[Openstack-security] [openstack/ironic] SecurityImpact review request change I10e4784eee63e8edc9ba30a9c5004a08aa3a6d8e
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Mon Jul 28 18:20:49 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/81391
Log:
commit 72e2dc31efd1835fdd1f2f87515fb9ff4d77e365
Author: Josh Gachnang <josh at pcsforeducation.com>
Date: Wed Mar 19 16:47:38 2014 -0700
Adding swift temp url support
This patch will allow properly configured Glance servers to return a temporary
URL for an object hosted on Swift. It will require Glance to use Swift
as its backend. A temporary URL allow a deploy driver to download an image
from Glance without requiring an auth_token, which gives access more than
just Glance. This requires a set of config options: the Glance endpoint URL,
a shared secret temporary key, and the account configured in Glance to talk
to Swift with, which owns the container images are stored in.
A later patch will explore using the direct_url in Glance to simplify the
config options.
We/I need to add a note in the docs about Swift being a possible dependency
for Ironic deploys using IPA, along with how to set the Temp URL key.
Swift performance concerns will be addressed in this blueprint:
https://blueprints.launchpad.net/ironic/+spec/improve-swift-agent-downloads
SecurityImpact
DocImpact
Partial Implements: blueprint swift-temp-urls
Change-Id: I10e4784eee63e8edc9ba30a9c5004a08aa3a6d8e
More information about the Openstack-security
mailing list