From 803a7d44c49f6adbfa878ee520756869df1ffe8a Mon Sep 17 00:00:00 2001 From: Dan Smith Date: Tue, 1 Oct 2024 07:42:34 -0700 Subject: [PATCH] Add image format enforcement toggle Related to blueprint glance-as-defender Needed-By: https://review.opendev.org/c/openstack/tempest/+/931028 Change-Id: I8b22ed85eefde399f2e472780106dd39e51a5700 --- lib/glance | 4 ++++ lib/tempest | 1 + 2 files changed, 5 insertions(+) diff --git a/lib/glance b/lib/glance index 274687112e..2eb4954f4a 100644 --- a/lib/glance +++ b/lib/glance @@ -104,6 +104,9 @@ GLANCE_ENABLE_QUOTAS=$(trueorfalse True GLANCE_ENABLE_QUOTAS) # For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope GLANCE_ENFORCE_SCOPE=$(trueorfalse True GLANCE_ENFORCE_SCOPE) +# Flag to disable image format inspection on upload +GLANCE_ENFORCE_IMAGE_FORMAT=$(trueorfalse True GLANCE_ENFORCE_IMAGE_FORMAT) + GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance} GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs GLANCE_API_CONF=$GLANCE_CONF_DIR/glance-api.conf @@ -343,6 +346,7 @@ function configure_glance { # Only use these if you know what you are doing! See OSSN-0065 iniset $GLANCE_API_CONF DEFAULT show_image_direct_url $GLANCE_SHOW_DIRECT_URL iniset $GLANCE_API_CONF DEFAULT show_multiple_locations $GLANCE_SHOW_MULTIPLE_LOCATIONS + iniset $GLANCE_API_CONF image_format require_image_format_match $GLANCE_ENFORCE_IMAGE_FORMAT # Configure glance_store configure_glance_store $USE_CINDER_FOR_GLANCE $GLANCE_ENABLE_MULTIPLE_STORES diff --git a/lib/tempest b/lib/tempest index 310db2daa6..eeeef67a8b 100644 --- a/lib/tempest +++ b/lib/tempest @@ -368,6 +368,7 @@ function configure_tempest { if [[ -n "$image_conversion" ]]; then iniset $TEMPEST_CONFIG image-feature-enabled image_conversion True fi + iniset $TEMPEST_CONFIG image-feature-enabled image_format_enforcement $GLANCE_ENFORCE_IMAGE_FORMAT fi iniset $TEMPEST_CONFIG network project_network_cidr $FIXED_RANGE