Glance

Bug #1065187
Comment #2

Comment 2 for bug 1065187

Revision history for this message

Mark Washenberger (markwash) wrote on 2012-10-11: Re: Non-admin users can cause public glance images to be deleted from the backend storage repository

Here is a patchset that should fix things up.

commit a18ecf4a27e2bc461c6ea7a86c8927e1b5a9742f
Author: Mark Washenberger <email address hidden>
Date: Thu Oct 11 07:32:14 2012 +0000

Delete from store after registry delete.

    Because we rely on the registry to determine authorization in the glance
    v1 api, we must attempt a registry delete before deleting an image from
    the image store.

Fixes bug 1065187.

Change-Id: I2cd06d151b1c9a2d0fd944f05c1d63fffe2f843a

- status = 'deleted'
+ if image['location'] and CONF.delayed_delete:
+ status = 'pending_delete'
+ else:
+ status = 'deleted'
+
         try:
+ # Delete the image from the registry first, since we rely on it
+ # for authorization checks.
+ # See https://bugs.launchpad.net/glance/+bug/1065187
+ registry.update_image_metadata(req.context, id, {'status': status})
+ registry.delete_image_metadata(req.context, id)
+
             # The image's location field may be None in the case
             # of a saving or queued image, therefore don't ask a backend
             # to delete the image if the backend doesn't yet store it.
             # See https://bugs.launchpad.net/glance/+bug/747799
             if image['location']:
                 if CONF.delayed_delete:
- status = 'pending_delete'
                     schedule_delayed_delete_from_backend(image['location'], id)
                 else:
                     safe_delete_from_backend(image['location'],
                                              req.context, id)
-
- registry.update_image_metadata(req.context, id, {'status': status})
- registry.delete_image_metadata(req.context, id)
         except exception.NotFound, e:
             msg = ("Failed to find image to delete: %(e)s" % locals())
             for line in msg.split('\n'):

Here is a patchset that should fix things up.

commit a18ecf4a27e2bc461c6ea7a86c8927e1b5a9742f
Author: Mark Washenberger <mark.washenberger@rackspace.com>
Date:   Thu Oct 11 07:32:14 2012 +0000

Delete from store after registry delete.
    
    Because we rely on the registry to determine authorization in the glance
    v1 api, we must attempt a registry delete before deleting an image from
    the image store.
    
    Fixes bug 1065187.
    
    Change-Id: I2cd06d151b1c9a2d0fd944f05c1d63fffe2f843a

diff --git a/glance/api/v1/images.py b/glance/api/v1/images.py
index 097dc05..9a64b4a 100644
--- a/glance/api/v1/images.py
+++ b/glance/api/v1/images.py
@@ -812,22 +812,28 @@ class Controller(controller.BaseController):
                                 request=req,
                                 content_type="text/plain")
 
-        status = 'deleted'
+        if image['location'] and CONF.delayed_delete:
+            status = 'pending_delete'
+        else:
+            status = 'deleted'
+
         try:
+            # Delete the image from the registry first, since we rely on it
+            # for authorization checks.
+            # See https://bugs.launchpad.net/glance/+bug/1065187
+            registry.update_image_metadata(req.context, id, {'status': status})
+            registry.delete_image_metadata(req.context, id)
+
             # The image's location field may be None in the case
             # of a saving or queued image, therefore don't ask a backend
             # to delete the image if the backend doesn't yet store it.
             # See https://bugs.launchpad.net/glance/+bug/747799
             if image['location']:
                 if CONF.delayed_delete:
-                    status = 'pending_delete'
                     schedule_delayed_delete_from_backend(image['location'], id)
                 else:
                     safe_delete_from_backend(image['location'],
                                              req.context, id)
-
-            registry.update_image_metadata(req.context, id, {'status': status})
-            registry.delete_image_metadata(req.context, id)
         except exception.NotFound, e:
             msg = ("Failed to find image to delete: %(e)s" % locals())
             for line in msg.split('\n'):