Merge "Validate empty location value for v1 api"

2016-01-23 05:35:25 +00:00 · 2016-01-23 05:35:25 +00:00 · 89855b13b5
commit 89855b13b5
parent 6577b05def c2cbdd84e7
3 changed files with 45 additions and 11 deletions
--- a/glance/api/v1/images.py
+++ b/glance/api/v1/images.py
@ -461,26 +461,32 @@ class Controller(controller.BaseController):
        or copy-from headers) are supported. Otherwise we reject
        with 400 "Bad Request".
        """
-        if source:
-            if store_utils.validate_external_location(source):
-                return source
-            else:
+        if store_utils.validate_external_location(source):
+            return source
+        else:
+            if source:
                msg = _("External sources are not supported: '%s'") % source
-                LOG.warn(msg)
-                raise HTTPBadRequest(explanation=msg,
-                                     request=req,
-                                     content_type="text/plain")
+            else:
+                msg = _("External source should not be empty")
+            LOG.warn(msg)
+            raise HTTPBadRequest(explanation=msg,
+                                 request=req,
+                                 content_type="text/plain")

    @staticmethod
    def _copy_from(req):
        return req.headers.get('x-glance-api-copy-from')

    def _external_source(self, image_meta, req):
-        source = image_meta.get('location')
-        if source is not None:
+        if 'location' in image_meta:
            self._enforce(req, 'set_image_location')
-        else:
+            source = image_meta['location']
+        elif 'x-glance-api-copy-from' in req.headers:
            source = Controller._copy_from(req)
+        else:
+            # we have an empty external source value
+            # so we are creating "draft" of the image and no need validation
+            return None
        return Controller._validate_source(source, req)

    @staticmethod
--- a/glance/common/store_utils.py
+++ b/glance/common/store_utils.py
@ -126,6 +126,8 @@ def validate_external_location(uri):
    :param uri: The URI of external image location.
    :returns: Whether given URI of external image location are OK.
    """
+    if not uri:
+        return False

    # TODO(zhiyan): This function could be moved to glance_store.
    # TODO(gm): Use a whitelist of allowed schemes
--- a/glance/tests/unit/v1/test_api.py
+++ b/glance/tests/unit/v1/test_api.py
@ -510,6 +510,32 @@ class TestGlanceAPI(base.IsolatedUnitTest):
            self.assertEqual(400, res.status_int)
            self.assertIn('Disk format is not specified', res.body)

+    def test_create_with_empty_location(self):
+        fixture_headers = {
+            'x-image-meta-location': '',
+        }
+
+        req = webob.Request.blank("/images")
+        req.method = 'POST'
+        for k, v in six.iteritems(fixture_headers):
+            req.headers[k] = v
+
+        res = req.get_response(self.api)
+        self.assertEqual(400, res.status_int)
+
+    def test_create_with_empty_copy_from(self):
+        fixture_headers = {
+            'x-glance-api-copy-from': '',
+        }
+
+        req = webob.Request.blank("/images")
+        req.method = 'POST'
+        for k, v in six.iteritems(fixture_headers):
+            req.headers[k] = v
+
+        res = req.get_response(self.api)
+        self.assertEqual(400, res.status_int)
+
    def test_create_delayed_image_with_no_disk_and_container_formats(self):
        fixture_headers = {
            'x-image-meta-name': 'delayed',