Public bug reported: If image signature verification is enabled then while creating the image if verfication fails then it returns vaild error, deletes image from the database but image data stays in the bakend forever.
Ideally if image verfication fails then it should delete the data from the backend as well. Pre-requisites: 1. Ensure Barbican is enabled 2. Create Keys and Certificate (Reference https://etherpad.openstack.org/p/mitaka-glance-image-signing-instructions#90) 3. Create Signature (Reference https://etherpad.openstack.org/p/mitaka-glance-image-signing-instructions#184) and note down output of 'signature_64' 4. Create context and upload certificate using context (Reference https://etherpad.openstack.org/p/glance-image-signing-create-context) and note down output of 'cert_uuid' Steps to reproduce: 1. Upload Image to Glance, with Signature Metadata img_signature_certificate_uuid = 'fb67edd2-95ef-404b-9af2-910708c6d9b7' img_signature_hash_method = 'SHA-256' img_signature_key_type = 'RSA-PSS' img_signature = 'ezccBYtJEdj2gOrN09woioHwi2rDVvBsmRI0i+9EYAYdE7E6FV8jzJD9BImcq/m7Dm6yZZPkCUHz+y4HBKeYqK0+otcz921zaeqcKGBvU1t7J9AL0hEgJbWg0RY6RXqDXpsOQrrkrHuna4O+BUOp6sPwb3j2eFYbbsqW6d/obgM=' (different which is noted in Pre-requisites section Point 4 as 'signature_64') $ glance image-create --property name=cirrosSignedImage_goodSignature --property is-public=true --container-format bare --disk-format qcow2 --property img_signature='abcdBYtJEdj2gOrN09woioHwi2rDVvBsmRI0i+9EYAYdE7E6FV8jzJD9BImcq/m7Dm6yZZPkCUHz+y4HBKeYqK0+otcz921zaeqcKGBvU1t7J9AL0hEgJbWg0RY6RXqDXpsOQrrkrHuna4O+BUOp6sPwb3j2eFYbbsqW6d/obgM=' --property img_signature_certificate_uuid='fb67edd2-95ef-404b- 9af2-910708c6d9b7' --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' --file cirros-0.3.2-source.tar.gz Note: 'img_signature' starts with 'ezcc...' but in create command I have passed as 'abcd..' Actual Output: +--------------------------------+----------------------------------------------------------------------------------+ | Property | Value | +--------------------------------+----------------------------------------------------------------------------------+ | checksum | None | | container_format | bare | | created_at | 2017-12-05T07:04:38Z | | disk_format | qcow2 | | id | 6e8bec71-2176-4bcc-a732-2f76c5ac589f | | img_signature | abcdBYtJEdj2gOrN09woioHwi2rDVvBsmRI0i+9EYAYdE7E6FV8jzJD9BImcq/m7Dm6yZZPkCUHz+y4H | | | BKeYqK0+otcz921zaeqcKGBvU1t7J9AL0hEgJbWg0RY6RXqDXpsOQrrkrHuna4O+BUOp6sPwb3j2eFYb | | | bsqW6d/obgM= | | img_signature_certificate_uuid | fb67edd2-95ef-404b-9af2-910708c6d9b7 | | img_signature_hash_method | SHA-256 | | img_signature_key_type | RSA-PSS | | is-public | true | | min_disk | 0 | | min_ram | 0 | | name | cirrosSignedImage_goodSignature | | owner | 4f186fe25c934eeb95186fd0c5afda49 | | protected | False | | size | None | | status | queued | | tags | [] | | updated_at | 2017-12-05T07:04:38Z | | virtual_size | None | | visibility | shared | +--------------------------------+----------------------------------------------------------------------------------+ $ 400 Bad Request: Signature verification failed for image 6e8bec71-2176-4bcc-a732-2f76c5ac589f: Signature verification failed (HTTP 400) Expected Output: $ 400 Bad Request: Signature verification failed for image 6e8bec71-2176-4bcc-a732-2f76c5ac589f: Signature verification failed (HTTP 400) NOTE: Image data stays in backend $ ls -lah /opt/stack/data/glance/images/6e8bec71-2176-4bcc-a732-2f76c5ac589f total 15M drwxr-xr-x. 2 centos centos 270 Dec 5 07:04 . drwxr-xr-x. 5 centos centos 46 Dec 5 04:42 .. -rw-r--r--. 1 centos centos 420K Dec 5 07:04 6e8bec71-2176-4bcc-a732-2f76c5ac589f Glance-api logs: Dec 05 07:04:38 signature-test.rdocloud [email protected][25628]: ERROR glance.api.v2.image_data [None req-b81d5e9c-8d5c-4b48-b7c8-efe546c3aa97 demo admin] Signature verification failed for image 6e8bec71-2176-4bcc-a732-2f76c5ac589f: Signature verification failed: SignatureVerificationError: Signature verification failed ** Affects: glance Importance: Undecided Assignee: Abhishek Kekane (abhishek-kekane) Status: New ** Changed in: glance Assignee: (unassigned) => Abhishek Kekane (abhishek-kekane) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1736336 Title: Image data stays in backend if image signature verification fails Status in Glance: New Bug description: If image signature verification is enabled then while creating the image if verfication fails then it returns vaild error, deletes image from the database but image data stays in the bakend forever. Ideally if image verfication fails then it should delete the data from the backend as well. Pre-requisites: 1. Ensure Barbican is enabled 2. Create Keys and Certificate (Reference https://etherpad.openstack.org/p/mitaka-glance-image-signing-instructions#90) 3. Create Signature (Reference https://etherpad.openstack.org/p/mitaka-glance-image-signing-instructions#184) and note down output of 'signature_64' 4. Create context and upload certificate using context (Reference https://etherpad.openstack.org/p/glance-image-signing-create-context) and note down output of 'cert_uuid' Steps to reproduce: 1. Upload Image to Glance, with Signature Metadata img_signature_certificate_uuid = 'fb67edd2-95ef-404b-9af2-910708c6d9b7' img_signature_hash_method = 'SHA-256' img_signature_key_type = 'RSA-PSS' img_signature = 'ezccBYtJEdj2gOrN09woioHwi2rDVvBsmRI0i+9EYAYdE7E6FV8jzJD9BImcq/m7Dm6yZZPkCUHz+y4HBKeYqK0+otcz921zaeqcKGBvU1t7J9AL0hEgJbWg0RY6RXqDXpsOQrrkrHuna4O+BUOp6sPwb3j2eFYbbsqW6d/obgM=' (different which is noted in Pre-requisites section Point 4 as 'signature_64') $ glance image-create --property name=cirrosSignedImage_goodSignature --property is-public=true --container-format bare --disk-format qcow2 --property img_signature='abcdBYtJEdj2gOrN09woioHwi2rDVvBsmRI0i+9EYAYdE7E6FV8jzJD9BImcq/m7Dm6yZZPkCUHz+y4HBKeYqK0+otcz921zaeqcKGBvU1t7J9AL0hEgJbWg0RY6RXqDXpsOQrrkrHuna4O+BUOp6sPwb3j2eFYbbsqW6d/obgM=' --property img_signature_certificate_uuid='fb67edd2-95ef-404b- 9af2-910708c6d9b7' --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' --file cirros-0.3.2-source.tar.gz Note: 'img_signature' starts with 'ezcc...' but in create command I have passed as 'abcd..' Actual Output: +--------------------------------+----------------------------------------------------------------------------------+ | Property | Value | +--------------------------------+----------------------------------------------------------------------------------+ | checksum | None | | container_format | bare | | created_at | 2017-12-05T07:04:38Z | | disk_format | qcow2 | | id | 6e8bec71-2176-4bcc-a732-2f76c5ac589f | | img_signature | abcdBYtJEdj2gOrN09woioHwi2rDVvBsmRI0i+9EYAYdE7E6FV8jzJD9BImcq/m7Dm6yZZPkCUHz+y4H | | | BKeYqK0+otcz921zaeqcKGBvU1t7J9AL0hEgJbWg0RY6RXqDXpsOQrrkrHuna4O+BUOp6sPwb3j2eFYb | | | bsqW6d/obgM= | | img_signature_certificate_uuid | fb67edd2-95ef-404b-9af2-910708c6d9b7 | | img_signature_hash_method | SHA-256 | | img_signature_key_type | RSA-PSS | | is-public | true | | min_disk | 0 | | min_ram | 0 | | name | cirrosSignedImage_goodSignature | | owner | 4f186fe25c934eeb95186fd0c5afda49 | | protected | False | | size | None | | status | queued | | tags | [] | | updated_at | 2017-12-05T07:04:38Z | | virtual_size | None | | visibility | shared | +--------------------------------+----------------------------------------------------------------------------------+ $ 400 Bad Request: Signature verification failed for image 6e8bec71-2176-4bcc-a732-2f76c5ac589f: Signature verification failed (HTTP 400) Expected Output: $ 400 Bad Request: Signature verification failed for image 6e8bec71-2176-4bcc-a732-2f76c5ac589f: Signature verification failed (HTTP 400) NOTE: Image data stays in backend $ ls -lah /opt/stack/data/glance/images/6e8bec71-2176-4bcc-a732-2f76c5ac589f total 15M drwxr-xr-x. 2 centos centos 270 Dec 5 07:04 . drwxr-xr-x. 5 centos centos 46 Dec 5 04:42 .. -rw-r--r--. 1 centos centos 420K Dec 5 07:04 6e8bec71-2176-4bcc-a732-2f76c5ac589f Glance-api logs: Dec 05 07:04:38 signature-test.rdocloud [email protected][25628]: ERROR glance.api.v2.image_data [None req-b81d5e9c-8d5c-4b48-b7c8-efe546c3aa97 demo admin] Signature verification failed for image 6e8bec71-2176-4bcc-a732-2f76c5ac589f: Signature verification failed: SignatureVerificationError: Signature verification failed To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1736336/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
