Bug#911599 - Location field wiped on update

Adds unit test to verify behaviour required:

* Location field may only be **edited** if the image is
  in a queued state, which indicates that the user issued
  a POST /images with NO location field and NO image data
* Otherwise, Location field may not be edited and may not
  be read via the API server either.

Change-Id: I42aba7bc8e2da6ac81b18b564ba096208406f893
This commit is contained in:
Jay Pipes 2012-01-10 21:14:26 -05:00
parent 8d83124522
commit 0db2cfadf5
2 changed files with 33 additions and 0 deletions

View File

@ -536,6 +536,14 @@ class Controller(controller.BaseController):
if image_data is not None and orig_status != 'queued':
raise HTTPConflict(_("Cannot upload to an unqueued image"))
# Only allow the Location fields to be modified if the image is
# in queued status, which indicates that the user called POST /images
# but did not supply either a Location field OR image data
if not orig_status == 'queued' and 'location' in image_meta:
msg = _("Attempted to update Location field for an image "
"not in queued status.")
raise HTTPBadRequest(msg, request=req, content_type="text/plain")
try:
image_meta = registry.update_image_metadata(req.context, id,
image_meta,

View File

@ -2028,6 +2028,20 @@ class TestGlanceAPI(base.IsolatedUnitTest):
res_body = json.loads(res.body)['image']
self.assertEquals('queued', res_body['status'])
image_id = res_body['id']
# Test that we are able to edit the Location field
# per LP Bug #911599
req = webob.Request.blank("/images/%s" % image_id)
req.method = 'PUT'
req.headers['x-image-meta-location'] = 'http://example.com/images/123'
res = req.get_response(self.api)
self.assertEquals(res.status_int, httplib.OK)
res_body = json.loads(res.body)['image']
self.assertEquals('queued', res_body['status'])
self.assertFalse('location' in res_body) # location never shown
def test_add_image_no_location_no_content_type(self):
"""Tests creates a queued image for no body and no loc header"""
@ -2085,6 +2099,17 @@ class TestGlanceAPI(base.IsolatedUnitTest):
res_body = json.loads(res.body)['image']
self.assertTrue('/images/%s' % res_body['id']
in res.headers['location'])
self.assertEquals('active', res_body['status'])
image_id = res_body['id']
# Test that we are NOT able to edit the Location field
# per LP Bug #911599
req = webob.Request.blank("/images/%s" % image_id)
req.method = 'PUT'
req.headers['x-image-meta-location'] = 'http://example.com/images/123'
res = req.get_response(self.api)
self.assertEquals(res.status_int, httplib.BAD_REQUEST)
def test_add_image_unauthorized(self):
rules = {"add_image": [["false:false"]]}