File 0001-Fix-error-when-downloading-image-status-is-not-activ.patch of Package openstack-glance

From 5c68f25ca7c2697551b49d61c7ff7bfbc7103ded Mon Sep 17 00:00:00 2001
From: Darja Shakhray <dshakhray@mirantis.com>
Date: Mon, 28 Sep 2015 21:10:05 +0300
Subject: [PATCH] Fix error when downloading image status is not active

Added check image_status when downloading image.

Change-Id: I39d49ea8a828863fdf4d5efc98126a9009e4b098
Closes-bug: #1472449
(cherry picked from commit d4d94b290ceb9147dd285822e201dd85ce812ef0)
---
 glance/api/v2/image_data.py                      |  7 +++---
 glance/tests/functional/test_cache_middleware.py |  4 ++--
 glance/tests/functional/v2/test_images.py        |  2 +-
 glance/tests/unit/v2/test_image_data_resource.py | 29 +++++++++++++++++++++---
 4 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/glance/api/v2/image_data.py b/glance/api/v2/image_data.py
index 78f7718..dcf1ccb 100644
--- a/glance/api/v2/image_data.py
+++ b/glance/api/v2/image_data.py
@@ -183,9 +183,10 @@ class ImageDataController(object):
         image_repo = self.gateway.get_repo(req.context)
         try:
             image = image_repo.get(image_id)
-            if image.status == 'deactivated':
-                msg = _('The requested image has been deactivated. '
-                        'Image data download is forbidden.')
+            if (image.status != 'active' and (image.status != 'deactivated'
+                                              or not req.context.is_admin)):
+                msg = _('The requested image is in status %s. '
+                        'Image data download is forbidden.') % image.status
                 raise exception.Forbidden(message=msg)
             if not image.locations:
                 raise exception.ImageDataNotFound()
diff --git a/glance/tests/functional/test_cache_middleware.py b/glance/tests/functional/test_cache_middleware.py
index 995e8e7..2a9fd96 100644
--- a/glance/tests/functional/test_cache_middleware.py
+++ b/glance/tests/functional/test_cache_middleware.py
@@ -386,12 +386,12 @@ class BaseCacheMiddlewareTest(object):
         response, content = http.request(path, 'GET')
         self.assertEqual(403, response.status)
 
-        # Download the image with v2. Ensure it is forbidden
+        # Download the image with v2.
         path = "http://%s:%d/v2/images/%s/file" % ("127.0.0.1", self.api_port,
                                                    image_id)
         http = httplib2.Http()
         response, content = http.request(path, 'GET')
-        self.assertEqual(403, response.status)
+        self.assertEqual(200, response.status)
 
         # Reactivate the image using v2
         path = "http://%s:%d/v2/images/%s/actions/reactivate"
diff --git a/glance/tests/functional/v2/test_images.py b/glance/tests/functional/v2/test_images.py
index 3f9903c..d857937 100644
--- a/glance/tests/functional/v2/test_images.py
+++ b/glance/tests/functional/v2/test_images.py
@@ -383,7 +383,7 @@ class TestImages(functional.FunctionalTest):
         path = self._url('/v2/images/%s/file' % image_id)
         headers = self._headers()
         response = requests.get(path, headers=headers)
-        self.assertEqual(204, response.status_code)
+        self.assertEqual(403, response.status_code)
 
         def _verify_image_checksum_and_status(checksum, status):
             # Checksum should be populated and status should be active
diff --git a/glance/tests/unit/v2/test_image_data_resource.py b/glance/tests/unit/v2/test_image_data_resource.py
index 73325f5..37c1953 100644
--- a/glance/tests/unit/v2/test_image_data_resource.py
+++ b/glance/tests/unit/v2/test_image_data_resource.py
@@ -106,6 +106,7 @@ class TestImagesController(base.StoreClearingUnitTest):
     def test_download(self):
         request = unit_test_utils.get_fake_request()
         image = FakeImage('abcd',
+                          status='active',
                           locations=[{'url': 'http://example.com/image',
                                       'metadata': {}, 'status': 'active'}])
         self.image_repo.result = image
@@ -113,7 +114,7 @@ class TestImagesController(base.StoreClearingUnitTest):
         self.assertEqual(image.image_id, 'abcd')
 
     def test_download_deactivated(self):
-        request = unit_test_utils.get_fake_request()
+        request = unit_test_utils.get_fake_request(is_admin=False)
         image = FakeImage('abcd',
                           status='deactivated',
                           locations=[{'url': 'http://example.com/image',
@@ -122,9 +123,31 @@ class TestImagesController(base.StoreClearingUnitTest):
         self.assertRaises(webob.exc.HTTPForbidden, self.controller.download,
                           request, str(uuid.uuid4()))
 
+        request = unit_test_utils.get_fake_request(is_admin=True)
+        image = FakeImage('abcd',
+                          status='deactivated',
+                          locations=[{'url': 'http://example.com/image',
+                                      'metadata': {}, 'status': 'active'}])
+        self.image_repo.result = image
+        image = self.controller.download(request, unit_test_utils.UUID1)
+        self.assertEqual('abcd', image.image_id)
+
+    def test_download_is_not_active(self):
+        state = ['queued', 'deleted', 'saving', 'killed', 'pending_delete']
+        for st in state:
+            request = unit_test_utils.get_fake_request()
+            image = FakeImage('abcd',
+                              status=st,
+                              locations=[{'url': 'http://example.com/image',
+                                          'metadata': {}, 'status': 'active'}])
+            self.image_repo.result = image
+            self.assertRaises(webob.exc.HTTPForbidden,
+                              self.controller.download,
+                              request, str(uuid.uuid4()))
+
     def test_download_no_location(self):
         request = unit_test_utils.get_fake_request()
-        self.image_repo.result = FakeImage('abcd')
+        self.image_repo.result = FakeImage('abcd', status='active')
         self.assertRaises(webob.exc.HTTPNoContent, self.controller.download,
                           request, unit_test_utils.UUID2)
 
@@ -146,7 +169,7 @@ class TestImagesController(base.StoreClearingUnitTest):
                 raise exception.Forbidden()
 
         request = unit_test_utils.get_fake_request()
-        image = FakeImage('abcd')
+        image = FakeImage('abcd', status='active')
         self.image_repo.result = image
         image.locations = ImageLocations()
         self.assertRaises(webob.exc.HTTPForbidden, self.controller.download,
-- 
2.6.0

openSUSE Build Service is sponsored by