Update show_multiple_locations deprecation note

Update logged text to indicate our intentions with respect
to the show_multiple_locations configuration option, which
has been deprecated since Newton and advertised as subject
to removal in Pike.  Also correct the misleading impression
in the deprecation notice and earlier release notes that
functionality that requires show_multiple_locations = True
can be configured via policies at the current time.  Also
adds a release note to this effect.

Change-Id: I5bf0c8af9dfe87e0d17f7a16d4676f387b4379f6
Closes-bug: #1808375
This commit is contained in:
Brian Rosmaita 2018-12-14 09:38:07 -05:00
parent 8d1beed2a8
commit de72ac4a01
2 changed files with 43 additions and 6 deletions

View File

@ -405,14 +405,26 @@ Related options:
""")),
# NOTE(flaper87): The policy.json file should be updated and the locaiton
# related rules set to admin only once this option is finally removed.
# NOTE(rosmaita): Unfortunately, this option is used to gate some code
# paths; if the location related policies are set admin-only, then no
# normal users can save or retrieve image data.
cfg.BoolOpt('show_multiple_locations', default=False,
deprecated_for_removal=True,
deprecated_reason=_('This option will be removed in the Pike '
'release or later because the same '
'functionality can be achieved with '
'greater granularity by using policies. '
'Please see the Newton '
'release notes for more information.'),
deprecated_reason=_('Use of this option, deprecated since '
'Newton, is a security risk and will be '
'removed once we figure out a way to '
'satisfy those use cases that currently '
'require it. An earlier announcement '
'that the same functionality can be '
'achieved with greater granularity by '
'using policies is incorrect. You cannot '
'work around this option via policy '
'configuration at the present time, '
'though that is the direction we believe '
'the fix will take. Please keep an eye '
'on the Glance release notes to stay up '
'to date on progress in addressing this '
'issue.'),
deprecated_since='Newton',
help=_("""
Show all image locations when returning an image.
@ -429,6 +441,8 @@ NOTES:
image locations can sometimes include credentials. Hence, this
is set to ``False`` by default. Set this to ``True`` with
EXTREME CAUTION and ONLY IF you know what you are doing!
* See https://wiki.openstack.org/wiki/OSSN/OSSN-0065 for more
information.
* If an operator wishes to avoid showing any image location(s)
to the user, then both this option and
``show_image_direct_url`` MUST be set to ``False``.

View File

@ -0,0 +1,23 @@
---
upgrade:
- |
The ``show_multiple_locations`` configuration option remains deprecated in
this release, but it has not been removed. (It had been scheduled for
removal in the Pike release.) Please keep a watch on the Glance release
notes and the glance-specs repository to stay informed about developments
on this issue.
The plan is to eliminate the option and use only policies to control image
locations access. This, however, requires some major refactoring. See the
`draft Policy Refactor spec <https://review.openstack.org/#/c/528021/>`_
for more information.
There is no projected timeline for this change, as no one has been able to
commit time to it. The Glance team would be happy to discuss this more
with anyone interested in working on it.
The workaround is to continue to use the ``show_multiple_locations`` option
in a dedicated "internal" Glance node that is not accessible to end users.
We continue to recommend that image locations not be exposed to end users.
See `OSSN-0065 <https://wiki.openstack.org/wiki/OSSN/OSSN-0065>`_ for more
information.