Glance

Updating an image by removing 'id', 'file', 'location', 'schema', or 'self' returns a 409 response

Bug #1443563 reported by Luke Wollney
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
Medium
Darja Shakhray

Bug Description

Overview:
When a user attempts to update an image by removing 'id', 'file', 'location', 'schema', or 'self' as an image property, a 409 response is returned even though every image has each of them by default.

Steps to reproduce:
1) Create an image
2) Update the image via PATCH /images/<id> passing '[{"path": "/id", "value": "<created_image_id>", "op": "remove"}]'
3) Notice that a 409 accepted response is returned

Expected:
A 403 response should be returned

Actual:
A 409 response is returned

Revision history for this message
Stuart McLaren (stuart-mclaren) wrote :

From http://www.checkupdown.com/status/E409.html

409 looks ok to me.

Nicholas I (nicholas-d)
Changed in glance:
assignee: nobody → Nicholas I (nicholas-d)
Nicholas I (nicholas-d)
Changed in glance:
assignee: Nicholas I (nicholas-d) → nobody
Revision history for this message
Nicholas I (nicholas-d) wrote :

Hi Luke,

403 error is for forbidden and 409 is for conflicts.

Why do you say it's expected result should be 403?

Changed in glance:
status: New → Incomplete
Revision history for this message
Luke Wollney (luke-wollney) wrote :

Thank you for taking the time to look into this bug. There are several image properties that are all added by default which are restricted. This list includes, but may not be limited to, 'id', 'file', 'location', 'schema', and 'self'. When a user attempts to remove one of these properties via the update image request, an error should be returned.

When a user attempts to remove 'file', 'location', 'schema', or 'self', a 403 Forbidden response is returned. However, when attempting to remove the 'id' property from an image, a 409 Conflict response is returned.

In order to be consistent with the rest of the restricted image properties, a 403 Forbidden response should be returned. I believe a 403 response is correct for the other restricted properties as that is how it currently is setup.

Please note not to confuse this update image request, passing the 'remove' operation, with the other two operations of 'add' and 'replace'.

Please let me know if you need further information. Thank you again.

Changed in glance:
status: Incomplete → New
Mike Fedosin (mfedosin)
Changed in glance:
status: New → Confirmed
Darja Shakhray (dshakhray)
Changed in glance:
assignee: nobody → dshakhray (dshakhray)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/232663

Changed in glance:
status: Confirmed → In Progress
Nikhil Komawar (nikhil-komawar)
Changed in glance:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/232663
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=f945f815754ab6596bb580517a860e9015705464
Submitter: Jenkins
Branch: master

commit f945f815754ab6596bb580517a860e9015705464
Author: Darja Shakhray <email address hidden>
Date: Thu Oct 8 19:49:54 2015 +0300

    Fix 409 response when updating an image by removing read-only property

    Added check "validate_change" for request PATCH operation "remove".

    Change-Id: I0c268e1d44a48c0f0f66856e7a87205c846c70e3
    Closes-bug: #1443563

Changed in glance:
status: In Progress → Fix Committed
Doug Hellmann (doug-hellmann)
Changed in glance:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.