Merge "Prevent setting swift+config locations"
This commit is contained in:
commit
e33667e9bb
|
@ -417,17 +417,20 @@ class Controller(controller.BaseController):
|
|||
"""
|
||||
External sources (as specified via the location or copy-from headers)
|
||||
are supported only over non-local store types, i.e. S3, Swift, HTTP.
|
||||
Note the absence of file:// for security reasons, see LP bug #942118.
|
||||
Note the absence of 'file://' for security reasons, see LP bug #942118.
|
||||
'swift+config://' is also absent for security reasons, see LP bug
|
||||
#1334196.
|
||||
If the above constraint is violated, we reject with 400 "Bad Request".
|
||||
"""
|
||||
if source:
|
||||
pieces = urlparse.urlparse(source)
|
||||
schemes = [scheme for scheme in store.get_known_schemes()
|
||||
if scheme != 'file']
|
||||
if scheme != 'file' and scheme != 'swift+config']
|
||||
for scheme in schemes:
|
||||
if pieces.scheme == scheme:
|
||||
return source
|
||||
msg = "External sourcing not supported for store %s" % source
|
||||
msg = ("External sourcing not supported for "
|
||||
"store '%s'" % pieces.scheme)
|
||||
LOG.debug(msg)
|
||||
raise HTTPBadRequest(explanation=msg,
|
||||
request=req,
|
||||
|
@ -743,18 +746,17 @@ class Controller(controller.BaseController):
|
|||
self.pool.spawn_n(self._upload_and_activate, req, image_meta)
|
||||
else:
|
||||
if location:
|
||||
try:
|
||||
store.validate_location(location, context=req.context)
|
||||
except store.BadStoreUri as bse:
|
||||
raise HTTPBadRequest(explanation=bse.msg,
|
||||
request=req)
|
||||
|
||||
self._validate_image_for_activation(req, image_id, image_meta)
|
||||
image_size_meta = image_meta.get('size')
|
||||
if image_size_meta:
|
||||
image_size_store = store.get_size_from_backend(
|
||||
location,
|
||||
context=req.context)
|
||||
try:
|
||||
image_size_store = store.get_size_from_backend(
|
||||
location, req.context)
|
||||
except (store.BadStoreUri, store.UnknownScheme) as e:
|
||||
LOG.debug(utils.exception_to_str(e))
|
||||
raise HTTPBadRequest(explanation=e.msg,
|
||||
request=req,
|
||||
content_type="text/plain")
|
||||
# NOTE(zhiyan): A returned size of zero usually means
|
||||
# the driver encountered an error. In this case the
|
||||
# size provided by the client will be used as-is.
|
||||
|
|
|
@ -250,7 +250,33 @@ class TestCopyToFile(functional.FunctionalTest):
|
|||
response, content = http.request(path, 'POST', headers=headers)
|
||||
self.assertEqual(response.status, 400, content)
|
||||
|
||||
expected = 'External sourcing not supported for store ' + copy_from
|
||||
expected = 'External sourcing not supported for store \'file\''
|
||||
msg = 'expected "%s" in "%s"' % (expected, content)
|
||||
self.assertTrue(expected in content, msg)
|
||||
|
||||
self.stop_servers()
|
||||
|
||||
@skip_if_disabled
|
||||
def test_copy_from_swift_config(self):
|
||||
"""
|
||||
Ensure we can't copy from swift+config
|
||||
"""
|
||||
self.cleanup()
|
||||
|
||||
self.start_servers(**self.__dict__.copy())
|
||||
|
||||
# POST /images with public image copied from file (to file)
|
||||
headers = {'X-Image-Meta-Name': 'copied',
|
||||
'X-Image-Meta-disk_format': 'raw',
|
||||
'X-Image-Meta-container_format': 'ovf',
|
||||
'X-Image-Meta-Is-Public': 'True',
|
||||
'X-Glance-API-Copy-From': 'swift+config://xxx'}
|
||||
path = "http://%s:%d/v1/images" % ("127.0.0.1", self.api_port)
|
||||
http = httplib2.Http()
|
||||
response, content = http.request(path, 'POST', headers=headers)
|
||||
self.assertEqual(response.status, 400, content)
|
||||
|
||||
expected = 'External sourcing not supported for store \'swift+config\''
|
||||
msg = 'expected "%s" in "%s"' % (expected, content)
|
||||
self.assertTrue(expected in content, msg)
|
||||
|
||||
|
|
|
@ -90,7 +90,6 @@ class TestGlanceAPI(base.IsolatedUnitTest):
|
|||
'metadata': {}, 'status': 'active'}],
|
||||
'properties': {}}]
|
||||
self.context = glance.context.RequestContext(is_admin=True)
|
||||
store.validate_location = mock.Mock()
|
||||
db_api.get_engine()
|
||||
self.destroy_fixtures()
|
||||
self.create_fixtures()
|
||||
|
@ -1008,11 +1007,6 @@ class TestGlanceAPI(base.IsolatedUnitTest):
|
|||
|
||||
def test_add_location_with_invalid_location(self):
|
||||
"""Tests creates an image from location and conflict image size"""
|
||||
|
||||
mock_validate_location = mock.Mock()
|
||||
store.validate_location = mock_validate_location
|
||||
mock_validate_location.side_effect = store.BadStoreUri()
|
||||
|
||||
fixture_headers = {'x-image-meta-store': 'file',
|
||||
'x-image-meta-disk-format': 'vhd',
|
||||
'x-image-meta-location': 'http://a/b/c.tar.gz',
|
||||
|
|
Loading…
Reference in New Issue