Openstack Glance image signature and validation for upload and boot controls?
S Andronic
sandronic888 at gmail.com
Wed Oct 20 12:24:26 UTC 2021
Hi,
I have a question in regards to Openstack Glance and if I got it right
this can be a place to ask, if I am wrong please kindly point me in the
right direction.
When you enable Image Signing and Certificate Validation in nova.conf:
[glance]
verify_glance_signatures = True
enable_certificate_validation = True
Will this stop users from uploading unsigned images or using unsigned
images to spin up instances?
Intuitively I feel that it will enforce checks only if the signature
property exists, but what if it doesn't?
Does it control in any way unsigned images?
Does it stop users from uploading or using anything unsigned?
Would an image without the signing properties just be rejected?
If this feature doesn't stop the use of unsigned images as a security
control what is the logic behind it then?
Is this meant not to stop users from using unsigned images but such
that people who do use signed images have verification for their code?
So if the goal is to stop people from using random images and image
signing and validation is not the answer what would be?
Kind Regards,
S. Andronic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20211020/5cab6551/attachment.htm>
More information about the openstack-discuss
mailing list