Glance

Admin can change metadata of a deleted image in V2

Bug #1069940 reported by Alex Meade on 2012-10-22

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Glance	Fix Released	Medium	Iccha Sethi	Glance grizzly-1 "g1"
Folsom	Fix Committed	Medium	Brian Waldon
Grizzly	Fix Released	Medium	Iccha Sethi	Glance 2013.1 "grizzly"

Bug Description

Even though an admin user can see an image, they should not be allowed to update it's metadata while it is deleted.

Example (See http://paste.openstack.org/show/21994/ ):

curl -i -X PATCH -H 'X-Auth-Token: bd5b659f6e464b569ddf5f10fab0f' -H 'Content-Type: application/openstack-images-v2.0-json-patch' -H 'User-Agent: python-glanceclient' -d '[{"replace": "/name", "value": "changed"}]' http://138.146.54.94:9292/v2/images/53382b9f-e03b-463e-a3dc-dde8c842453a

Results in the deleted images (53382b9f-e03b-463e-a3dc-dde8c842453a) name being changed and a 500 response. This should instead return a 403 Forbidden or 409 Conflict and not have an effect.

Iccha Sethi (iccha-sethi) on 2012-10-23

Changed in glance:
assignee:	nobody → Iccha Sethi (iccha-sethi)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-10-23: Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/14720

Changed in glance:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-10-25: Fix merged to glance (master)

Reviewed: https://review.openstack.org/14720
Committed: http://github.com/openstack/glance/commit/62a1b286070d0f9bfc5cb069b30a1cecb8b03a65
Submitter: Jenkins
Branch: master

commit 62a1b286070d0f9bfc5cb069b30a1cecb8b03a65
Author: isethi <email address hidden>
Date: Tue Oct 23 22:19:23 2012 +0000

Disallow admin updating deleted images in v2 api

Returns a 403 Forbidden error when an admin user tries to update a
deleted image in v2 api.

Fixes bug 1069940

Change-Id: Icfc599320564524e69bc7c77f1c3d668631786f5

Changed in glance:
status:	In Progress → Fix Committed

Revision history for this message

Brian Waldon (bcwaldon) wrote on 2012-10-31:

Will be fixed in stable/folsom by https://review.openstack.org/#/c/15148/

Thierry Carrez (ttx) on 2012-11-21

Changed in glance:
milestone:	none → grizzly-1
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.