In Xena we have mangaed to move all policy checks to API layer,
now removing the dead code from policy and authorization layer
NOTE: Some of the code is still being used from policy layer,
hence keeping it there only at this moment.
Change-Id: Ibee749cde20687d8c243cf84ae80b4de67d8ef3d
As noted by lbragstad, we need to make ImageTarget contain a member
field so that we can generically apply policies and be able to
properly include images for which we are a member. This was hacked
into place for ImageRepoProxy.get() but in order to apply it generally
to listing and other ops, we need to formalize that.
Partially-Implements: blueprint policy-refactor
Change-Id: I92d3792602a69922078d109095ad8ac9afc89d14
The authorization layer was hijacked (IMHO) to provide the location
metadata lazy-loading. Since we are disabling that layer in the
policy refactor, we need somewhere else to do that. The best place
to do it seems to be in the actual locations layer of the onion,
so this patch moves it there.
No tests are changed in this patch because this is already confirmed
from the images resource, this just moves where it's done, and not
needing any test change shows that this doesn't change any externally-
visible behavior.
Change-Id: I70372c44f4b2d9547cb8c40b43df17d1085ef03c
This patch updates the location URL of the legacy images while
upgrading from single cinder store to multiple stores.
It does that with the help of lazy loading logic i.e. while
GET images call, it checks the location URL and metadata
of the image against the configured store ids and updates
images to respective stores on the basis of volume type (comparing
image-volume's type with the configured cinder_volume_type).
Legacy image URL:
cinder://<volume-id>
New image URL:
cinder://<store-id>/<volume-id>
NOTE: bumping lower-constraints/requirements of glance-store to 2.3.0 as
it includes changes[1] that are a hard requirement for cinder multiple
stores to work with glance
[1] https://review.opendev.org/#/c/746556/
Change-Id: I087a89c20813378fea8ff22ddf81d7a10c220db3
Implements: blueprint multiple-cinder-backend-support
Glance has a facility lazy loading for legacy images which will be called
on get/list api calls to add store information in image's location metadata
based on location URL of image. Even if admin decides to change the store
names in glance-api.conf same will also be updated in location metadata
for all images related to that particular store. Current implementation of
legacy image performs this operation on each get/list call as location metadata
is not getting updated in database or it doesn't handle to perform store name
check in glance-api.conf.
Improvements done:
1. Save updated location metadata information in database permenantly
2. Add logic to perform lazy loading only if store information is not present
in location metadata or store present in location metadata is not defined in
glance's enbaled_backends configuration option.
Change-Id: I789fa7adfb459e7861c90a51f418a635c0c22244
Closes-Bug: #1886374
Lazy updating store information in location metadata fails if image
is not owned by the user. The reason is saving this information to
image object returns Forbidden error as the user is not allowed to change
the image information. Actually after updating the location information
there is no need to explicitly call save function because when location
information is updated using image.locations object it is updated to
database at the same time.
To fix this issue, remved the image_repo.save call, so that Lazy update
should be allowed to index as well as show call for all the users.
Change-Id: I92c85647ea4eea7069f8124334402f9127bf653c
Closes-Bug: #1840885
Added new decorator around get image call which will add
or update store inforamtion to location metadata if it
is not available.
Implements: blueprint lazy-update-stores
Depends-On: https://review.opendev.org/#/c/660340/
Change-Id: I51b6afad56cfa5ccf6c6584bb33e83ce34b4387d
Added new boolean column "os_hidden" in images table. Images where
"os_hidden" = True will be omitted from the image list presented
to the user. This will apply to all image visibilities. However,
the images will continue to be discoverable. User can use
filter "os_hidden=true" in GET v2/images call to see all hidden
images.
Implements: blueprint hidden-images
Change-Id: If8f02ca94fdb8e1ac7a81853cd392988900172d1
This change replaces the existing boolean 'is_public' column for
the 'images' table with enum 'visibility' column featuring the
four explicit visibility values - public, private, shared,
and community.
This change also implements and enables all backend code to
utilize the new values.
Co-Authored-By: Timothy Symanczyk <timothy_symanczyk@symantec.com>
Co-Authored-By: Dharini Chandrasekar <dharini.chandrasekar@intel.com>
Implements: blueprint community-level-v2-image-sharing
Closes-Bug: #1394299
Closes-Bug: #1452443
Depends-On: I6e3268f3712cbc0aadb51d204c694023b92d55a5
Change-Id: I94bc7708b291ce37319539e27b3e88c9a17e1a9f
Image members CRUD doesn't generate notifications which
is impacting searchlight service by not having latest
changes to Image memberships.
If you create an image and later change its members,
the members are not updated via notifications.
You have to run the index sync again to get the updated
member list.
See: https://bugs.launchpad.net/searchlight/+bug/1490697
Membership information is critical for horizon filtering.
Typically, a person is allowed to view an image under the
following conditions:
1) The image is owned by the project I am currently logged into.
2) The image is public
3) The image is owned by another project which has added me
as a member and I have accepted membership to it.
Without current membership information, 3) above is not possible.
See: https://bugs.launchpad.net/searchlight/+bug/1491085
Change-Id: Ia56e42d3d8da36cfa419d5c3c7d69c9ccf8974fd
Closes-Bug: #1441453
Import i18n functions from module directly and do not use
global module variables like _ = i18n._. It makes code shorter
and cleaner. It also to detect cases when these functions are not
used in module.
Change-Id: Iaa593ac1f2dd15cbcad049bef6ba68f1cfa610da
The actual call is reactivate not activate. Therefore to stop the
internal server error occuring the activate needs to be renamed.
Change-Id: I9c74a3cd2bd460c6947477052af07838ef278d59
Closes-bug: 1515305
If a user tries to deactivate an image that is hosted by the admin that
has public visiblity, it will currently return a 500 error. This changes
that behaviour to return a Forbidden.
Closes-Bug: 1485940
Change-Id: Id7f645fc599e57f6c0842bba2b7a2f3db52784ae
It's not pythonic to use parentheses in conditional statements which can
fit into single line. Following patch removes redundant parentheses from
the code.
Change-Id: I01544931cc49b250b8224a593c64d7b59b576799
The MetadefTagProxy.__init__ def simply calls glance.domain.proxy.MetadefTag
__init__. This makes it a redundant call since MetadefTagProxy inherits
the MetadefTag.__init__ def. This fix replaces MetadefTagProxy.__init__ with
a simple pass.
Change-Id: I7280c979115c7c5ae6bbf63e2ccdd96b88716cd2
Closes-bug: 1414875
Currently image data cannot be removed synchronously for an image that
is in saving state. And when, the upload operation for such an image is
completed the operator configured quota can be exceeded.
This patch fixes the issue of left over chunks for an image which was
deleted from saving status. However, by the limitation of the design we
cannot enforce a global quota check for the image in saving status.
This change introduces a inconsonance between http response codes of
v1 and v2 APIs. The status codes which we will now see after the upload
process completes on an image which was deleted mid way are:
v1: 412 Precondition Failed
v2: 410 Gone
SecurityImpact
UpgradeImpact
APIImpact
Closes-Bug: 1383973
Closes-Bug: 1398830
Closes-Bug: 1188532
Change-Id: I47229b366c25367ec1bd48aec684e0880f3dfe60
Signed-off-by: Zhi Yan Liu <zhiyanl@cn.ibm.com>
The builtin _ should not longer be used. Instead _
should be explicitly assigned from glance.i18n.
This patch does the following:
(1) adds these explict assignments to any
glance file that was missing them,
(2) removes the defintion of _ as a builtin from
tox.ini so that a pep8 failure will occur
if _ is not defined,
(3) removes calls to install().
This removes the last direct use of gettextutils by glance.
The indirect uses, via openstack/common, will be removed
in the next sync with oslo.
Change-Id: Ie54e8a67e747e022cc01022dfad35d89686bdfc4
Currently GET call to API to retrieve property details ends with
404 error when property name includes resource type prefix.
This patch extends show method to take filters as a parameter.
If 'resource_type' is included in filters then the prefix of included
resource type is removed from property name. This enables user to look
for property name starting with prefix that comes from associated
resource type.
Change-Id: I3c4d96fbc9ce15016631017bf76089c338ac3cdc
Closes-Bug: #1367564
DocImpact
Co-Authored-By: Bartosz Fic <bartosz.fic@intel.com>
Co-Authored-By: Pawel Koniszewski <pawel.koniszewski@intel.com>
This patch adds support for random access to images to the API v2. It's
possible to partially access the image data by passing the offset where
the image should be fetched from and the size of the chunk expected.
Note that not all stores support random access to image data. In such
cases, the API will return an error mentioning the selected store
doesn't support such a feature.
DocImpact:
Content-Range header is now parsed to support random access to image
data.
Implements blueprint: restartable-image-download
Change-Id: Iade692a8197a9a1d9532711a5c572c505e5e7d20
Implements: blueprint metadata-schema-catalog
A common API hosted by the Glance service for vendors, admins,
services, and users to meaningfully define available key / value
pair and tag metadata. The intent is to enable better metadata
collaboration across artifacts, services, and projects for
OpenStack users.
This is about the definition of the available metadata that can
be used on different types of resources (images, artifacts,
volumes, flavors, aggregates, etc). A definition includes the
properties type, its key, it's description, and it's constraints.
This catalogue will not store the values for specific instance
properties.
- REST API for CRUD on metadef namespace
- REST API for CRUD on metadef objects
- REST API for CRUD on metadef properites
- REST API for CRUD on metadef resource types
- REST API for JSON schemas on metadef API's
Change-Id: I8e6d88ffee9a9337bf82b1da85648ba638a154ab
DocImpact
Co-Authored-By: Lakshmi N Sampath <lakshmi.sampath@hp.com>
Co-Authored-By: Wayne Okuma <wayne.okuma@hp.com>
Co-Authored-By: Travis Tripp <travis.tripp@hp.com>
Co-Authored-By: Pawel Koniszewski <pawel.koniszewski@intel.com>
Co-Authored-By: Michal Jastrzebski <michal.jastrzebski@intel.com>
Co-Authored-By: Michal Dulko <michal.dulko@intel.com>
Change I0b406e4662cfd3cb496b71be77ad10a90c178baa introduces a new
class TaskStub. This class is designed to be a subset of what a
task is in the domain layer: it doesn't contain input, message and
result. TaskStub should be used when listing tasks in order to avoid
extra-overhead of transporting these text fields.
As a result, the TaskDetails introduced by change
I0b406e4662cfd3cb496b71be77ad10a90c178baa doesn't need to exist.
With this patch, the domain layer contains Task and TaskStub instead
of Task, TaskStub and TaskDetails.
partially implements bp async-glance-workers
Change-Id: I2a20b0c5033c6920749370355c2d672dec707c28
Partial Task patch, Id I4fbadc9a97e3147128c7c733384c7bb50918806f
removed the result and message vars of the Tasks class. However,
the succeed and fail methods were using those to update them
respectively. This patch introduces a new TaskStub class which
enables the PartialTask functionality without looking result
and message attrs of the Task class.
Fixes bug 1284975
Change-Id: I0b406e4662cfd3cb496b71be77ad10a90c178baa
This fixes an issue where copy.deepcopy was being a called
on an ImmutableLocations object, causing a Forbidden to be
raised.
Change-Id: Ia7ac121478cf63d68bd5a3d91faa51a42afeb2fe
Closes-Bug: 1287888
This patch adds the knowledge of a virtual_size field to Glance's API
v2. The virtual_size field should respect the same rules applied to the
size field in terms of readability, access control and propagation.
Glance's API v1 has been left unmodified.
docImpact
Implements blueprint: split-image-size
Change-Id: Ie4f58ee2e4da3a6c1229840295c7f62023a95b70
- partial-task: Task that includes all the values except the 'Text'
columns(input, result & message).
- This patch is to have the database to return a partial-task list on users
invoking 'GET /v2/tasks'.
- Returning list of partial tasks will help in reducing the response time when the
user queries for the list of tasks.
- This patch also includes changes for making implementation and return values of
display task detail (GET /v2/tasks/{task_id}) and list tasks (GET /v2/tasks)
more explicit.
partially implements bp async-glance-workers
Change-Id: I4fbadc9a97e3147128c7c733384c7bb50918806f
Remove the add and save method's return statement in the
ImageMemberRepo class, as the same as ImageRepo class. Also
modify authorization.py and policy.py and the related unittest.
Closes-Bug: #1254210
Change-Id: I472cd15af8648beea10abc595e905618091f3dab
This commit makes the glance code base E125 and E126 compliant :
* E125 continuation line does not distinguish itself from next logical line
* E126 continuation line over-indented for hanging indent
Change-Id: I7120149bedb665fb66320498fe98948602a6cd52
Closes-bug: #1263437
- add REST API layer for async worker(tasks) to
support tasks operations.
- update to include sparse task for tasks.index
- add domain proxies for handling authorization,
policy enforce, notification while processing
task requests.
- add Task domain entity and TaskFactory to create
new Task domain entity objects.
- add integration test for testing tasks api
Co-authored-by: Fei Long Wang <flwang@cn.ibm.com>
Partially implement blueprint async-glance-workers
Change-Id: I072cbf351c06f59a7702733b652bfa63e5abbaa6
On an forbidden update, the message returned to the user
is not tied to the type of object modified by the operation.
For example: a forbidden image member update will return
`You are not permitted to modify 'status' on this image.`
instead of image_member.
This patch fixes the issue for images, image members and tasks.
Change-Id: Ie9774807f0190a517a619aeb56c1398741ac4407
Closes-Bug: #1250228
Includes:-
- Domain Task class
- Domain TaskFactory class
- DB TaskRepo class
- Necessary proxy classes for all of the above
- Tasks related exceptions
- Unit tests as applicable
Partially implement blueprint async-glance-workers
Change-Id: I619224bcc55b62303f3539454649528f2edc6e9d
This change brings the domain model up to speed with the v1 stack by
issuing calls to store.set_acls whenever
- an image is saved into the database (and locations are set)
- a member is added to an image (and locations are set)
related blueprint glance-api-v2-image-sharing
Change-Id: I45f10752f6c04646b65f86e44b59bdeea534f024
Prior to this change, it was common for a domain layer that was wrapping
Image objects returned by methods to neglect to unwrap the objects on
the way in to other methods.
This change fixes that by making proxy base classes less leaky and
inheriting from them in the various domain layers.
Change-Id: I22866cdd800c4c95b43c92762ead3775cffeaa80
* The DB API now exposes a 'locations' image attribute rather than
'location'. The new field is guaranteed to be a list of zero of
more items
* The v1 and v2 APIs only look for the first item in the list of
locations.
* Related to bp multiple-image-locations
Change-Id: I830b383d8a8e50a01e461658fb9abe384de1a353
Patchset addresses reviewer's comments, rebase against master,
and follows new guidance from Foundation:
http://wiki.openstack.org/Documentation/Copyright
Change-Id: I94367461505778973528eb8835d991f4fb796dab
Only the owner of an image can add members to the image.
By default the status of the image member is requested.
The member can change the status of the image membership
to accepted or rejected. This is done to prevent spamming
the user's image list. A member cannot see the other members
of the image.
Related to bp glance-api-v2-image-sharing
Change-Id: I0d0deba4b0df52b2f8d105b779fb7de746229d3a
Adding image members to glance v2 api. A user can create image member,
list image members and delete image member for a given image.
Also adds the necessary authorization.
Related to bp glance-api-v2-image-sharing
Change-Id: Ifc0607d693f7b0218ebd7fc4824a64e9eba995b3
Adding the database layer image members domain model.
For a given image, a user can get a list of image members,
delete image member, and get a specific image.
Related to bp glance-api-v2-image-sharing
Change-Id: I71a0c0d3c828cba231a75d0b7888bad932de41e5
This patch introduces domain objects that handle context-based
authorization checks. With this approach, we can eventually remove
ownership checks from the database apis.
Part of implementing bp:glance-domain-logic-layer
Change-Id: I30c7444220013f17dab6479f1b00f1598ab424d0
Pranali Deore