Browse Source

Fix public image ACL in multi-tenant Swift mode

Currently the ACL to public Swift images is '.r:*'. This means that
anonymous users who have not authenticated may be able to access the
data of a public Swift image when multi-tenant mode is enabled.

Change to use the cross-tenant '*:*' ACL which requires an authenticated
user for access.

Note: This does not address authenticated users being able to download
public image data directly from Swift (potentially bypassing Glance's
'download_image' policy).

Change-Id: I1fa3297908ca4be517419e9460f056a09aa98ef0
Addresses: OSSN 0025 (https://review.openstack.org/#/c/117928/)
Closes-bug: #1354512
tags/0.1.10^2
Stuart McLaren 4 years ago
parent
commit
69f801c349
2 changed files with 2 additions and 2 deletions
  1. 1
    1
      glance_store/_drivers/swift/store.py
  2. 1
    1
      tests/unit/test_swift_store.py

+ 1
- 1
glance_store/_drivers/swift/store.py View File

@@ -792,7 +792,7 @@ class MultiTenantStore(BaseStore):
792 792
 
793 793
         headers = {}
794 794
         if public:
795
-            headers['X-Container-Read'] = ".r:*,.rlistings"
795
+            headers['X-Container-Read'] = "*:*"
796 796
         elif read_tenants:
797 797
             headers['X-Container-Read'] = ','.join('%s:*' % i
798 798
                                                    for i in read_tenants)

+ 1
- 1
tests/unit/test_swift_store.py View File

@@ -776,7 +776,7 @@ class SwiftTests(object):
776 776
         container_headers = swiftclient.client.head_container('x', 'y',
777 777
                                                               'glance')
778 778
         self.assertEqual(container_headers['X-Container-Read'],
779
-                         ".r:*,.rlistings")
779
+                         "*:*")
780 780
 
781 781
     def test_read_acl_tenants(self):
782 782
         """

Loading…
Cancel
Save