34f9f03713
Users shouldn't be able to change an image's status directly via the v1 API. Some existing consumers of Glance set the x-image-meta-status header in requests to the Glance API, eg: https://github.com/openstack/nova/blob/master/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance#L184 We should try to prevent users setting 'status' via v1, but without breaking existing benign API calls such as these. I've adopted the following approach (which has some prior art in 'protected properties'). If a PUT request is received which contains an x-image-meta-status header: * The user provided status is ignored if it matches the current image status (this prevents benign calls such as the nova one above from breaking). The usual code (eg 200) will be returned. * If the user provided status doesn't match the current image status (ie there is a real attempt to change the value) 403 will be returned. This will break any calls which currently intentionally change the status. APIImpact Closes-bug: 1482371 Change-Id: I44fadf32abb57c962b67467091c3f51c1ccc25e6 |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| test_api.py | ||
| test_copy_to_file.py | ||
| test_misc.py | ||
| test_multiprocessing.py | ||