openstack/cinder
Code Issues Proposed changes
1101402b8f
cinder/releasenotes/notes/fix-reserved-image-properties-9519ddc080e7ed1a.yaml
Rafael Weingärtner c43fb490b2 Filter reserved image properties 
Cinder is currently not able to upload a volume that is based on an
image back to glance. This bug is triggered if glance multistore is
enabled (devstack in this example).

When enabling multistore, the following properties will be stored in Cinder:
* os_glance_failed_import=''
* os_glance_importing_to_stores=''

Those properties will cause problems when Cinder tries to perform some
actions with Glance. Error msg:
```
cinderclient.exceptions.BadRequest: HTTP 403 Forbidden: Access was denied to this resource.: Attribute 'os_glance_failed_import' is reserved. (HTTP 400)
```

Nova had the same issue and solved it with:
50fdbc752a/releasenotes/notes/absolutely-non-inheritable-image-properties-85f7f304fdc20b61.yaml

and

dda179d3f9

Therefore, this patch is intended to apply a similar solution in Cinder.

Change-Id: I79d70543856c01a45e2d8c083ab8df6b9c047ebc
Closes-Bug: #1945500
2023-01-31 20:57:22 -03:00

29 lines
1.7 KiB
YAML
Raw Blame History

---
upgrade:
- |
We introduced a new config parameter, ``reserved_image_namespaces``,
that allows operators to set the image properties to filter out from
volume image metadata by namespace when uploading a volume to Glance.
These properties, if not filtered out, cause failures when uploading
images back to Glance. The error will happen on Glance side when the
reserved namespaces are used. This option is also useful when an operator
wants to use the Glance property protections feature to make some image
properties read-only.
fixes:
- |
`Bug #1945500 <https://bugs.launchpad.net/cinder/+bug/1945500>`_: Fixed
an error when uploading to Glance a previously downloaded glance image
when glance multistore is enabled. Glance reserves image properties
in the namespace 'os_glance' for its own use and will not allow
images to be created with these properties. Additionally, there are image
properties, such as those associated with image signature verification,
that are stored in a volume's image metadata, which should not be added
to a new image when a volume is being uploaded as an image. Thus Cinder
will no longer include any volume image metadata in the namespaces
``os_glance`` and ``img_signature`` when it creates an image in Glance.
Furthermore, because the Glance property protections feature allows an
operator to configure specific image properties as read-only, this fix
adds a configuration option, ``reserved_image_namespaces``, that allows an
operator to exclude additional image properties by namespace (the
``os_glance`` and ``img_signature`` namespaces are *always* excluded).
View Git Blame Copy Permalink