commit a18ecf4a27e2bc461c6ea7a86c8927e1b5a9742f Author: Mark Washenberger Date: Thu Oct 11 07:32:14 2012 +0000 Delete from store after registry delete. Because we rely on the registry to determine authorization in the glance v1 api, we must attempt a registry delete before deleting an image from the image store. Fixes bug 1065187. Change-Id: I2cd06d151b1c9a2d0fd944f05c1d63fffe2f843a diff --git a/glance/api/v1/images.py b/glance/api/v1/images.py index 097dc05..9a64b4a 100644 --- a/glance/api/v1/images.py +++ b/glance/api/v1/images.py @@ -812,22 +812,28 @@ class Controller(controller.BaseController): request=req, content_type="text/plain") - status = 'deleted' + if image['location'] and CONF.delayed_delete: + status = 'pending_delete' + else: + status = 'deleted' + try: + # Delete the image from the registry first, since we rely on it + # for authorization checks. + # See https://bugs.launchpad.net/glance/+bug/1065187 + registry.update_image_metadata(req.context, id, {'status': status}) + registry.delete_image_metadata(req.context, id) + # The image's location field may be None in the case # of a saving or queued image, therefore don't ask a backend # to delete the image if the backend doesn't yet store it. # See https://bugs.launchpad.net/glance/+bug/747799 if image['location']: if CONF.delayed_delete: - status = 'pending_delete' schedule_delayed_delete_from_backend(image['location'], id) else: safe_delete_from_backend(image['location'], req.context, id) - - registry.update_image_metadata(req.context, id, {'status': status}) - registry.delete_image_metadata(req.context, id) except exception.NotFound, e: msg = ("Failed to find image to delete: %(e)s" % locals()) for line in msg.split('\n'):