Merge pull request #169 from scanon/backwardsupport

Backwardsupport
NERSC · Apr 20, 2017 · 4dc2134 · 4dc2134
2 parents a5c77ed + 07093db
commit 4dc2134
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 4 deletions.
diff --git a/doc/updating.rst b/doc/updating.rst
@@ -1,6 +1,18 @@
 Updating Shifter
 ================
 
+Version 16.08.1 to 17.04.0
+--------------------------
+
+If private images are pulled, the resulting metadata will be incompatible with
+previous versions of the shifter runtime.  Set an environment variable called
+DISABLE_ACL_METADATA to a value in order to enable backwards compatibility.
+Note that this means some access checks in the runtime will not be enforced
+and a determined user could use this to access a private image they should
+not have access to.  So this option should only be used as a temporary 
+bridge and sites should inform the users of the potential risks.
+
+
 Version 15.12.0 to 16.08.1
 --------------------------
 udiRoot.conf

diff --git a/imagegw/shifter_imagegw/converters.py b/imagegw/shifter_imagegw/converters.py
@@ -126,6 +126,10 @@ def writemeta(fmt, meta, metafile):
         private = False
         if 'private' in meta:
             private = meta['private']
+        # Disable saving private image info for backwards support
+        # This can be deprecated in the future.
+        if 'DISABLE_ACL_METADATA' in os.environ:
+            private = False
         meta_fd.write("FORMAT: %s\n" % (fmt))
         if 'entrypoint' in meta and meta['entrypoint'] is not None:
             meta_fd.write("ENTRY: %s\n" % (meta['entrypoint']))

diff --git a/imagegw/test/converters_test.py b/imagegw/test/converters_test.py
@@ -24,7 +24,7 @@
 class ConvertersTestCase(unittest.TestCase):
 
     def setUp(self):
-        #os.environ['PATH']=os.environ['PATH']+":./test"
+        # os.environ['PATH']=os.environ['PATH']+":./test"
         test_dir = os.path.dirname(os.path.abspath(__file__)) + "/../test/"
         self.test_dir = test_dir
         if 'TMPDIR' in os.environ:
@@ -89,11 +89,14 @@ def test_writemeta(self):
                     meta['ENV'].append(v)
                 else:
                     meta[k] = v
-        keys = ('WORKDIR', 'FORMAT', 'ENTRY', 'USERACL', 'GROUPACL')
+        keys = ['WORKDIR', 'FORMAT', 'ENTRY']
+        if 'DISABLE_ACL_METADATA' not in os.environ:
+            keys.extend(['USERACL', 'GROUPACL'])
         for key in keys:
             self.assertIn(key, meta)
-        self.assertEquals(meta['USERACL'].find("["), -1)
-        self.assertEquals(meta['USERACL'].find("]"), -1)
+        if 'DISABLE_ACL_METADATA' not in os.environ:
+            self.assertEquals(meta['USERACL'].find("["), -1)
+            self.assertEquals(meta['USERACL'].find("]"), -1)
         self.assertGreater(len(meta['ENV']), 0)
 
     def test_ext4(self):