Support owner paramater to glance add

Fixes bug 962998 Allow the owner to specified as a first class image attribute when creating a new image via the CLI, as it is currently for image update. Also added a simple fakeauth pipeline to allow the user, tenant and admin status of API requests to be easily controlled by functional tests. Change-Id: I0f83d55d4a96ad3632fb238ad1758ec3f00ed3fd
2012-03-23 11:32:10 +00:00 · 2012-03-23 11:32:10 +00:00 · bb7c3297f6
commit bb7c3297f6
parent f4a70356ed
4 changed files with 87 additions and 0 deletions
--- a/bin/glance
+++ b/bin/glance
@ -260,6 +260,10 @@ EXAMPLES
        # otherwise error out
        image_data = sys.stdin

+    # allow owner to be set when image is created
+    if 'owner' in fields.keys():
+        image_meta['owner'] = fields.pop('owner')
+
    # Add custom attributes, which are all the arguments remaining
    image_meta['properties'] = fields

--- a/glance/tests/functional/init.py
+++ b/glance/tests/functional/init.py
@ -260,6 +260,9 @@ pipeline = versionnegotiation context cache apiv1app
 [pipeline:glance-api-cachemanagement]
 pipeline = versionnegotiation context cache cache_manage apiv1app

+[pipeline:glance-api-fakeauth]
+pipeline = versionnegotiation fakeauth context apiv1app
+
 [app:apiv1app]
 paste.app_factory = glance.common.wsgi:app_factory
 glance.app_factory = glance.api.v1.router:API
@ -280,6 +283,10 @@ glance.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter
 [filter:context]
 paste.filter_factory = glance.common.wsgi:filter_factory
 glance.filter_factory = glance.common.context:ContextMiddleware
+
+[filter:fakeauth]
+paste.filter_factory = glance.common.wsgi:filter_factory
+glance.filter_factory = glance.tests.utils:FakeAuthMiddleware
 """


@ -319,6 +326,9 @@ flavor = %(deployment_flavor)s
        self.paste_conf_base = """[pipeline:glance-registry]
 pipeline = context registryapp

+[pipeline:glance-registry-fakeauth]
+pipeline = fakeauth context registryapp
+
 [app:registryapp]
 paste.app_factory = glance.common.wsgi:app_factory
 glance.app_factory = glance.registry.api.v1:API
@ -327,6 +337,10 @@ glance.app_factory = glance.registry.api.v1:API
 context_class = glance.registry.context.RequestContext
 paste.filter_factory = glance.common.wsgi:filter_factory
 glance.filter_factory = glance.common.context:ContextMiddleware
+
+[filter:fakeauth]
+paste.filter_factory = glance.common.wsgi:filter_factory
+glance.filter_factory = glance.tests.utils:FakeAuthMiddleware
 """


--- a/glance/tests/functional/test_bin_glance.py
+++ b/glance/tests/functional/test_bin_glance.py
@ -175,6 +175,59 @@ class TestBinGlance(functional.FunctionalTest):
        self.assertEqual('0', size, "Expected image to be 0 bytes in size, "
                                    "but got %s. " % size)

+    def _verify_owner(self, owner, image_id):
+        cmd = "bin/glance --port=%d show %s" % (self.api_port, image_id)
+        exitcode, out, err = execute(cmd)
+        self.assertEqual(0, exitcode)
+
+        # verify expected owner as first class attribute
+        self.assertTrue(('Owner: %s' % owner) in out)
+        # ensure owner does not appear as a custom property
+        self.assertFalse("Property 'owner':" in out)
+
+    def test_add_with_owner_admin(self):
+        """Test setting ownership of new image by admin user"""
+        self.cleanup()
+        self.start_servers(**self.__dict__.copy())
+
+        # ownership set by admin user (defaults as such due to no-auth)
+        cmd = minimal_add_command(self.api_port,
+                                  'MyImage',
+                                  '--silent-upload owner=42')
+        exitcode, out, err = execute(cmd)
+
+        self.assertEqual(0, exitcode)
+        self.assertTrue(out.strip().startswith('Added new image with ID:'))
+
+        image_id = out.strip().replace('Added new image with ID: ', '')
+
+        self._verify_owner('42', image_id)
+
+    def test_add_with_owner_non_admin(self):
+        """Test setting ownership of new image by non-admin user"""
+        self.cleanup()
+        self.api_server.deployment_flavor = 'fakeauth'
+        self.registry_server.deployment_flavor = 'fakeauth'
+        self.start_servers(**self.__dict__.copy())
+
+        # ownership set by non-admin user (setup as such by fakeauth pipeline)
+        headers = {'X-Image-Meta-Name': 'MyImage',
+                   'X-Image-Meta-disk_format': 'raw',
+                   'X-Image-Meta-container_format': 'ovf',
+                   'X-Image-Meta-Is-Public': 'True',
+                   'X-Image-Meta-Owner': '42',
+                   'X-Auth-Token': 'Confirmed:pattieblack:froggy:demo',
+        }
+
+        path = "http://%s:%d/v1/images" % ("0.0.0.0", self.api_port)
+        http = httplib2.Http()
+        response, content = http.request(path, 'POST', headers=headers)
+        self.assertEqual(response.status, 201)
+        data = json.loads(content)
+        image_id = data['image']['id']
+
+        self._verify_owner('froggy', image_id)
+
    def test_add_no_name(self):
        self.cleanup()
        self.start_servers(**self.__dict__.copy())
--- a/glance/tests/utils.py
+++ b/glance/tests/utils.py
@ -29,6 +29,7 @@ import nose.plugins.skip

 from glance.common import config
 from glance.common import utils
+from glance.common import wsgi


 def get_isolated_test_env():
@ -355,3 +356,18 @@ def minimal_add_command(port, name, suffix='', public=True):
    return ("bin/glance --port=%d add %s"
            " disk_format=raw container_format=ovf"
            " name=%s %s" % (port, visibility, name, suffix))
+
+
+class FakeAuthMiddleware(wsgi.Middleware):
+
+    def __init__(self, app, conf, **local_conf):
+        super(FakeAuthMiddleware, self).__init__(app)
+
+    def process_request(self, req):
+        auth_tok = req.headers.get('X-Auth-Token')
+        if auth_tok:
+            status, user, tenant, role = auth_tok.split(':')
+            req.headers['X-Identity-Status'] = status
+            req.headers['X-User-Id'] = user
+            req.headers['X-Tenant-Id'] = tenant
+            req.headers['X-Role'] = role