yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1069940] Re: Admin can change metadata of a deleted image in V2

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 04 Apr 2013 09:47:13 -0000
Reply-to: Bug 1069940 <1069940@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: glance/grizzly
   Importance: Undecided => Medium

** Changed in: glance/grizzly
       Status: New => Fix Released

** Changed in: glance/grizzly
    Milestone: None => 2013.1

** Changed in: glance/grizzly
     Assignee: (unassigned) => Iccha Sethi (iccha-sethi)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1069940

Title:
  Admin can change metadata of a deleted image in V2

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Released
Status in Glance folsom series:
  Fix Committed
Status in Glance grizzly series:
  Fix Released

Bug description:
  
  Even though an admin user can see an image, they should not be allowed to update it's metadata while it is deleted.

  
  Example (See http://paste.openstack.org/show/21994/ ):

  curl -i -X PATCH -H 'X-Auth-Token: bd5b659f6e464b569ddf5f10fab0f' -H
  'Content-Type: application/openstack-images-v2.0-json-patch' -H 'User-
  Agent: python-glanceclient' -d '[{"replace": "/name", "value":
  "changed"}]' http://138.146.54.94:9292/v2/images/53382b9f-e03b-463e-
  a3dc-dde8c842453a

  Results in the deleted images (53382b9f-e03b-463e-a3dc-dde8c842453a)
  name being changed and a 500 response. This should instead return a
  403 Forbidden or 409 Conflict and not have an effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1069940/+subscriptions