Add in security context information
This commit is contained in:
parent
78c9c3ad55
commit
52064a6378
@ -52,7 +52,7 @@ swift_store_container = glance
|
|||||||
swift_store_create_container_on_put = False
|
swift_store_create_container_on_put = False
|
||||||
|
|
||||||
[pipeline:glance-api]
|
[pipeline:glance-api]
|
||||||
pipeline = versionnegotiation apiv1app
|
pipeline = versionnegotiation context apiv1app
|
||||||
|
|
||||||
[pipeline:versions]
|
[pipeline:versions]
|
||||||
pipeline = versionsapp
|
pipeline = versionsapp
|
||||||
@ -65,3 +65,6 @@ paste.app_factory = glance.api.v1:app_factory
|
|||||||
|
|
||||||
[filter:versionnegotiation]
|
[filter:versionnegotiation]
|
||||||
paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory
|
paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory
|
||||||
|
|
||||||
|
[filter:context]
|
||||||
|
paste.filter_factory = glance.common.context:filter_factory
|
||||||
|
@ -29,5 +29,11 @@ sql_connection = sqlite:///glance.sqlite
|
|||||||
# before MySQL can drop the connection.
|
# before MySQL can drop the connection.
|
||||||
sql_idle_timeout = 3600
|
sql_idle_timeout = 3600
|
||||||
|
|
||||||
[app:glance-registry]
|
[pipeline:glance-registry]
|
||||||
|
pipeline = context registryapp
|
||||||
|
|
||||||
|
[app:registryapp]
|
||||||
paste.app_factory = glance.registry.server:app_factory
|
paste.app_factory = glance.registry.server:app_factory
|
||||||
|
|
||||||
|
[filter:context]
|
||||||
|
paste.filter_factory = glance.common.context:filter_factory
|
||||||
|
@ -96,7 +96,8 @@ class Controller(object):
|
|||||||
"""
|
"""
|
||||||
params = self._get_query_params(req)
|
params = self._get_query_params(req)
|
||||||
try:
|
try:
|
||||||
images = registry.get_images_list(self.options, **params)
|
images = registry.get_images_list(self.options, req.context,
|
||||||
|
**params)
|
||||||
except exception.Invalid, e:
|
except exception.Invalid, e:
|
||||||
raise HTTPBadRequest(explanation=str(e))
|
raise HTTPBadRequest(explanation=str(e))
|
||||||
|
|
||||||
@ -126,7 +127,8 @@ class Controller(object):
|
|||||||
"""
|
"""
|
||||||
params = self._get_query_params(req)
|
params = self._get_query_params(req)
|
||||||
try:
|
try:
|
||||||
images = registry.get_images_detail(self.options, **params)
|
images = registry.get_images_detail(self.options, req.context,
|
||||||
|
**params)
|
||||||
except exception.Invalid, e:
|
except exception.Invalid, e:
|
||||||
raise HTTPBadRequest(explanation=str(e))
|
raise HTTPBadRequest(explanation=str(e))
|
||||||
return dict(images=images)
|
return dict(images=images)
|
||||||
@ -226,6 +228,7 @@ class Controller(object):
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
image_meta = registry.add_image_metadata(self.options,
|
image_meta = registry.add_image_metadata(self.options,
|
||||||
|
req.context,
|
||||||
image_meta)
|
image_meta)
|
||||||
return image_meta
|
return image_meta
|
||||||
except exception.Duplicate:
|
except exception.Duplicate:
|
||||||
@ -267,7 +270,7 @@ class Controller(object):
|
|||||||
|
|
||||||
image_id = image_meta['id']
|
image_id = image_meta['id']
|
||||||
logger.debug("Setting image %s to status 'saving'" % image_id)
|
logger.debug("Setting image %s to status 'saving'" % image_id)
|
||||||
registry.update_image_metadata(self.options, image_id,
|
registry.update_image_metadata(self.options, req.context, image_id,
|
||||||
{'status': 'saving'})
|
{'status': 'saving'})
|
||||||
try:
|
try:
|
||||||
logger.debug("Uploading image data for image %(image_id)s "
|
logger.debug("Uploading image data for image %(image_id)s "
|
||||||
@ -294,7 +297,8 @@ class Controller(object):
|
|||||||
logger.debug("Updating image %(image_id)s data. "
|
logger.debug("Updating image %(image_id)s data. "
|
||||||
"Checksum set to %(checksum)s, size set "
|
"Checksum set to %(checksum)s, size set "
|
||||||
"to %(size)d" % locals())
|
"to %(size)d" % locals())
|
||||||
registry.update_image_metadata(self.options, image_id,
|
registry.update_image_metadata(self.options, req.context,
|
||||||
|
image_id,
|
||||||
{'checksum': checksum,
|
{'checksum': checksum,
|
||||||
'size': size})
|
'size': size})
|
||||||
|
|
||||||
@ -325,6 +329,7 @@ class Controller(object):
|
|||||||
image_meta['location'] = location
|
image_meta['location'] = location
|
||||||
image_meta['status'] = 'active'
|
image_meta['status'] = 'active'
|
||||||
return registry.update_image_metadata(self.options,
|
return registry.update_image_metadata(self.options,
|
||||||
|
req.context,
|
||||||
image_id,
|
image_id,
|
||||||
image_meta)
|
image_meta)
|
||||||
|
|
||||||
@ -336,6 +341,7 @@ class Controller(object):
|
|||||||
:param image_id: Opaque image identifier
|
:param image_id: Opaque image identifier
|
||||||
"""
|
"""
|
||||||
registry.update_image_metadata(self.options,
|
registry.update_image_metadata(self.options,
|
||||||
|
req.context,
|
||||||
image_id,
|
image_id,
|
||||||
{'status': 'killed'})
|
{'status': 'killed'})
|
||||||
|
|
||||||
@ -432,8 +438,9 @@ class Controller(object):
|
|||||||
raise HTTPConflict("Cannot upload to an unqueued image")
|
raise HTTPConflict("Cannot upload to an unqueued image")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
image_meta = registry.update_image_metadata(self.options, id,
|
image_meta = registry.update_image_metadata(self.options,
|
||||||
image_meta, True)
|
req.context, id,
|
||||||
|
image_meta, True)
|
||||||
if image_data is not None:
|
if image_data is not None:
|
||||||
image_meta = self._upload_and_activate(req, image_meta)
|
image_meta = self._upload_and_activate(req, image_meta)
|
||||||
except exception.Invalid, e:
|
except exception.Invalid, e:
|
||||||
@ -471,7 +478,7 @@ class Controller(object):
|
|||||||
"Continuing with deletion from registry."
|
"Continuing with deletion from registry."
|
||||||
logger.error(msg % (image['location'],))
|
logger.error(msg % (image['location'],))
|
||||||
|
|
||||||
registry.delete_image_metadata(self.options, id)
|
registry.delete_image_metadata(self.options, req.context, id)
|
||||||
|
|
||||||
def get_image_meta_or_404(self, request, id):
|
def get_image_meta_or_404(self, request, id):
|
||||||
"""
|
"""
|
||||||
@ -484,7 +491,8 @@ class Controller(object):
|
|||||||
:raises HTTPNotFound if image does not exist
|
:raises HTTPNotFound if image does not exist
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
return registry.get_image_metadata(self.options, id)
|
return registry.get_image_metadata(self.options,
|
||||||
|
request.context, id)
|
||||||
except exception.NotFound:
|
except exception.NotFound:
|
||||||
msg = "Image with identifier %s not found" % id
|
msg = "Image with identifier %s not found" % id
|
||||||
logger.debug(msg)
|
logger.debug(msg)
|
||||||
|
@ -35,7 +35,8 @@ class V1Client(base_client.BaseClient):
|
|||||||
|
|
||||||
DEFAULT_PORT = 9292
|
DEFAULT_PORT = 9292
|
||||||
|
|
||||||
def __init__(self, host, port=None, use_ssl=False, doc_root="/v1"):
|
def __init__(self, host, port=None, use_ssl=False, doc_root="/v1",
|
||||||
|
auth_tok=None):
|
||||||
"""
|
"""
|
||||||
Creates a new client to a Glance API service.
|
Creates a new client to a Glance API service.
|
||||||
|
|
||||||
@ -43,10 +44,11 @@ class V1Client(base_client.BaseClient):
|
|||||||
:param port: The port where Glance resides (defaults to 9292)
|
:param port: The port where Glance resides (defaults to 9292)
|
||||||
:param use_ssl: Should we use HTTPS? (defaults to False)
|
:param use_ssl: Should we use HTTPS? (defaults to False)
|
||||||
:param doc_root: Prefix for all URLs we request from host
|
:param doc_root: Prefix for all URLs we request from host
|
||||||
|
:param auth_tok: The auth token to pass to the server
|
||||||
"""
|
"""
|
||||||
port = port or self.DEFAULT_PORT
|
port = port or self.DEFAULT_PORT
|
||||||
self.doc_root = doc_root
|
self.doc_root = doc_root
|
||||||
super(Client, self).__init__(host, port, use_ssl)
|
super(Client, self).__init__(host, port, use_ssl, auth_tok)
|
||||||
|
|
||||||
def do_request(self, method, action, body=None, headers=None, params=None):
|
def do_request(self, method, action, body=None, headers=None, params=None):
|
||||||
action = "%s/%s" % (self.doc_root, action.lstrip("/"))
|
action = "%s/%s" % (self.doc_root, action.lstrip("/"))
|
||||||
|
@ -41,17 +41,19 @@ class BaseClient(object):
|
|||||||
|
|
||||||
CHUNKSIZE = 65536
|
CHUNKSIZE = 65536
|
||||||
|
|
||||||
def __init__(self, host, port, use_ssl):
|
def __init__(self, host, port, use_ssl, auth_tok):
|
||||||
"""
|
"""
|
||||||
Creates a new client to some service.
|
Creates a new client to some service.
|
||||||
|
|
||||||
:param host: The host where service resides
|
:param host: The host where service resides
|
||||||
:param port: The port where service resides
|
:param port: The port where service resides
|
||||||
:param use_ssl: Should we use HTTPS?
|
:param use_ssl: Should we use HTTPS?
|
||||||
|
:param auth_tok: The auth token to pass to the server
|
||||||
"""
|
"""
|
||||||
self.host = host
|
self.host = host
|
||||||
self.port = port
|
self.port = port
|
||||||
self.use_ssl = use_ssl
|
self.use_ssl = use_ssl
|
||||||
|
self.auth_tok = auth_tok
|
||||||
self.connection = None
|
self.connection = None
|
||||||
|
|
||||||
def get_connection_type(self):
|
def get_connection_type(self):
|
||||||
@ -99,6 +101,8 @@ class BaseClient(object):
|
|||||||
try:
|
try:
|
||||||
connection_type = self.get_connection_type()
|
connection_type = self.get_connection_type()
|
||||||
headers = headers or {}
|
headers = headers or {}
|
||||||
|
if 'x-auth-token' not in headers and self.auth_tok:
|
||||||
|
headers['x-auth-token'] = self.auth_tok
|
||||||
c = connection_type(self.host, self.port)
|
c = connection_type(self.host, self.port)
|
||||||
|
|
||||||
# Do a simple request or a chunked request, depending
|
# Do a simple request or a chunked request, depending
|
||||||
|
@ -26,33 +26,33 @@ from glance.registry import client
|
|||||||
logger = logging.getLogger('glance.registry')
|
logger = logging.getLogger('glance.registry')
|
||||||
|
|
||||||
|
|
||||||
def get_registry_client(options):
|
def get_registry_client(options, cxt):
|
||||||
host = options['registry_host']
|
host = options['registry_host']
|
||||||
port = int(options['registry_port'])
|
port = int(options['registry_port'])
|
||||||
return client.RegistryClient(host, port)
|
return client.RegistryClient(host, port, auth_tok=cxt.auth_tok)
|
||||||
|
|
||||||
|
|
||||||
def get_images_list(options, **kwargs):
|
def get_images_list(options, context, **kwargs):
|
||||||
c = get_registry_client(options)
|
c = get_registry_client(options, context)
|
||||||
return c.get_images(**kwargs)
|
return c.get_images(**kwargs)
|
||||||
|
|
||||||
|
|
||||||
def get_images_detail(options, **kwargs):
|
def get_images_detail(options, context, **kwargs):
|
||||||
c = get_registry_client(options)
|
c = get_registry_client(options, context)
|
||||||
return c.get_images_detailed(**kwargs)
|
return c.get_images_detailed(**kwargs)
|
||||||
|
|
||||||
|
|
||||||
def get_image_metadata(options, image_id):
|
def get_image_metadata(options, context, image_id):
|
||||||
c = get_registry_client(options)
|
c = get_registry_client(options, context)
|
||||||
return c.get_image(image_id)
|
return c.get_image(image_id)
|
||||||
|
|
||||||
|
|
||||||
def add_image_metadata(options, image_meta):
|
def add_image_metadata(options, context, image_meta):
|
||||||
if options['debug']:
|
if options['debug']:
|
||||||
logger.debug("Adding image metadata...")
|
logger.debug("Adding image metadata...")
|
||||||
_debug_print_metadata(image_meta)
|
_debug_print_metadata(image_meta)
|
||||||
|
|
||||||
c = get_registry_client(options)
|
c = get_registry_client(options, context)
|
||||||
new_image_meta = c.add_image(image_meta)
|
new_image_meta = c.add_image(image_meta)
|
||||||
|
|
||||||
if options['debug']:
|
if options['debug']:
|
||||||
@ -63,12 +63,13 @@ def add_image_metadata(options, image_meta):
|
|||||||
return new_image_meta
|
return new_image_meta
|
||||||
|
|
||||||
|
|
||||||
def update_image_metadata(options, image_id, image_meta, purge_props=False):
|
def update_image_metadata(options, context, image_id, image_meta,
|
||||||
|
purge_props=False):
|
||||||
if options['debug']:
|
if options['debug']:
|
||||||
logger.debug("Updating image metadata for image %s...", image_id)
|
logger.debug("Updating image metadata for image %s...", image_id)
|
||||||
_debug_print_metadata(image_meta)
|
_debug_print_metadata(image_meta)
|
||||||
|
|
||||||
c = get_registry_client(options)
|
c = get_registry_client(options, context)
|
||||||
new_image_meta = c.update_image(image_id, image_meta, purge_props)
|
new_image_meta = c.update_image(image_id, image_meta, purge_props)
|
||||||
|
|
||||||
if options['debug']:
|
if options['debug']:
|
||||||
@ -79,9 +80,9 @@ def update_image_metadata(options, image_id, image_meta, purge_props=False):
|
|||||||
return new_image_meta
|
return new_image_meta
|
||||||
|
|
||||||
|
|
||||||
def delete_image_metadata(options, image_id):
|
def delete_image_metadata(options, context, image_id):
|
||||||
logger.debug("Deleting image metadata for image %s...", image_id)
|
logger.debug("Deleting image metadata for image %s...", image_id)
|
||||||
c = get_registry_client(options)
|
c = get_registry_client(options, context)
|
||||||
return c.delete_image(image_id)
|
return c.delete_image(image_id)
|
||||||
|
|
||||||
|
|
||||||
|
@ -33,16 +33,17 @@ class RegistryClient(BaseClient):
|
|||||||
|
|
||||||
DEFAULT_PORT = 9191
|
DEFAULT_PORT = 9191
|
||||||
|
|
||||||
def __init__(self, host, port=None, use_ssl=False):
|
def __init__(self, host, port=None, use_ssl=False, auth_tok=None):
|
||||||
"""
|
"""
|
||||||
Creates a new client to a Glance Registry service.
|
Creates a new client to a Glance Registry service.
|
||||||
|
|
||||||
:param host: The host where Glance resides
|
:param host: The host where Glance resides
|
||||||
:param port: The port where Glance resides (defaults to 9191)
|
:param port: The port where Glance resides (defaults to 9191)
|
||||||
:param use_ssl: Should we use HTTPS? (defaults to False)
|
:param use_ssl: Should we use HTTPS? (defaults to False)
|
||||||
|
:param auth_tok: The auth token to pass to the server
|
||||||
"""
|
"""
|
||||||
port = port or self.DEFAULT_PORT
|
port = port or self.DEFAULT_PORT
|
||||||
super(RegistryClient, self).__init__(host, port, use_ssl)
|
super(RegistryClient, self).__init__(host, port, use_ssl, auth_tok)
|
||||||
|
|
||||||
def get_images(self, **kwargs):
|
def get_images(self, **kwargs):
|
||||||
"""
|
"""
|
||||||
|
@ -61,7 +61,7 @@ class Controller(object):
|
|||||||
Get images, wrapping in exception if necessary.
|
Get images, wrapping in exception if necessary.
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
return db_api.image_get_all(None, **params)
|
return db_api.image_get_all(context, **params)
|
||||||
except exception.NotFound, e:
|
except exception.NotFound, e:
|
||||||
msg = "Invalid marker. Image could not be found."
|
msg = "Invalid marker. Image could not be found."
|
||||||
raise exc.HTTPBadRequest(explanation=msg)
|
raise exc.HTTPBadRequest(explanation=msg)
|
||||||
@ -87,7 +87,7 @@ class Controller(object):
|
|||||||
}
|
}
|
||||||
"""
|
"""
|
||||||
params = self._get_query_params(req)
|
params = self._get_query_params(req)
|
||||||
images = self._get_images(None, **params)
|
images = self._get_images(req.context, **params)
|
||||||
|
|
||||||
results = []
|
results = []
|
||||||
for image in images:
|
for image in images:
|
||||||
@ -111,7 +111,7 @@ class Controller(object):
|
|||||||
"""
|
"""
|
||||||
params = self._get_query_params(req)
|
params = self._get_query_params(req)
|
||||||
|
|
||||||
images = self._get_images(None, **params)
|
images = self._get_images(req.context, **params)
|
||||||
image_dicts = [make_image_dict(i) for i in images]
|
image_dicts = [make_image_dict(i) for i in images]
|
||||||
return dict(images=image_dicts)
|
return dict(images=image_dicts)
|
||||||
|
|
||||||
@ -223,7 +223,7 @@ class Controller(object):
|
|||||||
def show(self, req, id):
|
def show(self, req, id):
|
||||||
"""Return data about the given image id."""
|
"""Return data about the given image id."""
|
||||||
try:
|
try:
|
||||||
image = db_api.image_get(None, id)
|
image = db_api.image_get(req.context, id)
|
||||||
except exception.NotFound:
|
except exception.NotFound:
|
||||||
raise exc.HTTPNotFound()
|
raise exc.HTTPNotFound()
|
||||||
|
|
||||||
@ -238,9 +238,8 @@ class Controller(object):
|
|||||||
|
|
||||||
:retval Returns 200 if delete was successful, a fault if not.
|
:retval Returns 200 if delete was successful, a fault if not.
|
||||||
"""
|
"""
|
||||||
context = None
|
|
||||||
try:
|
try:
|
||||||
db_api.image_destroy(context, id)
|
db_api.image_destroy(req.context, id)
|
||||||
except exception.NotFound:
|
except exception.NotFound:
|
||||||
return exc.HTTPNotFound()
|
return exc.HTTPNotFound()
|
||||||
|
|
||||||
@ -260,9 +259,8 @@ class Controller(object):
|
|||||||
# Ensure the image has a status set
|
# Ensure the image has a status set
|
||||||
image_data.setdefault('status', 'active')
|
image_data.setdefault('status', 'active')
|
||||||
|
|
||||||
context = None
|
|
||||||
try:
|
try:
|
||||||
image_data = db_api.image_create(context, image_data)
|
image_data = db_api.image_create(req.context, image_data)
|
||||||
return dict(image=make_image_dict(image_data))
|
return dict(image=make_image_dict(image_data))
|
||||||
except exception.Duplicate:
|
except exception.Duplicate:
|
||||||
msg = ("Image with identifier %s already exists!" % id)
|
msg = ("Image with identifier %s already exists!" % id)
|
||||||
@ -286,15 +284,15 @@ class Controller(object):
|
|||||||
image_data = body['image']
|
image_data = body['image']
|
||||||
|
|
||||||
purge_props = req.headers.get("X-Glance-Registry-Purge-Props", "false")
|
purge_props = req.headers.get("X-Glance-Registry-Purge-Props", "false")
|
||||||
context = None
|
|
||||||
try:
|
try:
|
||||||
logger.debug("Updating image %(id)s with metadata: %(image_data)r"
|
logger.debug("Updating image %(id)s with metadata: %(image_data)r"
|
||||||
% locals())
|
% locals())
|
||||||
if purge_props == "true":
|
if purge_props == "true":
|
||||||
updated_image = db_api.image_update(context, id, image_data,
|
updated_image = db_api.image_update(req.context, id,
|
||||||
True)
|
image_data, True)
|
||||||
else:
|
else:
|
||||||
updated_image = db_api.image_update(context, id, image_data)
|
updated_image = db_api.image_update(req.context, id,
|
||||||
|
image_data)
|
||||||
return dict(image=make_image_dict(updated_image))
|
return dict(image=make_image_dict(updated_image))
|
||||||
except exception.Invalid, e:
|
except exception.Invalid, e:
|
||||||
msg = ("Failed to update image metadata. "
|
msg = ("Failed to update image metadata. "
|
||||||
|
Loading…
Reference in New Issue
Block a user