Hi Thierry, which stable/diablo code path is vunerable?
I think this bit is ok:
def schedule_delete_from_backend(uri, options, context, image_id, **kwargs):
"""
Given a uri and a time, schedule the deletion of an image.
"""
use_delay = config.get_option(options, 'delayed_delete', type='bool', default=False)
if not use_delay: registry.update_image_metadata(options, context, image_id, {'status': 'deleted'}) <<< if delayed delete is disabled we'll hit this -- which I think will fail with not authorized.
try:
return delete_from_backend(uri, **kwargs)
except (UnsupportedBackend, exception.NotFound):
msg = _("Failed to delete image from store (%(uri)s).") % locals() logger.error(msg)
registry.update_image_metadata(options, context, image_id, {'status': 'pending_delete'}) <<< if delayed delete is enabled we'll hit this -- which I think will fail with not authorized.
Hi Thierry, which stable/diablo code path is vunerable?
I think this bit is ok:
def schedule_ delete_ from_backend( uri, options, context, image_id, **kwargs): get_option( options, 'delayed_delete', type='bool',
default= False)
registry. update_ image_metadata( options, context, image_id,
{'status' : 'deleted'}) <<< if delayed delete is disabled we'll hit this -- which I think will fail with not authorized. from_backend( uri, **kwargs) kend, exception. NotFound) :
logger. error(msg)
"""
Given a uri and a time, schedule the deletion of an image.
"""
use_delay = config.
if not use_delay:
try:
return delete_
except (UnsupportedBac
msg = _("Failed to delete image from store (%(uri)s).") % locals()
registry. update_ image_metadata( options, context, image_id,
{'status' : 'pending_delete'}) <<< if delayed delete is enabled we'll hit this -- which I think will fail with not authorized.