From cacc3d5a5b6b1d8156cc001e0ead2a0c9c17de97 Mon Sep 17 00:00:00 2001
From: Nobuto Murata <nobuto.murata@canonical.com>
Date: Sat, 10 Jul 2021 22:45:35 +0900
Subject: [PATCH] Disable expose_image_locations whenever S3 is enabled

This is a follow-up change on Id2e9d4351513341b5ee41fa8a8d677aca6580fca
Instead of relying users to set expose-image-locations=false which is
error prone, disable expose_image_locations from the charm side whenever
S3 backend is enabled not to expose credentials.

Closes-Bug: 1935743
Change-Id: Iac0f27418eec6c818df8cc3fa1c133db38d26069
---
 README.md                          |  7 +++----
 config.yaml                        | 16 +++++++++++-----
 hooks/glance_contexts.py           | 27 ++++++++++++++++++---------
 hooks/glance_utils.py              |  3 ++-
 unit_tests/test_glance_contexts.py |  3 +++
 5 files changed, 37 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index 43a8834e..f662b436 100644
--- a/README.md
+++ b/README.md
@@ -104,18 +104,17 @@ Proceed with the common group of commands from the Ceph scenario.
 The step below assumes an external and pre-existing S3 compatible server
 available.
 
-S3 server information can be passed via charm config options, and you
-must set `expose-image-locations` as false not to expose S3 credentials
-through Glance API.
+S3 server information can be passed via charm config options:
 
     juju config glance \
-        expose-image-locations=false \
         s3-store-host='http://my-object-storage.example.com:8080' \
         s3-store-access-key='ACCESS_KEY' \
         s3-store-secret-key='SECRET_KEY' \
         s3-store-bucket='BUCKET_NAME'
 
 > **Note**: The S3 backend is supported starting with OpenStack Ussuri.
+  Enabling S3 backend overrides `expose-image-locations` as false not to
+  expose S3 credentials through Glance API.
 
 ### Local storage
 
diff --git a/config.yaml b/config.yaml
index 38daa7c2..a9f98fa9 100644
--- a/config.yaml
+++ b/config.yaml
@@ -226,9 +226,14 @@ options:
     type: boolean
     default: True
     description: |
-      Expose underlying image locations via the API when using Ceph for image
-      storage. Only disable this option if you do not wish to use
-      copy-on-write clones of RAW format images with Ceph in Cinder and Nova.
+      Expose underlying image locations via the API. Enabling this is
+      useful especially when using Ceph for image storage. Only disable
+      this option if you do not wish to use copy-on-write clones of RAW
+      format images with Ceph in Cinder and Nova.
+      .
+      NOTE: When S3 backend is enabled, this value will be ignored. The
+      charm will not expose the image location for all backends not to
+      expose S3 credentials.
   restrict-image-location-operations:
     type: boolean
     default: False
@@ -541,8 +546,9 @@ options:
       http://my-object-storage.example.com:8080
       .
       NOTE: The S3 backend can be enabled only for Ussuri or later
-      releases with this charm. You must set expose-image-locations as
-      false not to expose S3 credentials through Glance API.
+      releases with this charm. Enabling S3 backend will override
+      expose-image-locations as false not to expose S3 credentials
+      through Glance API.
   s3-store-access-key:
     type: string
     default:
diff --git a/hooks/glance_contexts.py b/hooks/glance_contexts.py
index fd72f730..4030a986 100644
--- a/hooks/glance_contexts.py
+++ b/hooks/glance_contexts.py
@@ -24,7 +24,8 @@ from charmhelpers.core.hookenv import (
     service_name,
     config,
     log as juju_log,
-    ERROR
+    ERROR,
+    WARNING
 )
 
 from charmhelpers.contrib.openstack.context import (
@@ -162,11 +163,6 @@ class ExternalS3Context(OSContextGenerator):
         "s3-store-bucket",
     )
 
-    def __init__(self):
-        self.required_values = [
-            config(key) for key in self.required_config_keys
-        ]
-
     def __call__(self):
         try:
             self.validate()
@@ -183,12 +179,19 @@ class ExternalS3Context(OSContextGenerator):
                 "s3_store_secret_key": config("s3-store-secret-key"),
                 "s3_store_bucket": config("s3-store-bucket"),
             }
+            if config("expose-image-locations"):
+                juju_log("Forcibly overriding expose_image_locations "
+                         "not to expose S3 credentials", level=WARNING)
+                ctxt["expose_image_locations"] = False
             return ctxt
 
         return {}
 
     def validate(self):
-        if all(self.required_values):
+        required_values = [
+            config(key) for key in self.required_config_keys
+        ]
+        if all(required_values):
             # The S3 backend was once removed in Newton development cycle and
             # added back in Ussuri cycle in Glance upstream. As we rely on
             # python3-boto3 in the charm, don't enable the backend before
@@ -202,7 +205,7 @@ class ExternalS3Context(OSContextGenerator):
                     level=ERROR,
                 )
                 raise ValueError("{} is not supported".format(_release))
-        elif any(self.required_values):
+        elif any(required_values):
             juju_log(
                 "Unable to use S3 backend without all required S3 options "
                 "defined. Missing keys: {}".format(
@@ -264,7 +267,13 @@ class MultiBackendContext(OSContextGenerator):
         s3_ctx = ExternalS3Context()()
         if not s3_ctx:
             return
-        return s3_ctx
+        ctx = {
+            "s3_store_host": s3_ctx["s3_store_host"],
+            "s3_store_access_key": s3_ctx["s3_store_access_key"],
+            "s3_store_secret_key": s3_ctx["s3_store_secret_key"],
+            "s3_store_bucket": s3_ctx["s3_store_bucket"],
+        }
+        return ctx
 
     def __call__(self):
         ctxt = {
diff --git a/hooks/glance_utils.py b/hooks/glance_utils.py
index d3ca6ed7..c14ccb25 100644
--- a/hooks/glance_utils.py
+++ b/hooks/glance_utils.py
@@ -202,7 +202,8 @@ CONFIG_FILES = OrderedDict([
                               service=['glance-api'],
                               config_file=GLANCE_API_CONF),
                           context.MemcacheContext(),
-                          glance_contexts.GlanceImageImportContext()],
+                          glance_contexts.GlanceImageImportContext(),
+                          glance_contexts.ExternalS3Context()],
         'services': ['glance-api']
     }),
     (GLANCE_SWIFT_CONF, {
diff --git a/unit_tests/test_glance_contexts.py b/unit_tests/test_glance_contexts.py
index e54b63b4..8c2b09c0 100644
--- a/unit_tests/test_glance_contexts.py
+++ b/unit_tests/test_glance_contexts.py
@@ -211,12 +211,14 @@ class TestGlanceContexts(CharmTestCase):
         secret_key = 'my-secret-key'
         bucket = 'my-bucket'
         config = {
+            'expose-image-locations': True,
             's3-store-host': host_name,
             's3-store-access-key': access_key,
             's3-store-secret-key': secret_key,
             's3-store-bucket': bucket}
         self.config.side_effect = lambda x: config[x]
         expected_ctx = {
+            'expose_image_locations': False,
             's3_store_host': host_name,
             's3_store_access_key': access_key,
             's3_store_secret_key': secret_key,
@@ -400,6 +402,7 @@ class TestGlanceContexts(CharmTestCase):
         s3_secret_key = 'my-secret-key'
         s3_bucket = 'my-bucket'
         conf_dict = {
+            'expose-image-locations': True,
             'filesystem-store-datadir': data_dir,
             's3-store-host': s3_host,
             's3-store-access-key': s3_access_key,