51608e39f6
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Based on the operator feedback, we have updated the RBAC
community wide goal to drop the system scope from all the
OpenStack services except Ironic and Keystone[1]. We are keeping
scope_type in policy-in-code and every policy will be scoped
to project whihc will help to return better error code (403)
if system token is used to access the glance APIs (in case
deployment having Ironic, Keystone using the scope checks).
[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html
Change-Id: Ie3174593454e35d23a3e2be439a9213bbfa1a89e
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Depends-On: Ie36232f3474d398a913025c8d408f08f879874d8
Change-Id: Ib458c7f0ef1ec99f5f469a96701857b32eb52208
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The III admin doc has grown quite a bit and multiple sections
misleadingly referred that all above options needed to be
configured as if different import-methods depended on
eachother.
Also correcting the statement of default enabled methods.
Change-Id: I19485c1d6bb22e81a8496ddab312e9458ae3cbee
|
| |/ / / /
| | | |
| | | |
| | | | |
Change-Id: I5febc9f4094f88caab3ed18026a8cb7b6a345d45
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Added missing glance-download plugin config options to the list so
that they will be included in sample configuration files.
Related: blueprint glance-download-import
Change-Id: Ic09acd23ece72b2428979c087971448b4de99b96
|
| |\ \ \ \ \
| |/ / / /
| | | / /
| |_|/ /
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch adds documentation and API reference support for
glance download plugin.
Related blueprint glance-download-import
Co-Authored-By: Victor Coutellier <victor.coutellier@gmail.com>
Change-Id: Ie36232f3474d398a913025c8d408f08f879874d8
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As 'glance-download' requires federated deployments it should
not be enabled by default.
Added line explaining it being available for such deployments
in the config help text.
Change-Id: Icc792e23aad9e7a9a788e6b5826bc5aae54ae978
|
| |\ \ \ \
| |/ / /
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix the following deprecation warning.
* DeprecationWarning: setDaemon() is deprecated,
set the daemon attribute instead
Change-Id: I7af41eddf597e1ac78e8835a5af2e029d65a302a
Closes-Bug: 1987191
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | | |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: Iac4e3c52bb8d98343d2f5dd3948ef2681d4acaa2
|
