Fix public image ACL in multi-tenant Swift mode

Currently the ACL to public Swift images is '.r:*'. This means that
anonymous users who have not authenticated may be able to access the
data of a public Swift image when multi-tenant mode is enabled.

Change to use the cross-tenant '*:*' ACL which requires an authenticated
user for access.

Note: This does not address authenticated users being able to download
public image data directly from Swift (potentially bypassing Glance's
'download_image' policy).

Change-Id: I1fa3297908ca4be517419e9460f056a09aa98ef0
Addresses: OSSN 0025 (https://review.openstack.org/#/c/117928/)
Closes-bug: #1354512
This commit is contained in:
Stuart McLaren 2014-10-22 12:06:53 +00:00
parent 6d4f6aa220
commit 69f801c349
2 changed files with 2 additions and 2 deletions

View File

@ -792,7 +792,7 @@ class MultiTenantStore(BaseStore):
headers = {}
if public:
headers['X-Container-Read'] = ".r:*,.rlistings"
headers['X-Container-Read'] = "*:*"
elif read_tenants:
headers['X-Container-Read'] = ','.join('%s:*' % i
for i in read_tenants)

View File

@ -776,7 +776,7 @@ class SwiftTests(object):
container_headers = swiftclient.client.head_container('x', 'y',
'glance')
self.assertEqual(container_headers['X-Container-Read'],
".r:*,.rlistings")
"*:*")
def test_read_acl_tenants(self):
"""