Merge "Return 204 rather than 403 when no image data"

glance/api/v2/image_data.py

@@ -252,10 +252,9 @@ class ImageDataController(object):
         image_repo = self.gateway.get_repo(req.context)
         try:
             image = image_repo.get(image_id)
-            if (image.status != 'active' and (image.status != 'deactivated'
-                                              or not req.context.is_admin)):
-                msg = _('The requested image is in status %s. '
-                        'Image data download is forbidden.') % image.status
+            if image.status == 'deactivated' and not req.context.is_admin:
+                msg = _('The requested image has been deactivated. '
+                        'Image data download is forbidden.')
                 raise exception.Forbidden(message=msg)
         except exception.NotFound as e:
             raise webob.exc.HTTPNotFound(explanation=e.msg)

glance/tests/functional/test_cache_middleware.py

@@ -386,7 +386,8 @@ class BaseCacheMiddlewareTest(object):
         response, content = http.request(path, 'GET')
         self.assertEqual(403, response.status)
 
-        # Download the image with v2.
+        # Download the image with v2. This succeeds because
+        # we are in admin context.
         path = "http://%s:%d/v2/images/%s/file" % ("127.0.0.1", self.api_port,
                                                    image_id)
         http = httplib2.Http()

glance/tests/functional/v2/test_images.py

@@ -442,7 +442,7 @@ class TestImages(functional.FunctionalTest):
         path = self._url('/v2/images/%s/file' % image_id)
         headers = self._headers()
         response = requests.get(path, headers=headers)
-        self.assertEqual(403, response.status_code)
+        self.assertEqual(204, response.status_code)
 
         def _verify_image_checksum_and_status(checksum, status):
             # Checksum should be populated and status should be active

glance/tests/unit/v2/test_image_data_resource.py

@@ -105,7 +105,6 @@ class TestImagesController(base.StoreClearingUnitTest):
     def test_download(self):
         request = unit_test_utils.get_fake_request()
         image = FakeImage('abcd',
-                          status='active',
                           locations=[{'url': 'http://example.com/image',
                                       'metadata': {}, 'status': 'active'}])
         self.image_repo.result = image
@@ -113,7 +112,7 @@ class TestImagesController(base.StoreClearingUnitTest):
         self.assertEqual('abcd', image.image_id)
 
     def test_download_deactivated(self):
-        request = unit_test_utils.get_fake_request(is_admin=False)
+        request = unit_test_utils.get_fake_request()
         image = FakeImage('abcd',
                           status='deactivated',
                           locations=[{'url': 'http://example.com/image',
@@ -122,33 +121,11 @@ class TestImagesController(base.StoreClearingUnitTest):
         self.assertRaises(webob.exc.HTTPForbidden, self.controller.download,
                           request, str(uuid.uuid4()))
 
-        request = unit_test_utils.get_fake_request(is_admin=True)
-        image = FakeImage('abcd',
-                          status='deactivated',
-                          locations=[{'url': 'http://example.com/image',
-                                      'metadata': {}, 'status': 'active'}])
-        self.image_repo.result = image
-        image = self.controller.download(request, unit_test_utils.UUID1)
-        self.assertEqual('abcd', image.image_id)
-
-    def test_download_is_not_active(self):
-        state = ['queued', 'deleted', 'saving', 'killed', 'pending_delete']
-        for st in state:
-            request = unit_test_utils.get_fake_request()
-            image = FakeImage('abcd',
-                              status=st,
-                              locations=[{'url': 'http://example.com/image',
-                                          'metadata': {}, 'status': 'active'}])
-            self.image_repo.result = image
-            self.assertRaises(webob.exc.HTTPForbidden,
-                              self.controller.download,
-                              request, str(uuid.uuid4()))
-
     def test_download_no_location(self):
         # NOTE(mclaren): NoContent will be raised by the ResponseSerializer
         # That's tested below.
         request = unit_test_utils.get_fake_request()
-        self.image_repo.result = FakeImage('abcd', status='active')
+        self.image_repo.result = FakeImage('abcd')
         image = self.controller.download(request, unit_test_utils.UUID2)
         self.assertEqual('abcd', image.image_id)
 
@@ -170,7 +147,7 @@ class TestImagesController(base.StoreClearingUnitTest):
                 raise exception.Forbidden()
 
         request = unit_test_utils.get_fake_request()
-        image = FakeImage('abcd', status='active')
+        image = FakeImage('abcd')
         self.image_repo.result = image
         image.locations = ImageLocations()
         image = self.controller.download(request, unit_test_utils.UUID1)