v2 image download returns 403 when 'get_image_locations' policy set

Fix proposed to branch: master
Review: https://review.openstack.org/229984

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/230008

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/230010

Reviewed: https://review.openstack.org/229984
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=b47f625443c3b46483506926f31fee42478705d4
Submitter: Jenkins
Branch: master

commit b47f625443c3b46483506926f31fee42478705d4
Author: Stuart McLaren <email address hidden>
Date: Wed Sep 30 16:54:12 2015 +0000

    Download forbidden when get_image_location is set.

    When using v2 an attempt to download an image would return a 403 if the
    get_image_location policy was set.

    Note: We had been returning both 404 and 204 when no data was
    available. There was no way to detect the 404 case without trying to
    access the image locations so I've standardized on 204.

    Change-Id: I658b08a35d3a8cb8a7096baf716ccb3d6e7d9abf
    Closes-bug: 1501672

Reviewed: https://review.openstack.org/230008
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=ca8d909a61ba335805d8d17070230ce9478a000d
Submitter: Jenkins
Branch: stable/liberty

commit ca8d909a61ba335805d8d17070230ce9478a000d
Author: Stuart McLaren <email address hidden>
Date: Wed Sep 30 16:54:12 2015 +0000

    Download forbidden when get_image_location is set.

    When using v2 an attempt to download an image would return a 403 if the
    get_image_location policy was set.

    Note: We had been returning both 404 and 204 when no data was
    available. There was no way to detect the 404 case without trying to
    access the image locations so I've standardized on 204.

    Change-Id: I658b08a35d3a8cb8a7096baf716ccb3d6e7d9abf
    Closes-bug: 1501672
    (cherry picked from commit b47f625443c3b46483506926f31fee42478705d4)

Reviewed: https://review.openstack.org/230010
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=2499162cbe62bb16ac0ae16fd66da2d838576779
Submitter: Jenkins
Branch: stable/kilo

commit 2499162cbe62bb16ac0ae16fd66da2d838576779
Author: Stuart McLaren <email address hidden>
Date: Wed Sep 30 16:54:12 2015 +0000

    Download forbidden when get_image_location is set.

    When using v2 an attempt to download an image would return a 403 if the
    get_image_location policy was set.

    Note: We had been returning both 404 and 204 when no data was
    available. There was no way to detect the 404 case without trying to
    access the image locations so I've standardized on 204.

    Change-Id: I658b08a35d3a8cb8a7096baf716ccb3d6e7d9abf
    Closes-bug: 1501672
    (cherry picked from commit b47f625443c3b46483506926f31fee42478705d4)

Fix proposed to branch: master
Review: https://review.openstack.org/235346

Reviewed: https://review.openstack.org/235346
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=431fa95ecf92a9ebb7082f829c0a99f958363cc3
Submitter: Jenkins
Branch: master

commit 69516fad5f651a085a047a337a05c58b39023c1b
Author: Mike Fedosin <email address hidden>
Date: Mon Oct 12 15:34:54 2015 +0300

    Add 'deactivated' status to image schema.

    New 'deactivated' status was introduced in Kilo release,
    but it doesn't listed in available image statuses in the schema.

    It leads to issues on the client side, when it can't validate
    the image with this status against the schema and returns the error.

    Change-Id: I5ec264614ae7ecf54b846ad0600442a18c61d24c
    Closes-bug: #1505218
    Related-bug: #1505134

commit c5b6901527b8b4a1250bdc179405c8af66fbae7e
Author: Mike Fedosin <email address hidden>
Date: Tue Oct 13 00:33:27 2015 +0300

    Add testresources and testscenarios used by oslo.db fixture

    If we use oslo.db fixtures, we'll need these 2 packages or
    the next version of oslo.db release will break us.

    Change-Id: I7c0d2f6dabc20bd4ff0d29d3b47b948aa24ea56b
    Closes-Bug: #1503501

commit fc32f0554de0ba7773d98e6828da157ca7c66002
Author: Mike Fedosin <email address hidden>
Date: Sun Sep 20 17:01:22 2015 +0300

    Cleanup chunks for deleted image if token expired

    In patch I47229b366c25367ec1bd48aec684e0880f3dfe60 it was
    introduced the logic that if image was deleted during file
    upload when we want to update image status from 'saving'
    to 'active' it's expected to get Duplicate error and delete
    stale chunks after that. But if user's token is expired
    there will be Unathorized exception and chunks will stay
    in store and clog it.
    And when, the upload operation for such an image is
    completed the operator configured quota can be exceeded.

    This patch fixes the issue of left over chunks for an image
    which was deleted from saving status, by correctly handle
    auth exceptions from registry server.

    Partial-bug: #1498163

    Change-Id: I17a66eca55bfb83107046910e69c4da01415deec

commit ca8d909a61ba335805d8d17070230ce9478a000d
Author: Stuart McLaren <email address hidden>
Date: Wed Sep 30 16:54:12 2015 +0000

    Download forbidden when get_image_location is set.

    When using v2 an attempt to download an image would return a 403 if the
    get_image_location policy was set.

    Note: We had been returning both 404 and 204 when no data was
    available. There was no way to detect the 404 case without trying to
    access the image locations so I've standardized on 204.

    Change-Id: I658b08a35d3a8cb8a7096baf716ccb3d6e7d9abf
    Closes-bug: 1501672
    (cherry picked from commit b47f625443c3b46483506926f31fee42478705d4)

commit ebdf076cc9bd5d9239cdc96c6e7cecc72f852bbb
Author: Mike Fedosin <email address hidden>
Date: Thu Oct 1 18:28:48 2015 +0300

    Catch NotAuthenticated exception in import task

    If glance uses registry as data_api then it's possible
    that token may expire during image import task and Glance
    will have NotUauthenticated exception.

    This code adds...