Glance

Prevent user to remove last location of the image

Bug #1542724 reported by OpenStack Infra on 2016-02-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Glance	Fix Released	Low	Brian Rosmaita

Bug Description

https://review.openstack.org/275735
Dear bug triager. This bug was created since a commit was marked with DOCIMPACT.
Your project "openstack/glance" is set up so that we directly report the documentation bugs against it. If this needs changing, the docimpact-group option needs to be added for the project. You can ask the OpenStack infra team (#openstack-infra on freenode) for help if you need to.

commit c5c731c7153d6d46c27260474d2811d504dfac5c
Author: Erno Kuvaja <email address hidden>
Date: Tue Jan 19 13:37:05 2016 +0000

Prevent user to remove last location of the image

    If the last location of the image is removed, image transitions back to queued.
    This allows user to upload new data into the existing image record. By
    preventing removal of the last location we prevent the image transition back to
    queued.

This change also prevents doing the same operation via replacing the locations
with empty list.

    SecurityImpact
    DocImpact
    APIImpact

Conflicts:
glance/tests/unit/v2/test_images_resource.py

Conflicts:
glance/api/v2/images.py

    Change-Id: Ieb03aaba887492819f9c58aa67f7acfcea81720e
    Closes-Bug: #1525915
    (cherry picked from commit e9e45baa9aaf58e69964419b6b4fb2048d115a0c)

Tags:

Brian Rosmaita (brian-rosmaita) on 2016-09-08

Changed in glance:
status:	New → Triaged
importance:	Undecided → Medium
assignee:	nobody → Brian Rosmaita (brian-rosmaita)

Revision history for this message

Brian Rosmaita (brian-rosmaita) wrote on 2016-09-08:

This was fixed in Mitaka (doc'd with a release note) and I think backported to kilo and liberty.

Release note says:
Fixing bug 1525915; image might be transitioning
    from active to queued by regular user by removing
    last location of image (or replacing locations
    with empty list). This allows user to re-upload
    data to the image breaking Glance's promise of
    image data immutability. From now on, last
    location cannot be removed and locations cannot
    be replaced with empty list.

* Update the PATCH call in the api-ref to mention this. Maybe have a brief section of "stuff that could cause your call to fail"? (Check to see whether the default is only an admin can update locations -- I think it is.)

Revision history for this message

Nikhil Komawar (nikhil-komawar) wrote on 2016-09-13:

Should this bug be in FixReleased status or Invalid if no doc is needed? (I'm trying to close it if it's not relevant)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-10-19: Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/513549

Changed in glance:
status:	Triaged → In Progress

Brian Rosmaita (brian-rosmaita) on 2017-10-19

Changed in glance:
importance:	Medium → Low

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-10-24: Fix merged to glance (master)

Reviewed: https://review.openstack.org/513549
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=8026e7f588786a9fc78d6c554725c30b3c4dd8fa
Submitter: Zuul
Branch: master

commit 8026e7f588786a9fc78d6c554725c30b3c4dd8fa
Author: Brian Rosmaita <email address hidden>
Date: Thu Oct 19 18:45:42 2017 -0400

Update api-ref about 403 for image location changes

    Add deleting the only location or attempting to set the locations
    to an empty list as another reason why a user might get a 403
    response to a PATCH call.

Change-Id: I2edb072ded11d1b710af0309f0372d1b16042a54
Closes-bug: #1542724