upstream/oracle/userland-gate: components/openstack/glance/patches/07-CVE-2015-5251.patch@26e5e37ce46e (annotated)

4989 26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	1	From 45be8e1c620c50f3cbca76f561945200a8843bc8 Mon Sep 17 00:00:00 2001
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	2	From: Stuart McLaren <[email protected]>
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	3	Date: Tue, 11 Aug 2015 10:37:09 +0000
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	4	Subject: [PATCH] Prevent image status being directly modified via v1
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	5
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	6	Users shouldn't be able to change an image's status directly via the
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	7	v1 API.
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	8
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	9	Some existing consumers of Glance set the x-image-meta-status header in
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	10	requests to the Glance API, eg:
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	11
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	12	https://github.com/openstack/nova/blob/master/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance#L184
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	13
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	14	We should try to prevent users setting 'status' via v1, but without breaking
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	15	existing benign API calls such as these.
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	16
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	17	I've adopted the following approach (which has some prior art in 'protected properties').
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	18
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	19	If a PUT request is received which contains an x-image-meta-status header:
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	20
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	21	* The user provided status is ignored if it matches the current image
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	22	status (this prevents benign calls such as the nova one above from
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	23	breaking). The usual code (eg 200) will be returned.
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	24
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	25	* If the user provided status doesn't match the current image status (ie
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	26	there is a real attempt to change the value) 403 will be returned. This
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	27	will break any calls which currently intentionally change the status.
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	28
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	29	APIImpact
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	30
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	31	Closes-bug: 1482371
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	32
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	33	Change-Id: I44fadf32abb57c962b67467091c3f51c1ccc25e6
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	34	(cherry picked from commit 4d08db5b6d42323ac1958ef3b7417d875e7bea8c)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	35	(cherry picked from commit 9beca533f42ae1fc87418de0c360e19bc59b24b5)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	36	---
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	37	glance/api/v1/__init__.py \| 3 +
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	38	glance/api/v1/images.py \| 9 +++
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	39	glance/tests/functional/v1/test_api.py \| 89 ++++++++++++++++++++++
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	40	.../integration/legacy_functional/test_v1_api.py \| 2 +
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	41	test-requirements.txt \| 5 ++
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	42	5 files changed, 108 insertions(+)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	43
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	44	diff --git a/glance/api/v1/__init__.py b/glance/api/v1/__init__.py
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	45	index 74de9aa..9306bbb 100644
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	46	--- a/glance/api/v1/__init__.py
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	47	+++ b/glance/api/v1/__init__.py
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	48	@@ -21,3 +21,6 @@ SUPPORTED_PARAMS = ('limit', 'marker', 'sort_key', 'sort_dir')
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	49
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	50	# Metadata which only an admin can change once the image is active
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	51	ACTIVE_IMMUTABLE = ('size', 'checksum')
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	52	+
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	53	+# Metadata which cannot be changed (irrespective of the current image state)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	54	+IMMUTABLE = ('status',)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	55	diff --git a/glance/api/v1/images.py b/glance/api/v1/images.py
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	56	index 746f8cd..f976f9d 100644
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	57	--- a/glance/api/v1/images.py
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	58	+++ b/glance/api/v1/images.py
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	59	@@ -56,6 +56,7 @@ _LW = gettextutils._LW
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	60	SUPPORTED_PARAMS = glance.api.v1.SUPPORTED_PARAMS
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	61	SUPPORTED_FILTERS = glance.api.v1.SUPPORTED_FILTERS
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	62	ACTIVE_IMMUTABLE = glance.api.v1.ACTIVE_IMMUTABLE
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	63	+IMMUTABLE = glance.api.v1.IMMUTABLE
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	64
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	65	CONF = cfg.CONF
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	66	CONF.import_opt('disk_formats', 'glance.common.config', group='image_format')
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	67	@@ -895,6 +896,14 @@ class Controller(controller.BaseController):
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	68	request=req,
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	69	content_type="text/plain")
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	70
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	71	+ for key in IMMUTABLE:
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	72	+ if (image_meta.get(key) is not None and
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	73	+ image_meta.get(key) != orig_image_meta.get(key)):
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	74	+ msg = _("Forbidden to modify '%s' of image.") % key
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	75	+ raise HTTPForbidden(explanation=msg,
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	76	+ request=req,
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	77	+ content_type="text/plain")
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	78	+
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	79	# The default behaviour for a PUT /images/<IMAGE_ID> is to
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	80	# override any properties that were previously set. This, however,
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	81	# leads to a number of issues for the common use case where a caller
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	82	diff --git a/glance/tests/functional/v1/test_api.py b/glance/tests/functional/v1/test_api.py
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	83	index 1486fb3..ad54005 100644
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	84	--- a/glance/tests/functional/v1/test_api.py
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	85	+++ b/glance/tests/functional/v1/test_api.py
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	86	@@ -765,3 +765,92 @@ class TestApi(functional.FunctionalTest):
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	87	self.assertEqual(200, response.status)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	88
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	89	self.stop_servers()
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	90	+
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	91	+ def test_status_cannot_be_manipulated_directly(self):
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	92	+ self.cleanup()
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	93	+ self.start_servers(**self.__dict__.copy())
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	94	+ headers = minimal_headers('Image1')
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	95	+
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	96	+ # Create a 'queued' image
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	97	+ http = httplib2.Http()
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	98	+ headers = {'Content-Type': 'application/octet-stream',
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	99	+ 'X-Image-Meta-Disk-Format': 'raw',
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	100	+ 'X-Image-Meta-Container-Format': 'bare'}
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	101	+ path = "http://%s:%d/v1/images" % ("127.0.0.1", self.api_port)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	102	+ response, content = http.request(path, 'POST', headers=headers,
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	103	+ body=None)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	104	+ self.assertEqual(201, response.status)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	105	+ image = jsonutils.loads(content)['image']
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	106	+ self.assertEqual('queued', image['status'])
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	107	+
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	108	+ # Ensure status of 'queued' image can't be changed
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	109	+ path = "http://%s:%d/v1/images/%s" % ("127.0.0.1", self.api_port,
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	110	+ image['id'])
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	111	+ http = httplib2.Http()
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	112	+ headers = {'X-Image-Meta-Status': 'active'}
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	113	+ response, content = http.request(path, 'PUT', headers=headers)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	114	+ self.assertEqual(403, response.status)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	115	+ response, content = http.request(path, 'HEAD')
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	116	+ self.assertEqual(200, response.status)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	117	+ self.assertEqual('queued', response['x-image-meta-status'])
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	118	+
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	119	+ # We allow 'setting' to the same status
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	120	+ http = httplib2.Http()
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	121	+ headers = {'X-Image-Meta-Status': 'queued'}
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	122	+ response, content = http.request(path, 'PUT', headers=headers)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	123	+ self.assertEqual(200, response.status)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	124	+ response, content = http.request(path, 'HEAD')
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	125	+ self.assertEqual(200, response.status)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	126	+ self.assertEqual('queued', response['x-image-meta-status'])
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	127	+
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	128	+ # Make image active
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	129	+ http = httplib2.Http()
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	130	+ headers = {'Content-Type': 'application/octet-stream'}
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	131	+ response, content = http.request(path, 'PUT', headers=headers,
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	132	+ body='data')
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	133	+ self.assertEqual(200, response.status)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	134	+ image = jsonutils.loads(content)['image']
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	135	+ self.assertEqual('active', image['status'])
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	136	+
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	137	+ # Ensure status of 'active' image can't be changed
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	138	+ http = httplib2.Http()
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	139	+ headers = {'X-Image-Meta-Status': 'queued'}
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	140	+ response, content = http.request(path, 'PUT', headers=headers)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	141	+ self.assertEqual(403, response.status)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	142	+ response, content = http.request(path, 'HEAD')
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	143	+ self.assertEqual(200, response.status)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	144	+ self.assertEqual('active', response['x-image-meta-status'])
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	145	+
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	146	+ # We allow 'setting' to the same status
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	147	+ http = httplib2.Http()
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	148	+ headers = {'X-Image-Meta-Status': 'active'}
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	149	+ response, content = http.request(path, 'PUT', headers=headers)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	150	+ self.assertEqual(200, response.status)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	151	+ response, content = http.request(path, 'HEAD')
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	152	+ self.assertEqual(200, response.status)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	153	+ self.assertEqual('active', response['x-image-meta-status'])
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	154	+
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	155	+ # Create a 'queued' image, ensure 'status' header is ignored
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	156	+ http = httplib2.Http()
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	157	+ path = "http://%s:%d/v1/images" % ("127.0.0.1", self.api_port)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	158	+ headers = {'Content-Type': 'application/octet-stream',
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	159	+ 'X-Image-Meta-Status': 'active'}
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	160	+ response, content = http.request(path, 'POST', headers=headers,
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	161	+ body=None)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	162	+ self.assertEqual(201, response.status)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	163	+ image = jsonutils.loads(content)['image']
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	164	+ self.assertEqual('queued', image['status'])
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	165	+
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	166	+ # Create an 'active' image, ensure 'status' header is ignored
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	167	+ http = httplib2.Http()
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	168	+ path = "http://%s:%d/v1/images" % ("127.0.0.1", self.api_port)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	169	+ headers = {'Content-Type': 'application/octet-stream',
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	170	+ 'X-Image-Meta-Disk-Format': 'raw',
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	171	+ 'X-Image-Meta-Status': 'queued',
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	172	+ 'X-Image-Meta-Container-Format': 'bare'}
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	173	+ response, content = http.request(path, 'POST', headers=headers,
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	174	+ body='data')
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	175	+ self.assertEqual(201, response.status)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	176	+ image = jsonutils.loads(content)['image']
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	177	+ self.assertEqual('active', image['status'])
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	178	+ self.stop_servers()
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	179	diff --git a/glance/tests/integration/legacy_functional/test_v1_api.py b/glance/tests/integration/legacy_functional/test_v1_api.py
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	180	index 66455a2..0e5b339 100644
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	181	--- a/glance/tests/integration/legacy_functional/test_v1_api.py
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	182	+++ b/glance/tests/integration/legacy_functional/test_v1_api.py
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	183	@@ -357,6 +357,8 @@ class TestApi(base.ApiTest):
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	184	path = "/v1/images"
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	185	response, content = self.http.request(path, 'POST', headers=headers)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	186	self.assertEqual(response.status, 201)
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	187	+ image = jsonutils.loads(content)['image']
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	188	+ self.assertEqual('active', image['status'])
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	189
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	190	# 2. HEAD image-location
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	191	# Verify image size is zero and the status is active
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	192	diff --git a/test-requirements.txt b/test-requirements.txt
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	193	index 6d435f2..97affae 100644
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	194	--- a/test-requirements.txt
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	195	+++ b/test-requirements.txt
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	196	@@ -29,3 +29,8 @@ xattr>=0.4
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	197
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	198	# Documentation
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	199	oslosphinx>=2.2.0 # Apache-2.0
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	200	+
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	201	+# Gate is failing because of an older version of oslo.vmware is installing
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	202	+# PyYAML 3.11. Adding this line here will help moving this patch forward and
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	203	+# fixing Glance's stable/juno gate
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	204	+PyYAML<=3.10,>=3.1.0
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	205	--
26e5e37ce46e 21891448 problem in SERVICE/GLANCE Danek Duvall <danek.duvall@oracle.com> parents: diff changeset	206	1.9.1

author	Danek Duvall <danek.duvall@oracle.com>
	Mon, 19 Oct 2015 13:12:51 -0700
changeset 4989	26e5e37ce46e
permissions	-rw-r--r--