openstack/deb-glance
Code Issues Proposed changes

Merge "Validate empty location value for v1 api"

Browse Source
This commit is contained in:
Jenkins 2016-01-23 05:35:25 +00:00 committed by Gerrit Code Review
commit 89855b13b5
3 changed files with 45 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
glance/api/v1/images.py
View File

@ -461,11 +461,13 @@ class Controller(controller.BaseController):
or copy-from headers) are supported. Otherwise we reject or copy-from headers) are supported. Otherwise we reject
with 400 "Bad Request". with 400 "Bad Request".
""" """
if source:
if store_utils.validate_external_location(source): if store_utils.validate_external_location(source):
return source return source
else: else:
if source:
msg = _("External sources are not supported: '%s'") % source msg = _("External sources are not supported: '%s'") % source
else:
msg = _("External source should not be empty")
LOG.warn(msg) LOG.warn(msg)
raise HTTPBadRequest(explanation=msg, raise HTTPBadRequest(explanation=msg,
request=req, request=req,
@ -476,11 +478,15 @@ class Controller(controller.BaseController):
return req.headers.get('x-glance-api-copy-from') return req.headers.get('x-glance-api-copy-from')
def _external_source(self, image_meta, req): def _external_source(self, image_meta, req):
source = image_meta.get('location') if 'location' in image_meta:
if source is not None:
self._enforce(req, 'set_image_location') self._enforce(req, 'set_image_location')
else: source = image_meta['location']
elif 'x-glance-api-copy-from' in req.headers:
source = Controller._copy_from(req) source = Controller._copy_from(req)
else:
# we have an empty external source value
# so we are creating "draft" of the image and no need validation
return None
return Controller._validate_source(source, req) return Controller._validate_source(source, req)
@staticmethod @staticmethod

2
glance/common/store_utils.py
View File

@ -126,6 +126,8 @@ def validate_external_location(uri):
:param uri: The URI of external image location. :param uri: The URI of external image location.
:returns: Whether given URI of external image location are OK. :returns: Whether given URI of external image location are OK.
""" """
if not uri:
return False
# TODO(zhiyan): This function could be moved to glance_store. # TODO(zhiyan): This function could be moved to glance_store.
# TODO(gm): Use a whitelist of allowed schemes # TODO(gm): Use a whitelist of allowed schemes

26
glance/tests/unit/v1/test_api.py
View File

@ -510,6 +510,32 @@ class TestGlanceAPI(base.IsolatedUnitTest):
self.assertEqual(400, res.status_int) self.assertEqual(400, res.status_int)
self.assertIn('Disk format is not specified', res.body) self.assertIn('Disk format is not specified', res.body)
def test_create_with_empty_location(self):
fixture_headers = {
'x-image-meta-location': '',
}
req = webob.Request.blank("/images")
req.method = 'POST'
for k, v in six.iteritems(fixture_headers):
req.headers[k] = v
res = req.get_response(self.api)
self.assertEqual(400, res.status_int)
def test_create_with_empty_copy_from(self):
fixture_headers = {
'x-glance-api-copy-from': '',
}
req = webob.Request.blank("/images")
req.method = 'POST'
for k, v in six.iteritems(fixture_headers):
req.headers[k] = v
res = req.get_response(self.api)
self.assertEqual(400, res.status_int)
def test_create_delayed_image_with_no_disk_and_container_formats(self): def test_create_delayed_image_with_no_disk_and_container_formats(self):
fixture_headers = { fixture_headers = {
'x-image-meta-name': 'delayed', 'x-image-meta-name': 'delayed',