63195aaa3b
The image locations table stores the swift url for images which includes the user and key values. This if exposed, can cause security risk. Hence this patch, santizies that information out of the location before storing and plugs it back in when it is required. Introduced a new configuration file that supports multiple swift account references. It has the credentials and authurl for each store. It is specified using 'swift_store_config_file'. In addition, this patch does the following things: Differentiate user and system created swift locations Currently we do not differentiate between user supplied uri and system created locations that have the account reference. This patch introduces new scheme: 'swift+config' for this purpose. Image create in V1 should validate the uri in case where location isn't specified. This patch ensures that a store is not set while creating an image or updating it. Related to bp remove-sensitive-data-from-locations Implements blueprint: support-multiple-swift-backends Implements bp: v1-image-create-should-validate-the-location-uri DocImpact Co-authored by: sridevik <sridevi.koushik@rackspace.com>, iccha-sethi <iccha.sethi@rackspace.com>, amalabasha <amala.alungal@rackspace.com> Change-Id: I75af34145521f533dcd6f5fd7690f5a68f3b44b3
22 lines
496 B
Plaintext
22 lines
496 B
Plaintext
# glance-swift.conf.sample
|
|
#
|
|
# This file is an example config file when
|
|
# multiple swift accounts/backing stores are enabled.
|
|
#
|
|
# Specify the reference name in []
|
|
# For each section, specify the auth_address, user and key.
|
|
#
|
|
# WARNING:
|
|
# * If any of auth_address, user or key is not specified,
|
|
# the glance-api's swift store will fail to configure
|
|
|
|
[ref1]
|
|
user = tenant:user1
|
|
key = key1
|
|
auth_address = auth123@example.com
|
|
|
|
[ref2]
|
|
user = user2
|
|
key = key2
|
|
auth_address = http://auth345@example.com
|