Here is a patch that adds a test for this behavior. I did this separately so the fix could be backported alone, since this test depends on some more recent changes in master.
commit cce2af5a48de737869d53eeafdb0532eede136d4
Author: Mark Washenberger <email address hidden>
Date: Wed Oct 10 20:23:24 2012 +0000
diff --git a/glance/tests/stubs.py b/glance/tests/stubs.py
index fecea11..92dcf90 100644
--- a/glance/tests/stubs.py
+++ b/glance/tests/stubs.py
@@ -60,7 +60,13 @@ class FakeRegistryConnection(object):
def getresponse(self):
mapper = routes.Mapper()
- api = context.UnauthenticatedContextMiddleware(rserver.API(mapper))
+ server = rserver.API(mapper)
+ # NOTE(markwash): we need to pass through context auth information if
+ # we have it.
+ if 'X-Auth-Token' in self.req.headers:
+ api = utils.FakeAuthMiddleware(server)
+ else:
+ api = context.UnauthenticatedContextMiddleware(server)
webob_res = self.req.get_response(api)
return utils.FakeHTTPResponse(status=webob_res.status_int,
diff --git a/glance/tests/unit/v1/test_api.py b/glance/tests/unit/v1/test_api.py
index ce09aab..1a18bde 100644
--- a/glance/tests/unit/v1/test_api.py
+++ b/glance/tests/unit/v1/test_api.py
@@ -2930,6 +2930,26 @@ class TestGlanceAPI(base.IsolatedUnitTest):
res = req.get_response(self.api) self.assertEquals(res.status_int, webob.exc.HTTPNotFound.code)
+ def test_delete_not_allowed(self):
+ # Verify we can get the image data
+ req = webob.Request.blank("/images/%s" % UUID2)
+ req.method = 'GET'
+ req.headers['X-Auth-Token'] = 'user:tenant:'
+ res = req.get_response(self.api)
+ self.assertEqual(res.status_int, 200)
+ self.assertEqual(len(res.body), 19)
+
+ # Verify we cannot delete the image
+ req.method = 'DELETE'
+ res = req.get_response(self.api)
+ self.assertEqual(res.status_int, 403)
+
+ # Verify the image data is still there
+ req.method = 'GET'
+ res = req.get_response(self.api)
+ self.assertEqual(res.status_int, 200)
+ self.assertEqual(len(res.body), 19)
+
def test_delete_queued_image(self):
"""Delete an image in a queued state
Here is a patch that adds a test for this behavior. I did this separately so the fix could be backported alone, since this test depends on some more recent changes in master.
commit cce2af5a48de737 869d53eeafdb053 2eede136d4
Author: Mark Washenberger <email address hidden>
Date: Wed Oct 10 20:23:24 2012 +0000
Add a test for bug 1065187.
This is done separately from the bug fix to make it easier to apply the
fix to older branches.
Change-Id: I8964da5d074aab adbdcf8c6b7ef84 4b616e1aca4
diff --git a/glance/ tests/stubs. py b/glance/ tests/stubs. py tests/stubs. py tests/stubs. py nection( object) :
index fecea11..92dcf90 100644
--- a/glance/
+++ b/glance/
@@ -60,7 +60,13 @@ class FakeRegistryCon
def getresponse(self): Unauthenticated ContextMiddlewa re(rserver. API(mapper) ) iddleware( server) Unauthenticated ContextMiddlewa re(server) get_response( api)
mapper = routes.Mapper()
- api = context.
+ server = rserver.API(mapper)
+ # NOTE(markwash): we need to pass through context auth information if
+ # we have it.
+ if 'X-Auth-Token' in self.req.headers:
+ api = utils.FakeAuthM
+ else:
+ api = context.
webob_res = self.req.
return utils.FakeHTTPR esponse( status= webob_res. status_ int, tests/unit/ v1/test_ api.py b/glance/ tests/unit/ v1/test_ api.py tests/unit/ v1/test_ api.py tests/unit/ v1/test_ api.py base.IsolatedUn itTest) : response( self.api)
self. assertEquals( res.status_ int, webob.exc. HTTPNotFound. code)
diff --git a/glance/
index ce09aab..1a18bde 100644
--- a/glance/
+++ b/glance/
@@ -2930,6 +2930,26 @@ class TestGlanceAPI(
res = req.get_
+ def test_delete_ not_allowed( self): blank(" /images/ %s" % UUID2) 'X-Auth- Token'] = 'user:tenant:' response( self.api) l(res.status_ int, 200) l(len(res. body), 19) response( self.api) l(res.status_ int, 403) response( self.api) l(res.status_ int, 200) l(len(res. body), 19) queued_ image(self) :
+ # Verify we can get the image data
+ req = webob.Request.
+ req.method = 'GET'
+ req.headers[
+ res = req.get_
+ self.assertEqua
+ self.assertEqua
+
+ # Verify we cannot delete the image
+ req.method = 'DELETE'
+ res = req.get_
+ self.assertEqua
+
+ # Verify the image data is still there
+ req.method = 'GET'
+ res = req.get_
+ self.assertEqua
+ self.assertEqua
+
def test_delete_
"""Delete an image in a queued state
diff --git a/glance/ tests/utils. py b/glance/ tests/utils. py tests/utils. py tests/utils. py are(wsgi. Middleware) :
' tenant' : tenant,
' roles': roles,
' is_admin' : self.is_admin,
index 8054732..9971bf5 100644
--- a/glance/
+++ b/glance/
@@ -369,6 +369,7 @@ class FakeAuthMiddlew
+ 'auth_tok': auth_tok,
}