OpenStack Image Management (Glance)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

test_images.py 234KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488
  1. # Copyright 2012 OpenStack Foundation
  2. # All Rights Reserved.
  3. #
  4. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  5. # not use this file except in compliance with the License. You may obtain
  6. # a copy of the License at
  7. #
  8. # http://www.apache.org/licenses/LICENSE-2.0
  9. #
  10. # Unless required by applicable law or agreed to in writing, software
  11. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  12. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  13. # License for the specific language governing permissions and limitations
  14. # under the License.
  15. import hashlib
  16. import os
  17. import signal
  18. import uuid
  19. from oslo_serialization import jsonutils
  20. import requests
  21. import six
  22. from six.moves import http_client as http
  23. # NOTE(jokke): simplified transition to py3, behaves like py2 xrange
  24. from six.moves import range
  25. from six.moves import urllib
  26. from glance.tests import functional
  27. from glance.tests.functional import ft_utils as func_utils
  28. from glance.tests import utils as test_utils
  29. TENANT1 = str(uuid.uuid4())
  30. TENANT2 = str(uuid.uuid4())
  31. TENANT3 = str(uuid.uuid4())
  32. TENANT4 = str(uuid.uuid4())
  33. class TestImages(functional.FunctionalTest):
  34. def setUp(self):
  35. super(TestImages, self).setUp()
  36. self.cleanup()
  37. self.include_scrubber = False
  38. self.api_server.deployment_flavor = 'noauth'
  39. self.api_server.data_api = 'glance.db.sqlalchemy.api'
  40. for i in range(3):
  41. ret = test_utils.start_http_server("foo_image_id%d" % i,
  42. "foo_image%d" % i)
  43. setattr(self, 'http_server%d_pid' % i, ret[0])
  44. setattr(self, 'http_port%d' % i, ret[1])
  45. self.api_server.use_user_token = True
  46. self.api_server.send_identity_credentials = True
  47. def tearDown(self):
  48. for i in range(3):
  49. pid = getattr(self, 'http_server%d_pid' % i, None)
  50. if pid:
  51. os.kill(pid, signal.SIGKILL)
  52. super(TestImages, self).tearDown()
  53. def _url(self, path):
  54. return 'http://127.0.0.1:%d%s' % (self.api_port, path)
  55. def _headers(self, custom_headers=None):
  56. base_headers = {
  57. 'X-Identity-Status': 'Confirmed',
  58. 'X-Auth-Token': '932c5c84-02ac-4fe5-a9ba-620af0e2bb96',
  59. 'X-User-Id': 'f9a41d13-0c13-47e9-bee2-ce4e8bfe958e',
  60. 'X-Tenant-Id': TENANT1,
  61. 'X-Roles': 'member',
  62. }
  63. base_headers.update(custom_headers or {})
  64. return base_headers
  65. def test_not_authenticated_in_registry_on_ops(self):
  66. # https://bugs.launchpad.net/glance/+bug/1451850
  67. # this configuration guarantees that authentication succeeds in
  68. # glance-api and fails in glance-registry if no token is passed
  69. self.api_server.deployment_flavor = ''
  70. # make sure that request will reach registry
  71. self.api_server.data_api = 'glance.db.registry.api'
  72. self.registry_server.deployment_flavor = 'fakeauth'
  73. self.start_servers(**self.__dict__.copy())
  74. headers = {'content-type': 'application/json'}
  75. image = {'name': 'image', 'type': 'kernel', 'disk_format': 'qcow2',
  76. 'container_format': 'bare'}
  77. # image create should return 401
  78. response = requests.post(self._url('/v2/images'), headers=headers,
  79. data=jsonutils.dumps(image))
  80. self.assertEqual(http.UNAUTHORIZED, response.status_code)
  81. # image list should return 401
  82. response = requests.get(self._url('/v2/images'))
  83. self.assertEqual(http.UNAUTHORIZED, response.status_code)
  84. # image show should return 401
  85. response = requests.get(self._url('/v2/images/someimageid'))
  86. self.assertEqual(http.UNAUTHORIZED, response.status_code)
  87. # image update should return 401
  88. ops = [{'op': 'replace', 'path': '/protected', 'value': False}]
  89. media_type = 'application/openstack-images-v2.1-json-patch'
  90. response = requests.patch(self._url('/v2/images/someimageid'),
  91. headers={'content-type': media_type},
  92. data=jsonutils.dumps(ops))
  93. self.assertEqual(http.UNAUTHORIZED, response.status_code)
  94. # image delete should return 401
  95. response = requests.delete(self._url('/v2/images/someimageid'))
  96. self.assertEqual(http.UNAUTHORIZED, response.status_code)
  97. self.stop_servers()
  98. def test_image_import_using_glance_direct(self):
  99. self.start_servers(**self.__dict__.copy())
  100. # Image list should be empty
  101. path = self._url('/v2/images')
  102. response = requests.get(path, headers=self._headers())
  103. self.assertEqual(http.OK, response.status_code)
  104. images = jsonutils.loads(response.text)['images']
  105. self.assertEqual(0, len(images))
  106. # glance-direct should be available in discovery response
  107. path = self._url('/v2/info/import')
  108. response = requests.get(path, headers=self._headers())
  109. self.assertEqual(http.OK, response.status_code)
  110. discovery_calls = jsonutils.loads(
  111. response.text)['import-methods']['value']
  112. self.assertIn("glance-direct", discovery_calls)
  113. # Create an image
  114. path = self._url('/v2/images')
  115. headers = self._headers({'content-type': 'application/json'})
  116. data = jsonutils.dumps({'name': 'image-1', 'type': 'kernel',
  117. 'disk_format': 'aki',
  118. 'container_format': 'aki'})
  119. response = requests.post(path, headers=headers, data=data)
  120. self.assertEqual(http.CREATED, response.status_code)
  121. # Returned image entity should have a generated id and status
  122. image = jsonutils.loads(response.text)
  123. image_id = image['id']
  124. checked_keys = set([
  125. u'status',
  126. u'name',
  127. u'tags',
  128. u'created_at',
  129. u'updated_at',
  130. u'visibility',
  131. u'self',
  132. u'protected',
  133. u'os_hidden',
  134. u'id',
  135. u'file',
  136. u'min_disk',
  137. u'type',
  138. u'min_ram',
  139. u'schema',
  140. u'disk_format',
  141. u'container_format',
  142. u'owner',
  143. u'checksum',
  144. u'os_hash_algo',
  145. u'os_hash_value',
  146. u'size',
  147. u'virtual_size',
  148. ])
  149. self.assertEqual(checked_keys, set(image.keys()))
  150. expected_image = {
  151. 'status': 'queued',
  152. 'name': 'image-1',
  153. 'tags': [],
  154. 'visibility': 'shared',
  155. 'self': '/v2/images/%s' % image_id,
  156. 'protected': False,
  157. 'file': '/v2/images/%s/file' % image_id,
  158. 'min_disk': 0,
  159. 'type': 'kernel',
  160. 'min_ram': 0,
  161. 'schema': '/v2/schemas/image',
  162. }
  163. for key, value in expected_image.items():
  164. self.assertEqual(value, image[key], key)
  165. # Image list should now have one entry
  166. path = self._url('/v2/images')
  167. response = requests.get(path, headers=self._headers())
  168. self.assertEqual(http.OK, response.status_code)
  169. images = jsonutils.loads(response.text)['images']
  170. self.assertEqual(1, len(images))
  171. self.assertEqual(image_id, images[0]['id'])
  172. def _verify_image_hashes_and_status(
  173. checksum=None, os_hash_value=None, status=None):
  174. path = self._url('/v2/images/%s' % image_id)
  175. response = requests.get(path, headers=self._headers())
  176. self.assertEqual(http.OK, response.status_code)
  177. image = jsonutils.loads(response.text)
  178. self.assertEqual(checksum, image['checksum'])
  179. if os_hash_value:
  180. # make sure we're using the hashing_algorithm we expect
  181. self.assertEqual(six.text_type('sha512'),
  182. image['os_hash_algo'])
  183. self.assertEqual(os_hash_value, image['os_hash_value'])
  184. self.assertEqual(status, image['status'])
  185. # Upload some image data to staging area
  186. path = self._url('/v2/images/%s/stage' % image_id)
  187. headers = self._headers({'Content-Type': 'application/octet-stream'})
  188. image_data = b'ZZZZZ'
  189. response = requests.put(path, headers=headers, data=image_data)
  190. self.assertEqual(http.NO_CONTENT, response.status_code)
  191. # Verify image is in uploading state, hashes are None
  192. _verify_image_hashes_and_status(status='uploading')
  193. # Import image to store
  194. path = self._url('/v2/images/%s/import' % image_id)
  195. headers = self._headers({
  196. 'content-type': 'application/json',
  197. 'X-Roles': 'admin',
  198. })
  199. data = jsonutils.dumps({'method': {
  200. 'name': 'glance-direct'
  201. }})
  202. response = requests.post(path, headers=headers, data=data)
  203. self.assertEqual(http.ACCEPTED, response.status_code)
  204. # Verify image is in active state and checksum is set
  205. # NOTE(abhishekk): As import is a async call we need to provide
  206. # some timelap to complete the call.
  207. path = self._url('/v2/images/%s' % image_id)
  208. func_utils.wait_for_status(request_path=path,
  209. request_headers=self._headers(),
  210. status='active',
  211. max_sec=2,
  212. delay_sec=0.2)
  213. expect_c = six.text_type(hashlib.md5(image_data).hexdigest())
  214. expect_h = six.text_type(hashlib.sha512(image_data).hexdigest())
  215. _verify_image_hashes_and_status(checksum=expect_c,
  216. os_hash_value=expect_h,
  217. status='active')
  218. # Ensure the size is updated to reflect the data uploaded
  219. path = self._url('/v2/images/%s' % image_id)
  220. response = requests.get(path, headers=self._headers())
  221. self.assertEqual(http.OK, response.status_code)
  222. self.assertEqual(5, jsonutils.loads(response.text)['size'])
  223. # Deleting image should work
  224. path = self._url('/v2/images/%s' % image_id)
  225. response = requests.delete(path, headers=self._headers())
  226. self.assertEqual(http.NO_CONTENT, response.status_code)
  227. # Image list should now be empty
  228. path = self._url('/v2/images')
  229. response = requests.get(path, headers=self._headers())
  230. self.assertEqual(http.OK, response.status_code)
  231. images = jsonutils.loads(response.text)['images']
  232. self.assertEqual(0, len(images))
  233. self.stop_servers()
  234. def test_image_import_using_web_download(self):
  235. self.config(node_staging_uri="file:///tmp/staging/")
  236. self.start_servers(**self.__dict__.copy())
  237. # Image list should be empty
  238. path = self._url('/v2/images')
  239. response = requests.get(path, headers=self._headers())
  240. self.assertEqual(http.OK, response.status_code)
  241. images = jsonutils.loads(response.text)['images']
  242. self.assertEqual(0, len(images))
  243. # web-download should be available in discovery response
  244. path = self._url('/v2/info/import')
  245. response = requests.get(path, headers=self._headers())
  246. self.assertEqual(http.OK, response.status_code)
  247. discovery_calls = jsonutils.loads(
  248. response.text)['import-methods']['value']
  249. self.assertIn("web-download", discovery_calls)
  250. # Create an image
  251. path = self._url('/v2/images')
  252. headers = self._headers({'content-type': 'application/json'})
  253. data = jsonutils.dumps({'name': 'image-1', 'type': 'kernel',
  254. 'disk_format': 'aki',
  255. 'container_format': 'aki'})
  256. response = requests.post(path, headers=headers, data=data)
  257. self.assertEqual(http.CREATED, response.status_code)
  258. # Returned image entity should have a generated id and status
  259. image = jsonutils.loads(response.text)
  260. image_id = image['id']
  261. checked_keys = set([
  262. u'status',
  263. u'name',
  264. u'tags',
  265. u'created_at',
  266. u'updated_at',
  267. u'visibility',
  268. u'self',
  269. u'protected',
  270. u'os_hidden',
  271. u'id',
  272. u'file',
  273. u'min_disk',
  274. u'type',
  275. u'min_ram',
  276. u'schema',
  277. u'disk_format',
  278. u'container_format',
  279. u'owner',
  280. u'checksum',
  281. u'os_hash_algo',
  282. u'os_hash_value',
  283. u'size',
  284. u'virtual_size',
  285. ])
  286. self.assertEqual(checked_keys, set(image.keys()))
  287. expected_image = {
  288. 'status': 'queued',
  289. 'name': 'image-1',
  290. 'tags': [],
  291. 'visibility': 'shared',
  292. 'self': '/v2/images/%s' % image_id,
  293. 'protected': False,
  294. 'file': '/v2/images/%s/file' % image_id,
  295. 'min_disk': 0,
  296. 'type': 'kernel',
  297. 'min_ram': 0,
  298. 'schema': '/v2/schemas/image',
  299. }
  300. for key, value in expected_image.items():
  301. self.assertEqual(value, image[key], key)
  302. # Image list should now have one entry
  303. path = self._url('/v2/images')
  304. response = requests.get(path, headers=self._headers())
  305. self.assertEqual(http.OK, response.status_code)
  306. images = jsonutils.loads(response.text)['images']
  307. self.assertEqual(1, len(images))
  308. self.assertEqual(image_id, images[0]['id'])
  309. def _verify_image_hashes_and_status(
  310. checksum=None, os_hash_value=None, status=None):
  311. path = self._url('/v2/images/%s' % image_id)
  312. response = requests.get(path, headers=self._headers())
  313. self.assertEqual(http.OK, response.status_code)
  314. image = jsonutils.loads(response.text)
  315. self.assertEqual(checksum, image['checksum'])
  316. if os_hash_value:
  317. # make sure we're using the hashing_algorithm we expect
  318. self.assertEqual(six.text_type('sha512'),
  319. image['os_hash_algo'])
  320. self.assertEqual(os_hash_value, image['os_hash_value'])
  321. self.assertEqual(status, image['status'])
  322. # Verify image is in queued state and hashes are None
  323. _verify_image_hashes_and_status(status='queued')
  324. # Import image to store
  325. path = self._url('/v2/images/%s/import' % image_id)
  326. headers = self._headers({
  327. 'content-type': 'application/json',
  328. 'X-Roles': 'admin',
  329. })
  330. image_data_uri = ('https://www.openstack.org/assets/openstack-logo/'
  331. '2016R/OpenStack-Logo-Horizontal.eps.zip')
  332. data = jsonutils.dumps({'method': {
  333. 'name': 'web-download',
  334. 'uri': image_data_uri
  335. }})
  336. response = requests.post(path, headers=headers, data=data)
  337. self.assertEqual(http.ACCEPTED, response.status_code)
  338. # Verify image is in active state and checksum is set
  339. # NOTE(abhishekk): As import is a async call we need to provide
  340. # some timelap to complete the call.
  341. path = self._url('/v2/images/%s' % image_id)
  342. func_utils.wait_for_status(request_path=path,
  343. request_headers=self._headers(),
  344. status='active',
  345. max_sec=20,
  346. delay_sec=0.2,
  347. start_delay_sec=1)
  348. with requests.get(image_data_uri) as r:
  349. expect_c = six.text_type(hashlib.md5(r.content).hexdigest())
  350. expect_h = six.text_type(hashlib.sha512(r.content).hexdigest())
  351. _verify_image_hashes_and_status(checksum=expect_c,
  352. os_hash_value=expect_h,
  353. status='active')
  354. # Deleting image should work
  355. path = self._url('/v2/images/%s' % image_id)
  356. response = requests.delete(path, headers=self._headers())
  357. self.assertEqual(http.NO_CONTENT, response.status_code)
  358. # Image list should now be empty
  359. path = self._url('/v2/images')
  360. response = requests.get(path, headers=self._headers())
  361. self.assertEqual(http.OK, response.status_code)
  362. images = jsonutils.loads(response.text)['images']
  363. self.assertEqual(0, len(images))
  364. self.stop_servers()
  365. def test_image_lifecycle(self):
  366. # Image list should be empty
  367. self.api_server.show_multiple_locations = True
  368. self.start_servers(**self.__dict__.copy())
  369. path = self._url('/v2/images')
  370. response = requests.get(path, headers=self._headers())
  371. self.assertEqual(http.OK, response.status_code)
  372. images = jsonutils.loads(response.text)['images']
  373. self.assertEqual(0, len(images))
  374. # Create an image (with two deployer-defined properties)
  375. path = self._url('/v2/images')
  376. headers = self._headers({'content-type': 'application/json'})
  377. data = jsonutils.dumps({'name': 'image-1', 'type': 'kernel',
  378. 'foo': 'bar', 'disk_format': 'aki',
  379. 'container_format': 'aki', 'abc': 'xyz',
  380. 'protected': True})
  381. response = requests.post(path, headers=headers, data=data)
  382. self.assertEqual(http.CREATED, response.status_code)
  383. image_location_header = response.headers['Location']
  384. # Returned image entity should have a generated id and status
  385. image = jsonutils.loads(response.text)
  386. image_id = image['id']
  387. checked_keys = set([
  388. u'status',
  389. u'name',
  390. u'tags',
  391. u'created_at',
  392. u'updated_at',
  393. u'visibility',
  394. u'self',
  395. u'protected',
  396. u'os_hidden',
  397. u'id',
  398. u'file',
  399. u'min_disk',
  400. u'foo',
  401. u'abc',
  402. u'type',
  403. u'min_ram',
  404. u'schema',
  405. u'disk_format',
  406. u'container_format',
  407. u'owner',
  408. u'checksum',
  409. u'os_hash_algo',
  410. u'os_hash_value',
  411. u'size',
  412. u'virtual_size',
  413. u'locations',
  414. ])
  415. self.assertEqual(checked_keys, set(image.keys()))
  416. expected_image = {
  417. 'status': 'queued',
  418. 'name': 'image-1',
  419. 'tags': [],
  420. 'visibility': 'shared',
  421. 'self': '/v2/images/%s' % image_id,
  422. 'protected': True,
  423. 'file': '/v2/images/%s/file' % image_id,
  424. 'min_disk': 0,
  425. 'foo': 'bar',
  426. 'abc': 'xyz',
  427. 'type': 'kernel',
  428. 'min_ram': 0,
  429. 'schema': '/v2/schemas/image',
  430. }
  431. for key, value in expected_image.items():
  432. self.assertEqual(value, image[key], key)
  433. # Image list should now have one entry
  434. path = self._url('/v2/images')
  435. response = requests.get(path, headers=self._headers())
  436. self.assertEqual(http.OK, response.status_code)
  437. images = jsonutils.loads(response.text)['images']
  438. self.assertEqual(1, len(images))
  439. self.assertEqual(image_id, images[0]['id'])
  440. # Create another image (with two deployer-defined properties)
  441. path = self._url('/v2/images')
  442. headers = self._headers({'content-type': 'application/json'})
  443. data = jsonutils.dumps({'name': 'image-2', 'type': 'kernel',
  444. 'bar': 'foo', 'disk_format': 'aki',
  445. 'container_format': 'aki', 'xyz': 'abc'})
  446. response = requests.post(path, headers=headers, data=data)
  447. self.assertEqual(http.CREATED, response.status_code)
  448. # Returned image entity should have a generated id and status
  449. image = jsonutils.loads(response.text)
  450. image2_id = image['id']
  451. checked_keys = set([
  452. u'status',
  453. u'name',
  454. u'tags',
  455. u'created_at',
  456. u'updated_at',
  457. u'visibility',
  458. u'self',
  459. u'protected',
  460. u'os_hidden',
  461. u'id',
  462. u'file',
  463. u'min_disk',
  464. u'bar',
  465. u'xyz',
  466. u'type',
  467. u'min_ram',
  468. u'schema',
  469. u'disk_format',
  470. u'container_format',
  471. u'owner',
  472. u'checksum',
  473. u'os_hash_algo',
  474. u'os_hash_value',
  475. u'size',
  476. u'virtual_size',
  477. u'locations',
  478. ])
  479. self.assertEqual(checked_keys, set(image.keys()))
  480. expected_image = {
  481. 'status': 'queued',
  482. 'name': 'image-2',
  483. 'tags': [],
  484. 'visibility': 'shared',
  485. 'self': '/v2/images/%s' % image2_id,
  486. 'protected': False,
  487. 'file': '/v2/images/%s/file' % image2_id,
  488. 'min_disk': 0,
  489. 'bar': 'foo',
  490. 'xyz': 'abc',
  491. 'type': 'kernel',
  492. 'min_ram': 0,
  493. 'schema': '/v2/schemas/image',
  494. }
  495. for key, value in expected_image.items():
  496. self.assertEqual(value, image[key], key)
  497. # Image list should now have two entries
  498. path = self._url('/v2/images')
  499. response = requests.get(path, headers=self._headers())
  500. self.assertEqual(http.OK, response.status_code)
  501. images = jsonutils.loads(response.text)['images']
  502. self.assertEqual(2, len(images))
  503. self.assertEqual(image2_id, images[0]['id'])
  504. self.assertEqual(image_id, images[1]['id'])
  505. # Image list should list only image-2 as image-1 doesn't contain the
  506. # property 'bar'
  507. path = self._url('/v2/images?bar=foo')
  508. response = requests.get(path, headers=self._headers())
  509. self.assertEqual(http.OK, response.status_code)
  510. images = jsonutils.loads(response.text)['images']
  511. self.assertEqual(1, len(images))
  512. self.assertEqual(image2_id, images[0]['id'])
  513. # Image list should list only image-1 as image-2 doesn't contain the
  514. # property 'foo'
  515. path = self._url('/v2/images?foo=bar')
  516. response = requests.get(path, headers=self._headers())
  517. self.assertEqual(http.OK, response.status_code)
  518. images = jsonutils.loads(response.text)['images']
  519. self.assertEqual(1, len(images))
  520. self.assertEqual(image_id, images[0]['id'])
  521. # The "changes-since" filter shouldn't work on glance v2
  522. path = self._url('/v2/images?changes-since=20001007T10:10:10')
  523. response = requests.get(path, headers=self._headers())
  524. self.assertEqual(http.BAD_REQUEST, response.status_code)
  525. path = self._url('/v2/images?changes-since=aaa')
  526. response = requests.get(path, headers=self._headers())
  527. self.assertEqual(http.BAD_REQUEST, response.status_code)
  528. # Image list should list only image-1 based on the filter
  529. # 'protected=true'
  530. path = self._url('/v2/images?protected=true')
  531. response = requests.get(path, headers=self._headers())
  532. self.assertEqual(http.OK, response.status_code)
  533. images = jsonutils.loads(response.text)['images']
  534. self.assertEqual(1, len(images))
  535. self.assertEqual(image_id, images[0]['id'])
  536. # Image list should list only image-2 based on the filter
  537. # 'protected=false'
  538. path = self._url('/v2/images?protected=false')
  539. response = requests.get(path, headers=self._headers())
  540. self.assertEqual(http.OK, response.status_code)
  541. images = jsonutils.loads(response.text)['images']
  542. self.assertEqual(1, len(images))
  543. self.assertEqual(image2_id, images[0]['id'])
  544. # Image list should return 400 based on the filter
  545. # 'protected=False'
  546. path = self._url('/v2/images?protected=False')
  547. response = requests.get(path, headers=self._headers())
  548. self.assertEqual(http.BAD_REQUEST, response.status_code)
  549. # Image list should list only image-1 based on the filter
  550. # 'foo=bar&abc=xyz'
  551. path = self._url('/v2/images?foo=bar&abc=xyz')
  552. response = requests.get(path, headers=self._headers())
  553. self.assertEqual(http.OK, response.status_code)
  554. images = jsonutils.loads(response.text)['images']
  555. self.assertEqual(1, len(images))
  556. self.assertEqual(image_id, images[0]['id'])
  557. # Image list should list only image-2 based on the filter
  558. # 'bar=foo&xyz=abc'
  559. path = self._url('/v2/images?bar=foo&xyz=abc')
  560. response = requests.get(path, headers=self._headers())
  561. self.assertEqual(http.OK, response.status_code)
  562. images = jsonutils.loads(response.text)['images']
  563. self.assertEqual(1, len(images))
  564. self.assertEqual(image2_id, images[0]['id'])
  565. # Image list should not list anything as the filter 'foo=baz&abc=xyz'
  566. # is not satisfied by either images
  567. path = self._url('/v2/images?foo=baz&abc=xyz')
  568. response = requests.get(path, headers=self._headers())
  569. self.assertEqual(http.OK, response.status_code)
  570. images = jsonutils.loads(response.text)['images']
  571. self.assertEqual(0, len(images))
  572. # Get the image using the returned Location header
  573. response = requests.get(image_location_header, headers=self._headers())
  574. self.assertEqual(http.OK, response.status_code)
  575. image = jsonutils.loads(response.text)
  576. self.assertEqual(image_id, image['id'])
  577. self.assertIsNone(image['checksum'])
  578. self.assertIsNone(image['size'])
  579. self.assertIsNone(image['virtual_size'])
  580. self.assertEqual('bar', image['foo'])
  581. self.assertTrue(image['protected'])
  582. self.assertEqual('kernel', image['type'])
  583. self.assertTrue(image['created_at'])
  584. self.assertTrue(image['updated_at'])
  585. self.assertEqual(image['updated_at'], image['created_at'])
  586. # The URI file:// should return a 400 rather than a 500
  587. path = self._url('/v2/images/%s' % image_id)
  588. media_type = 'application/openstack-images-v2.1-json-patch'
  589. headers = self._headers({'content-type': media_type})
  590. url = ('file://')
  591. changes = [{
  592. 'op': 'add',
  593. 'path': '/locations/-',
  594. 'value': {
  595. 'url': url,
  596. 'metadata': {}
  597. }
  598. }]
  599. data = jsonutils.dumps(changes)
  600. response = requests.patch(path, headers=headers, data=data)
  601. self.assertEqual(http.BAD_REQUEST, response.status_code, response.text)
  602. # The image should be mutable, including adding and removing properties
  603. path = self._url('/v2/images/%s' % image_id)
  604. media_type = 'application/openstack-images-v2.1-json-patch'
  605. headers = self._headers({'content-type': media_type})
  606. data = jsonutils.dumps([
  607. {'op': 'replace', 'path': '/name', 'value': 'image-2'},
  608. {'op': 'replace', 'path': '/disk_format', 'value': 'vhd'},
  609. {'op': 'replace', 'path': '/container_format', 'value': 'ami'},
  610. {'op': 'replace', 'path': '/foo', 'value': 'baz'},
  611. {'op': 'add', 'path': '/ping', 'value': 'pong'},
  612. {'op': 'replace', 'path': '/protected', 'value': True},
  613. {'op': 'remove', 'path': '/type'},
  614. ])
  615. response = requests.patch(path, headers=headers, data=data)
  616. self.assertEqual(http.OK, response.status_code, response.text)
  617. # Returned image entity should reflect the changes
  618. image = jsonutils.loads(response.text)
  619. self.assertEqual('image-2', image['name'])
  620. self.assertEqual('vhd', image['disk_format'])
  621. self.assertEqual('baz', image['foo'])
  622. self.assertEqual('pong', image['ping'])
  623. self.assertTrue(image['protected'])
  624. self.assertNotIn('type', image, response.text)
  625. # Adding 11 image properties should fail since configured limit is 10
  626. path = self._url('/v2/images/%s' % image_id)
  627. media_type = 'application/openstack-images-v2.1-json-patch'
  628. headers = self._headers({'content-type': media_type})
  629. changes = []
  630. for i in range(11):
  631. changes.append({'op': 'add',
  632. 'path': '/ping%i' % i,
  633. 'value': 'pong'})
  634. data = jsonutils.dumps(changes)
  635. response = requests.patch(path, headers=headers, data=data)
  636. self.assertEqual(http.REQUEST_ENTITY_TOO_LARGE, response.status_code,
  637. response.text)
  638. # Adding 3 image locations should fail since configured limit is 2
  639. path = self._url('/v2/images/%s' % image_id)
  640. media_type = 'application/openstack-images-v2.1-json-patch'
  641. headers = self._headers({'content-type': media_type})
  642. changes = []
  643. for i in range(3):
  644. url = ('http://127.0.0.1:%s/foo_image' %
  645. getattr(self, 'http_port%d' % i))
  646. changes.append({'op': 'add', 'path': '/locations/-',
  647. 'value': {'url': url, 'metadata': {}},
  648. })
  649. data = jsonutils.dumps(changes)
  650. response = requests.patch(path, headers=headers, data=data)
  651. self.assertEqual(http.REQUEST_ENTITY_TOO_LARGE, response.status_code,
  652. response.text)
  653. # Ensure the v2.0 json-patch content type is accepted
  654. path = self._url('/v2/images/%s' % image_id)
  655. media_type = 'application/openstack-images-v2.0-json-patch'
  656. headers = self._headers({'content-type': media_type})
  657. data = jsonutils.dumps([{'add': '/ding', 'value': 'dong'}])
  658. response = requests.patch(path, headers=headers, data=data)
  659. self.assertEqual(http.OK, response.status_code, response.text)
  660. # Returned image entity should reflect the changes
  661. image = jsonutils.loads(response.text)
  662. self.assertEqual('dong', image['ding'])
  663. # Updates should persist across requests
  664. path = self._url('/v2/images/%s' % image_id)
  665. response = requests.get(path, headers=self._headers())
  666. self.assertEqual(http.OK, response.status_code)
  667. image = jsonutils.loads(response.text)
  668. self.assertEqual(image_id, image['id'])
  669. self.assertEqual('image-2', image['name'])
  670. self.assertEqual('baz', image['foo'])
  671. self.assertEqual('pong', image['ping'])
  672. self.assertTrue(image['protected'])
  673. self.assertNotIn('type', image, response.text)
  674. # Try to download data before its uploaded
  675. path = self._url('/v2/images/%s/file' % image_id)
  676. headers = self._headers()
  677. response = requests.get(path, headers=headers)
  678. self.assertEqual(http.NO_CONTENT, response.status_code)
  679. def _verify_image_hashes_and_status(checksum, os_hash_value, status):
  680. # hashes should be populated and status should be active
  681. path = self._url('/v2/images/%s' % image_id)
  682. response = requests.get(path, headers=self._headers())
  683. self.assertEqual(http.OK, response.status_code)
  684. image = jsonutils.loads(response.text)
  685. self.assertEqual(checksum, image['checksum'])
  686. # make sure we're using the default algo
  687. self.assertEqual(six.text_type('sha512'), image['os_hash_algo'])
  688. self.assertEqual(os_hash_value, image['os_hash_value'])
  689. self.assertEqual(status, image['status'])
  690. # Upload some image data
  691. path = self._url('/v2/images/%s/file' % image_id)
  692. headers = self._headers({'Content-Type': 'application/octet-stream'})
  693. image_data = b'ZZZZZ'
  694. response = requests.put(path, headers=headers, data=image_data)
  695. self.assertEqual(http.NO_CONTENT, response.status_code)
  696. expect_c = six.text_type(hashlib.md5(image_data).hexdigest())
  697. expect_h = six.text_type(hashlib.sha512(image_data).hexdigest())
  698. _verify_image_hashes_and_status(expect_c, expect_h, 'active')
  699. # `disk_format` and `container_format` cannot
  700. # be replaced when the image is active.
  701. immutable_paths = ['/disk_format', '/container_format']
  702. media_type = 'application/openstack-images-v2.1-json-patch'
  703. headers = self._headers({'content-type': media_type})
  704. path = self._url('/v2/images/%s' % image_id)
  705. for immutable_path in immutable_paths:
  706. data = jsonutils.dumps([
  707. {'op': 'replace', 'path': immutable_path, 'value': 'ari'},
  708. ])
  709. response = requests.patch(path, headers=headers, data=data)
  710. self.assertEqual(http.FORBIDDEN, response.status_code)
  711. # Try to download the data that was just uploaded
  712. path = self._url('/v2/images/%s/file' % image_id)
  713. response = requests.get(path, headers=self._headers())
  714. self.assertEqual(http.OK, response.status_code)
  715. self.assertEqual(expect_c, response.headers['Content-MD5'])
  716. self.assertEqual('ZZZZZ', response.text)
  717. # Uploading duplicate data should be rejected with a 409. The
  718. # original data should remain untouched.
  719. path = self._url('/v2/images/%s/file' % image_id)
  720. headers = self._headers({'Content-Type': 'application/octet-stream'})
  721. response = requests.put(path, headers=headers, data='XXX')
  722. self.assertEqual(http.CONFLICT, response.status_code)
  723. _verify_image_hashes_and_status(expect_c, expect_h, 'active')
  724. # Ensure the size is updated to reflect the data uploaded
  725. path = self._url('/v2/images/%s' % image_id)
  726. response = requests.get(path, headers=self._headers())
  727. self.assertEqual(http.OK, response.status_code)
  728. self.assertEqual(5, jsonutils.loads(response.text)['size'])
  729. # Should be able to deactivate image
  730. path = self._url('/v2/images/%s/actions/deactivate' % image_id)
  731. response = requests.post(path, data={}, headers=self._headers())
  732. self.assertEqual(http.NO_CONTENT, response.status_code)
  733. # Change the image to public so TENANT2 can see it
  734. path = self._url('/v2/images/%s' % image_id)
  735. media_type = 'application/openstack-images-v2.0-json-patch'
  736. headers = self._headers({'content-type': media_type})
  737. data = jsonutils.dumps([{"replace": "/visibility", "value": "public"}])
  738. response = requests.patch(path, headers=headers, data=data)
  739. self.assertEqual(http.OK, response.status_code, response.text)
  740. # Tenant2 should get Forbidden when deactivating the public image
  741. path = self._url('/v2/images/%s/actions/deactivate' % image_id)
  742. response = requests.post(path, data={}, headers=self._headers(
  743. {'X-Tenant-Id': TENANT2}))
  744. self.assertEqual(http.FORBIDDEN, response.status_code)
  745. # Tenant2 should get Forbidden when reactivating the public image
  746. path = self._url('/v2/images/%s/actions/reactivate' % image_id)
  747. response = requests.post(path, data={}, headers=self._headers(
  748. {'X-Tenant-Id': TENANT2}))
  749. self.assertEqual(http.FORBIDDEN, response.status_code)
  750. # Deactivating a deactivated image succeeds (no-op)
  751. path = self._url('/v2/images/%s/actions/deactivate' % image_id)
  752. response = requests.post(path, data={}, headers=self._headers())
  753. self.assertEqual(http.NO_CONTENT, response.status_code)
  754. # Can't download a deactivated image
  755. path = self._url('/v2/images/%s/file' % image_id)
  756. response = requests.get(path, headers=self._headers())
  757. self.assertEqual(http.FORBIDDEN, response.status_code)
  758. # Deactivated image should still be in a listing
  759. path = self._url('/v2/images')
  760. response = requests.get(path, headers=self._headers())
  761. self.assertEqual(http.OK, response.status_code)
  762. images = jsonutils.loads(response.text)['images']
  763. self.assertEqual(2, len(images))
  764. self.assertEqual(image2_id, images[0]['id'])
  765. self.assertEqual(image_id, images[1]['id'])
  766. # Should be able to reactivate a deactivated image
  767. path = self._url('/v2/images/%s/actions/reactivate' % image_id)
  768. response = requests.post(path, data={}, headers=self._headers())
  769. self.assertEqual(http.NO_CONTENT, response.status_code)
  770. # Reactivating an active image succeeds (no-op)
  771. path = self._url('/v2/images/%s/actions/reactivate' % image_id)
  772. response = requests.post(path, data={}, headers=self._headers())
  773. self.assertEqual(http.NO_CONTENT, response.status_code)
  774. # Deletion should not work on protected images
  775. path = self._url('/v2/images/%s' % image_id)
  776. response = requests.delete(path, headers=self._headers())
  777. self.assertEqual(http.FORBIDDEN, response.status_code)
  778. # Unprotect image for deletion
  779. path = self._url('/v2/images/%s' % image_id)
  780. media_type = 'application/openstack-images-v2.1-json-patch'
  781. headers = self._headers({'content-type': media_type})
  782. doc = [{'op': 'replace', 'path': '/protected', 'value': False}]
  783. data = jsonutils.dumps(doc)
  784. response = requests.patch(path, headers=headers, data=data)
  785. self.assertEqual(http.OK, response.status_code, response.text)
  786. # Deletion should work. Deleting image-1
  787. path = self._url('/v2/images/%s' % image_id)
  788. response = requests.delete(path, headers=self._headers())
  789. self.assertEqual(http.NO_CONTENT, response.status_code)
  790. # This image should be no longer be directly accessible
  791. path = self._url('/v2/images/%s' % image_id)
  792. response = requests.get(path, headers=self._headers())
  793. self.assertEqual(http.NOT_FOUND, response.status_code)
  794. # And neither should its data
  795. path = self._url('/v2/images/%s/file' % image_id)
  796. headers = self._headers()
  797. response = requests.get(path, headers=headers)
  798. self.assertEqual(http.NOT_FOUND, response.status_code)
  799. # Image list should now contain just image-2
  800. path = self._url('/v2/images')
  801. response = requests.get(path, headers=self._headers())
  802. self.assertEqual(http.OK, response.status_code)
  803. images = jsonutils.loads(response.text)['images']
  804. self.assertEqual(1, len(images))
  805. self.assertEqual(image2_id, images[0]['id'])
  806. # Deleting image-2 should work
  807. path = self._url('/v2/images/%s' % image2_id)
  808. response = requests.delete(path, headers=self._headers())
  809. self.assertEqual(http.NO_CONTENT, response.status_code)
  810. # Image list should now be empty
  811. path = self._url('/v2/images')
  812. response = requests.get(path, headers=self._headers())
  813. self.assertEqual(http.OK, response.status_code)
  814. images = jsonutils.loads(response.text)['images']
  815. self.assertEqual(0, len(images))
  816. # Create image that tries to send True should return 400
  817. path = self._url('/v2/images')
  818. headers = self._headers({'content-type': 'application/json'})
  819. data = 'true'
  820. response = requests.post(path, headers=headers, data=data)
  821. self.assertEqual(http.BAD_REQUEST, response.status_code)
  822. # Create image that tries to send a string should return 400
  823. path = self._url('/v2/images')
  824. headers = self._headers({'content-type': 'application/json'})
  825. data = '"hello"'
  826. response = requests.post(path, headers=headers, data=data)
  827. self.assertEqual(http.BAD_REQUEST, response.status_code)
  828. # Create image that tries to send 123 should return 400
  829. path = self._url('/v2/images')
  830. headers = self._headers({'content-type': 'application/json'})
  831. data = '123'
  832. response = requests.post(path, headers=headers, data=data)
  833. self.assertEqual(http.BAD_REQUEST, response.status_code)
  834. self.stop_servers()
  835. def test_hidden_images(self):
  836. # Image list should be empty
  837. self.api_server.show_multiple_locations = True
  838. self.start_servers(**self.__dict__.copy())
  839. path = self._url('/v2/images')
  840. response = requests.get(path, headers=self._headers())
  841. self.assertEqual(http.OK, response.status_code)
  842. images = jsonutils.loads(response.text)['images']
  843. self.assertEqual(0, len(images))
  844. # Create an image
  845. path = self._url('/v2/images')
  846. headers = self._headers({'content-type': 'application/json'})
  847. data = jsonutils.dumps({'name': 'image-1', 'type': 'kernel',
  848. 'disk_format': 'aki',
  849. 'container_format': 'aki',
  850. 'protected': False})
  851. response = requests.post(path, headers=headers, data=data)
  852. self.assertEqual(http.CREATED, response.status_code)
  853. # Returned image entity should have a generated id and status
  854. image = jsonutils.loads(response.text)
  855. image_id = image['id']
  856. checked_keys = set([
  857. u'status',
  858. u'name',
  859. u'tags',
  860. u'created_at',
  861. u'updated_at',
  862. u'visibility',
  863. u'self',
  864. u'protected',
  865. u'os_hidden',
  866. u'id',
  867. u'file',
  868. u'min_disk',
  869. u'type',
  870. u'min_ram',
  871. u'schema',
  872. u'disk_format',
  873. u'container_format',
  874. u'owner',
  875. u'checksum',
  876. u'os_hash_algo',
  877. u'os_hash_value',
  878. u'size',
  879. u'virtual_size',
  880. u'locations',
  881. ])
  882. self.assertEqual(checked_keys, set(image.keys()))
  883. # Returned image entity should have os_hidden as False
  884. expected_image = {
  885. 'status': 'queued',
  886. 'name': 'image-1',
  887. 'tags': [],
  888. 'visibility': 'shared',
  889. 'self': '/v2/images/%s' % image_id,
  890. 'protected': False,
  891. 'os_hidden': False,
  892. 'file': '/v2/images/%s/file' % image_id,
  893. 'min_disk': 0,
  894. 'type': 'kernel',
  895. 'min_ram': 0,
  896. 'schema': '/v2/schemas/image',
  897. }
  898. for key, value in expected_image.items():
  899. self.assertEqual(value, image[key], key)
  900. # Image list should now have one entry
  901. path = self._url('/v2/images')
  902. response = requests.get(path, headers=self._headers())
  903. self.assertEqual(http.OK, response.status_code)
  904. images = jsonutils.loads(response.text)['images']
  905. self.assertEqual(1, len(images))
  906. self.assertEqual(image_id, images[0]['id'])
  907. # Create another image wiht hidden true
  908. path = self._url('/v2/images')
  909. headers = self._headers({'content-type': 'application/json'})
  910. data = jsonutils.dumps({'name': 'image-2', 'type': 'kernel',
  911. 'disk_format': 'aki',
  912. 'container_format': 'aki',
  913. 'os_hidden': True})
  914. response = requests.post(path, headers=headers, data=data)
  915. self.assertEqual(http.CREATED, response.status_code)
  916. # Returned image entity should have a generated id and status
  917. image = jsonutils.loads(response.text)
  918. image2_id = image['id']
  919. checked_keys = set([
  920. u'status',
  921. u'name',
  922. u'tags',
  923. u'created_at',
  924. u'updated_at',
  925. u'visibility',
  926. u'self',
  927. u'protected',
  928. u'os_hidden',
  929. u'id',
  930. u'file',
  931. u'min_disk',
  932. u'type',
  933. u'min_ram',
  934. u'schema',
  935. u'disk_format',
  936. u'container_format',
  937. u'owner',
  938. u'checksum',
  939. u'os_hash_algo',
  940. u'os_hash_value',
  941. u'size',
  942. u'virtual_size',
  943. u'locations',
  944. ])
  945. self.assertEqual(checked_keys, set(image.keys()))
  946. # Returned image entity should have os_hidden as True
  947. expected_image = {
  948. 'status': 'queued',
  949. 'name': 'image-2',
  950. 'tags': [],
  951. 'visibility': 'shared',
  952. 'self': '/v2/images/%s' % image2_id,
  953. 'protected': False,
  954. 'os_hidden': True,
  955. 'file': '/v2/images/%s/file' % image2_id,
  956. 'min_disk': 0,
  957. 'type': 'kernel',
  958. 'min_ram': 0,
  959. 'schema': '/v2/schemas/image',
  960. }
  961. for key, value in expected_image.items():
  962. self.assertEqual(value, image[key], key)
  963. # Image list should now have one entries
  964. path = self._url('/v2/images')
  965. response = requests.get(path, headers=self._headers())
  966. self.assertEqual(http.OK, response.status_code)
  967. images = jsonutils.loads(response.text)['images']
  968. self.assertEqual(1, len(images))
  969. self.assertEqual(image_id, images[0]['id'])
  970. # Image list should list should show one image based on the filter
  971. # 'hidden=false'
  972. path = self._url('/v2/images?os_hidden=false')
  973. response = requests.get(path, headers=self._headers())
  974. self.assertEqual(http.OK, response.status_code)
  975. images = jsonutils.loads(response.text)['images']
  976. self.assertEqual(1, len(images))
  977. self.assertEqual(image_id, images[0]['id'])
  978. # Image list should list should show one image based on the filter
  979. # 'hidden=true'
  980. path = self._url('/v2/images?os_hidden=true')
  981. response = requests.get(path, headers=self._headers())
  982. self.assertEqual(http.OK, response.status_code)
  983. images = jsonutils.loads(response.text)['images']
  984. self.assertEqual(1, len(images))
  985. self.assertEqual(image2_id, images[0]['id'])
  986. # Image list should return 400 based on the filter
  987. # 'hidden=abcd'
  988. path = self._url('/v2/images?os_hidden=abcd')
  989. response = requests.get(path, headers=self._headers())
  990. self.assertEqual(http.BAD_REQUEST, response.status_code)
  991. def _verify_image_checksum_and_status(checksum, status):
  992. # Checksum should be populated and status should be active
  993. path = self._url('/v2/images/%s' % image_id)
  994. response = requests.get(path, headers=self._headers())
  995. self.assertEqual(http.OK, response.status_code)
  996. image = jsonutils.loads(response.text)
  997. self.assertEqual(checksum, image['checksum'])
  998. self.assertEqual(status, image['status'])
  999. # Upload some image data to image-1
  1000. path = self._url('/v2/images/%s/file' % image_id)
  1001. headers = self._headers({'Content-Type': 'application/octet-stream'})
  1002. response = requests.put(path, headers=headers, data='ZZZZZ')
  1003. self.assertEqual(http.NO_CONTENT, response.status_code)
  1004. expected_checksum = '8f113e38d28a79a5a451b16048cc2b72'
  1005. _verify_image_checksum_and_status(expected_checksum, 'active')
  1006. # Upload some image data to image-2
  1007. path = self._url('/v2/images/%s/file' % image2_id)
  1008. headers = self._headers({'Content-Type': 'application/octet-stream'})
  1009. response = requests.put(path, headers=headers, data='ZZZZZ')
  1010. self.assertEqual(http.NO_CONTENT, response.status_code)
  1011. expected_checksum = '8f113e38d28a79a5a451b16048cc2b72'
  1012. _verify_image_checksum_and_status(expected_checksum, 'active')
  1013. # Hide image-1
  1014. path = self._url('/v2/images/%s' % image_id)
  1015. media_type = 'application/openstack-images-v2.1-json-patch'
  1016. headers = self._headers({'content-type': media_type})
  1017. data = jsonutils.dumps([
  1018. {'op': 'replace', 'path': '/os_hidden', 'value': True},
  1019. ])
  1020. response = requests.patch(path, headers=headers, data=data)
  1021. self.assertEqual(http.OK, response.status_code, response.text)
  1022. # Returned image entity should reflect the changes
  1023. image = jsonutils.loads(response.text)
  1024. self.assertTrue(image['os_hidden'])
  1025. # Image list should now have 0 entries
  1026. path = self._url('/v2/images')
  1027. response = requests.get(path, headers=self._headers())
  1028. self.assertEqual(http.OK, response.status_code)
  1029. images = jsonutils.loads(response.text)['images']
  1030. self.assertEqual(0, len(images))
  1031. # Image list should list should show image-1, and image-2 based
  1032. # on the filter 'hidden=true'
  1033. path = self._url('/v2/images?os_hidden=true')
  1034. response = requests.get(path, headers=self._headers())
  1035. self.assertEqual(http.OK, response.status_code)
  1036. images = jsonutils.loads(response.text)['images']
  1037. self.assertEqual(2, len(images))
  1038. self.assertEqual(image2_id, images[0]['id'])
  1039. self.assertEqual(image_id, images[1]['id'])
  1040. # Un-Hide image-1
  1041. path = self._url('/v2/images/%s' % image_id)
  1042. media_type = 'application/openstack-images-v2.1-json-patch'
  1043. headers = self._headers({'content-type': media_type})
  1044. data = jsonutils.dumps([
  1045. {'op': 'replace', 'path': '/os_hidden', 'value': False},
  1046. ])
  1047. response = requests.patch(path, headers=headers, data=data)
  1048. self.assertEqual(http.OK, response.status_code, response.text)
  1049. # Returned image entity should reflect the changes
  1050. image = jsonutils.loads(response.text)
  1051. self.assertFalse(image['os_hidden'])
  1052. # Image list should now have 1 entry
  1053. path = self._url('/v2/images')
  1054. response = requests.get(path, headers=self._headers())
  1055. self.assertEqual(http.OK, response.status_code)
  1056. images = jsonutils.loads(response.text)['images']
  1057. self.assertEqual(1, len(images))
  1058. self.assertEqual(image_id, images[0]['id'])
  1059. # Deleting image-1 should work
  1060. path = self._url('/v2/images/%s' % image_id)
  1061. response = requests.delete(path, headers=self._headers())
  1062. self.assertEqual(http.NO_CONTENT, response.status_code)
  1063. # Deleting image-2 should work
  1064. path = self._url('/v2/images/%s' % image2_id)
  1065. response = requests.delete(path, headers=self._headers())
  1066. self.assertEqual(http.NO_CONTENT, response.status_code)
  1067. # Image list should now be empty
  1068. path = self._url('/v2/images')
  1069. response = requests.get(path, headers=self._headers())
  1070. self.assertEqual(http.OK, response.status_code)
  1071. images = jsonutils.loads(response.text)['images']
  1072. self.assertEqual(0, len(images))
  1073. self.stop_servers()
  1074. def test_update_readonly_prop(self):
  1075. self.start_servers(**self.__dict__.copy())
  1076. # Create an image (with two deployer-defined properties)
  1077. path = self._url('/v2/images')
  1078. headers = self._headers({'content-type': 'application/json'})
  1079. data = jsonutils.dumps({'name': 'image-1'})
  1080. response = requests.post(path, headers=headers, data=data)
  1081. image = jsonutils.loads(response.text)
  1082. image_id = image['id']
  1083. path = self._url('/v2/images/%s' % image_id)
  1084. media_type = 'application/openstack-images-v2.1-json-patch'
  1085. headers = self._headers({'content-type': media_type})
  1086. props = ['/id', '/file', '/location', '/schema', '/self']
  1087. for prop in props:
  1088. doc = [{'op': 'replace',
  1089. 'path': prop,
  1090. 'value': 'value1'}]
  1091. data = jsonutils.dumps(doc)
  1092. response = requests.patch(path, headers=headers, data=data)
  1093. self.assertEqual(http.FORBIDDEN, response.status_code)
  1094. for prop in props:
  1095. doc = [{'op': 'remove',
  1096. 'path': prop,
  1097. 'value': 'value1'}]
  1098. data = jsonutils.dumps(doc)
  1099. response = requests.patch(path, headers=headers, data=data)
  1100. self.assertEqual(http.FORBIDDEN, response.status_code)
  1101. for prop in props:
  1102. doc = [{'op': 'add',
  1103. 'path': prop,
  1104. 'value': 'value1'}]
  1105. data = jsonutils.dumps(doc)
  1106. response = requests.patch(path, headers=headers, data=data)
  1107. self.assertEqual(http.FORBIDDEN, response.status_code)
  1108. self.stop_servers()
  1109. def test_methods_that_dont_accept_illegal_bodies(self):
  1110. # Check images can be reached
  1111. self.start_servers(**self.__dict__.copy())
  1112. path = self._url('/v2/images')
  1113. response = requests.get(path, headers=self._headers())
  1114. self.assertEqual(http.OK, response.status_code)
  1115. # Test all the schemas
  1116. schema_urls = [
  1117. '/v2/schemas/images',
  1118. '/v2/schemas/image',
  1119. '/v2/schemas/members',
  1120. '/v2/schemas/member',
  1121. ]
  1122. for value in schema_urls:
  1123. path = self._url(value)
  1124. data = jsonutils.dumps(["body"])
  1125. response = requests.get(path, headers=self._headers(), data=data)
  1126. self.assertEqual(http.BAD_REQUEST, response.status_code)
  1127. # Create image for use with tests
  1128. path = self._url('/v2/images')
  1129. headers = self._headers({'content-type': 'application/json'})
  1130. data = jsonutils.dumps({'name': 'image'})
  1131. response = requests.post(path, headers=headers, data=data)
  1132. self.assertEqual(http.CREATED, response.status_code)
  1133. image = jsonutils.loads(response.text)
  1134. image_id = image['id']
  1135. test_urls = [
  1136. ('/v2/images/%s', 'get'),
  1137. ('/v2/images/%s/actions/deactivate', 'post'),
  1138. ('/v2/images/%s/actions/reactivate', 'post'),
  1139. ('/v2/images/%s/tags/mytag', 'put'),
  1140. ('/v2/images/%s/tags/mytag', 'delete'),
  1141. ('/v2/images/%s/members', 'get'),
  1142. ('/v2/images/%s/file', 'get'),
  1143. ('/v2/images/%s', 'delete'),
  1144. ]
  1145. for link, method in test_urls:
  1146. path = self._url(link % image_id)
  1147. data = jsonutils.dumps(["body"])
  1148. response = getattr(requests, method)(
  1149. path, headers=self._headers(), data=data)
  1150. self.assertEqual(http.BAD_REQUEST, response.status_code)
  1151. # DELETE /images/imgid without legal json
  1152. path = self._url('/v2/images/%s' % image_id)
  1153. data = '{"hello"]'
  1154. response = requests.delete(path, headers=self._headers(), data=data)
  1155. self.assertEqual(http.BAD_REQUEST, response.status_code)
  1156. # POST /images/imgid/members
  1157. path = self._url('/v2/images/%s/members' % image_id)
  1158. data = jsonutils.dumps({'member': TENANT3})
  1159. response = requests.post(path, headers=self._headers(), data=data)
  1160. self.assertEqual(http.OK, response.status_code)
  1161. # GET /images/imgid/members/memid
  1162. path = self._url('/v2/images/%s/members/%s' % (image_id, TENANT3))
  1163. data = jsonutils.dumps(["body"])
  1164. response = requests.get(path, headers=self._headers(), data=data)
  1165. self.assertEqual(http.BAD_REQUEST, response.status_code)
  1166. # DELETE /images/imgid/members/memid
  1167. path = self._url('/v2/images/%s/members/%s' % (image_id, TENANT3))
  1168. data = jsonutils.dumps(["body"])
  1169. response = requests.delete(path, headers=self._headers(), data=data)
  1170. self.assertEqual(http.BAD_REQUEST, response.status_code)
  1171. self.stop_servers()
  1172. def test_download_random_access_w_range_request(self):
  1173. """
  1174. Test partial download 'Range' requests for images (random image access)
  1175. """
  1176. self.start_servers(**self.__dict__.copy())
  1177. # Create an image (with two deployer-defined properties)
  1178. path = self._url('/v2/images')
  1179. headers = self._headers({'content-type': 'application/json'})
  1180. data = jsonutils.dumps({'name': 'image-2', 'type': 'kernel',
  1181. 'bar': 'foo', 'disk_format': 'aki',
  1182. 'container_format': 'aki', 'xyz': 'abc'})
  1183. response = requests.post(path, headers=headers, data=data)
  1184. self.assertEqual(http.CREATED, response.status_code)
  1185. image = jsonutils.loads(response.text)
  1186. image_id = image['id']
  1187. # Upload data to image
  1188. image_data = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
  1189. path = self._url('/v2/images/%s/file' % image_id)
  1190. headers = self._headers({'Content-Type': 'application/octet-stream'})
  1191. response = requests.put(path, headers=headers, data=image_data)
  1192. self.assertEqual(http.NO_CONTENT, response.status_code)
  1193. # test for success on satisfiable Range request.
  1194. range_ = 'bytes=3-10'
  1195. headers = self._headers({'Range': range_})
  1196. path = self._url('/v2/images/%s/file' % image_id)
  1197. response = requests.get(path, headers=headers)
  1198. self.assertEqual(http.PARTIAL_CONTENT, response.status_code)
  1199. self.assertEqual('DEFGHIJK', response.text)
  1200. # test for failure on unsatisfiable Range request.
  1201. range_ = 'bytes=10-5'
  1202. headers = self._headers({'Range': range_})
  1203. path = self._url('/v2/images/%s/file' % image_id)
  1204. response = requests.get(path, headers=headers)
  1205. self.assertEqual(http.REQUESTED_RANGE_NOT_SATISFIABLE,
  1206. response.status_code)
  1207. self.stop_servers()
  1208. def test_download_random_access_w_content_range(self):
  1209. """
  1210. Even though Content-Range is incorrect on requests, we support it
  1211. for backward compatibility with clients written for pre-Pike Glance.
  1212. The following test is for 'Content-Range' requests, which we have
  1213. to ensure that we prevent regression.
  1214. """
  1215. self.start_servers(**self.__dict__.copy())
  1216. # Create another image (with two deployer-defined properties)
  1217. path = self._url('/v2/images')
  1218. headers = self._headers({'content-type': 'application/json'})
  1219. data = jsonutils.dumps({'name': 'image-2', 'type': 'kernel',
  1220. 'bar': 'foo', 'disk_format': 'aki',
  1221. 'container_format': 'aki', 'xyz': 'abc'})
  1222. response = requests.post(path, headers=headers, data=data)
  1223. self.assertEqual(http.CREATED, response.status_code)
  1224. image = jsonutils.loads(response.text)
  1225. image_id = image['id']
  1226. # Upload data to image
  1227. image_data = 'Z' * 15
  1228. path = self._url('/v2/images/%s/file' % image_id)
  1229. headers = self._headers({'Content-Type': 'application/octet-stream'})
  1230. response = requests.put(path, headers=headers, data=image_data)
  1231. self.assertEqual(http.NO_CONTENT, response.status_code)
  1232. result_body = ''
  1233. for x in range(15):
  1234. # NOTE(flaper87): Read just 1 byte. Content-Range is
  1235. # 0-indexed and it specifies the first byte to read
  1236. # and the last byte to read.
  1237. content_range = 'bytes %s-%s/15' % (x, x)
  1238. headers = self._headers({'Content-Range': content_range})
  1239. path = self._url('/v2/images/%s/file' % image_id)
  1240. response = requests.get(path, headers=headers)
  1241. self.assertEqual(http.PARTIAL_CONTENT, response.status_code)
  1242. result_body += response.text
  1243. self.assertEqual(result_body, image_data)
  1244. # test for failure on unsatisfiable request for ContentRange.
  1245. content_range = 'bytes 3-16/15'
  1246. headers = self._headers({'Content-Range': content_range})
  1247. path = self._url('/v2/images/%s/file' % image_id)
  1248. response = requests.get(path, headers=headers)
  1249. self.assertEqual(http.REQUESTED_RANGE_NOT_SATISFIABLE,
  1250. response.status_code)
  1251. self.stop_servers()
  1252. def test_download_policy_when_cache_is_not_enabled(self):
  1253. rules = {'context_is_admin': 'role:admin',
  1254. 'default': '',
  1255. 'add_image': '',
  1256. 'get_image': '',
  1257. 'modify_image': '',
  1258. 'upload_image': '',
  1259. 'delete_image': '',
  1260. 'download_image': '!'}
  1261. self.set_policy_rules(rules)
  1262. self.start_servers(**self.__dict__.copy())
  1263. # Create an image
  1264. path = self._url('/v2/images')
  1265. headers = self._headers({'content-type': 'application/json',
  1266. 'X-Roles': 'member'})
  1267. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  1268. 'container_format': 'aki'})
  1269. response = requests.post(path, headers=headers, data=data)
  1270. self.assertEqual(http.CREATED, response.status_code)
  1271. # Returned image entity
  1272. image = jsonutils.loads(response.text)
  1273. image_id = image['id']
  1274. expected_image = {
  1275. 'status': 'queued',
  1276. 'name': 'image-1',
  1277. 'tags': [],
  1278. 'visibility': 'shared',
  1279. 'self': '/v2/images/%s' % image_id,
  1280. 'protected': False,
  1281. 'file': '/v2/images/%s/file' % image_id,
  1282. 'min_disk': 0,
  1283. 'min_ram': 0,
  1284. 'schema': '/v2/schemas/image',
  1285. }
  1286. for key, value in six.iteritems(expected_image):
  1287. self.assertEqual(value, image[key], key)
  1288. # Upload data to image
  1289. path = self._url('/v2/images/%s/file' % image_id)
  1290. headers = self._headers({'Content-Type': 'application/octet-stream'})
  1291. response = requests.put(path, headers=headers, data='ZZZZZ')
  1292. self.assertEqual(http.NO_CONTENT, response.status_code)
  1293. # Get an image should fail
  1294. path = self._url('/v2/images/%s/file' % image_id)
  1295. headers = self._headers({'Content-Type': 'application/octet-stream'})
  1296. response = requests.get(path, headers=headers)
  1297. self.assertEqual(http.FORBIDDEN, response.status_code)
  1298. # Image Deletion should work
  1299. path = self._url('/v2/images/%s' % image_id)
  1300. response = requests.delete(path, headers=self._headers())
  1301. self.assertEqual(http.NO_CONTENT, response.status_code)
  1302. # This image should be no longer be directly accessible
  1303. path = self._url('/v2/images/%s' % image_id)
  1304. response = requests.get(path, headers=self._headers())
  1305. self.assertEqual(http.NOT_FOUND, response.status_code)
  1306. self.stop_servers()
  1307. def test_download_image_not_allowed_using_restricted_policy(self):
  1308. rules = {
  1309. "context_is_admin": "role:admin",
  1310. "default": "",
  1311. "add_image": "",
  1312. "get_image": "",
  1313. "modify_image": "",
  1314. "upload_image": "",
  1315. "delete_image": "",
  1316. "restricted":
  1317. "not ('aki':%(container_format)s and role:_member_)",
  1318. "download_image": "role:admin or rule:restricted"
  1319. }
  1320. self.set_policy_rules(rules)
  1321. self.start_servers(**self.__dict__.copy())
  1322. # Create an image
  1323. path = self._url('/v2/images')
  1324. headers = self._headers({'content-type': 'application/json',
  1325. 'X-Roles': 'member'})
  1326. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  1327. 'container_format': 'aki'})
  1328. response = requests.post(path, headers=headers, data=data)
  1329. self.assertEqual(http.CREATED, response.status_code)
  1330. # Returned image entity
  1331. image = jsonutils.loads(response.text)
  1332. image_id = image['id']
  1333. expected_image = {
  1334. 'status': 'queued',
  1335. 'name': 'image-1',
  1336. 'tags': [],
  1337. 'visibility': 'shared',
  1338. 'self': '/v2/images/%s' % image_id,
  1339. 'protected': False,
  1340. 'file': '/v2/images/%s/file' % image_id,
  1341. 'min_disk': 0,
  1342. 'min_ram': 0,
  1343. 'schema': '/v2/schemas/image',
  1344. }
  1345. for key, value in six.iteritems(expected_image):
  1346. self.assertEqual(value, image[key], key)
  1347. # Upload data to image
  1348. path = self._url('/v2/images/%s/file' % image_id)
  1349. headers = self._headers({'Content-Type': 'application/octet-stream'})
  1350. response = requests.put(path, headers=headers, data='ZZZZZ')
  1351. self.assertEqual(http.NO_CONTENT, response.status_code)
  1352. # Get an image should fail
  1353. path = self._url('/v2/images/%s/file' % image_id)
  1354. headers = self._headers({'Content-Type': 'application/octet-stream',
  1355. 'X-Roles': '_member_'})
  1356. response = requests.get(path, headers=headers)
  1357. self.assertEqual(http.FORBIDDEN, response.status_code)
  1358. # Image Deletion should work
  1359. path = self._url('/v2/images/%s' % image_id)
  1360. response = requests.delete(path, headers=self._headers())
  1361. self.assertEqual(http.NO_CONTENT, response.status_code)
  1362. # This image should be no longer be directly accessible
  1363. path = self._url('/v2/images/%s' % image_id)
  1364. response = requests.get(path, headers=self._headers())
  1365. self.assertEqual(http.NOT_FOUND, response.status_code)
  1366. self.stop_servers()
  1367. def test_download_image_allowed_using_restricted_policy(self):
  1368. rules = {
  1369. "context_is_admin": "role:admin",
  1370. "default": "",
  1371. "add_image": "",
  1372. "get_image": "",
  1373. "modify_image": "",
  1374. "upload_image": "",
  1375. "get_image_location": "",
  1376. "delete_image": "",
  1377. "restricted":
  1378. "not ('aki':%(container_format)s and role:_member_)",
  1379. "download_image": "role:admin or rule:restricted"
  1380. }
  1381. self.set_policy_rules(rules)
  1382. self.start_servers(**self.__dict__.copy())
  1383. # Create an image
  1384. path = self._url('/v2/images')
  1385. headers = self._headers({'content-type': 'application/json',
  1386. 'X-Roles': 'member'})
  1387. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  1388. 'container_format': 'aki'})
  1389. response = requests.post(path, headers=headers, data=data)
  1390. self.assertEqual(http.CREATED, response.status_code)
  1391. # Returned image entity
  1392. image = jsonutils.loads(response.text)
  1393. image_id = image['id']
  1394. expected_image = {
  1395. 'status': 'queued',
  1396. 'name': 'image-1',
  1397. 'tags': [],
  1398. 'visibility': 'shared',
  1399. 'self': '/v2/images/%s' % image_id,
  1400. 'protected': False,
  1401. 'file': '/v2/images/%s/file' % image_id,
  1402. 'min_disk': 0,
  1403. 'min_ram': 0,
  1404. 'schema': '/v2/schemas/image',
  1405. }
  1406. for key, value in six.iteritems(expected_image):
  1407. self.assertEqual(value, image[key], key)
  1408. # Upload data to image
  1409. path = self._url('/v2/images/%s/file' % image_id)
  1410. headers = self._headers({'Content-Type': 'application/octet-stream'})
  1411. response = requests.put(path, headers=headers, data='ZZZZZ')
  1412. self.assertEqual(http.NO_CONTENT, response.status_code)
  1413. # Get an image should be allowed
  1414. path = self._url('/v2/images/%s/file' % image_id)
  1415. headers = self._headers({'Content-Type': 'application/octet-stream',
  1416. 'X-Roles': 'member'})
  1417. response = requests.get(path, headers=headers)
  1418. self.assertEqual(http.OK, response.status_code)
  1419. # Image Deletion should work
  1420. path = self._url('/v2/images/%s' % image_id)
  1421. response = requests.delete(path, headers=self._headers())
  1422. self.assertEqual(http.NO_CONTENT, response.status_code)
  1423. # This image should be no longer be directly accessible
  1424. path = self._url('/v2/images/%s' % image_id)
  1425. response = requests.get(path, headers=self._headers())
  1426. self.assertEqual(http.NOT_FOUND, response.status_code)
  1427. self.stop_servers()
  1428. def test_download_image_raises_service_unavailable(self):
  1429. """Test image download returns HTTPServiceUnavailable."""
  1430. self.api_server.show_multiple_locations = True
  1431. self.start_servers(**self.__dict__.copy())
  1432. # Create an image
  1433. path = self._url('/v2/images')
  1434. headers = self._headers({'content-type': 'application/json'})
  1435. data = jsonutils.dumps({'name': 'image-1',
  1436. 'disk_format': 'aki',
  1437. 'container_format': 'aki'})
  1438. response = requests.post(path, headers=headers, data=data)
  1439. self.assertEqual(http.CREATED, response.status_code)
  1440. # Get image id
  1441. image = jsonutils.loads(response.text)
  1442. image_id = image['id']
  1443. # Update image locations via PATCH
  1444. path = self._url('/v2/images/%s' % image_id)
  1445. media_type = 'application/openstack-images-v2.1-json-patch'
  1446. headers = self._headers({'content-type': media_type})
  1447. http_server_pid, http_port = test_utils.start_http_server(image_id,
  1448. "image-1")
  1449. values = [{'url': 'http://127.0.0.1:%s/image-1' % http_port,
  1450. 'metadata': {'idx': '0'}}]
  1451. doc = [{'op': 'replace',
  1452. 'path': '/locations',
  1453. 'value': values}]
  1454. data = jsonutils.dumps(doc)
  1455. response = requests.patch(path, headers=headers, data=data)
  1456. self.assertEqual(http.OK, response.status_code)
  1457. # Download an image should work
  1458. path = self._url('/v2/images/%s/file' % image_id)
  1459. headers = self._headers({'Content-Type': 'application/json'})
  1460. response = requests.get(path, headers=headers)
  1461. self.assertEqual(http.OK, response.status_code)
  1462. # Stop http server used to update image location
  1463. os.kill(http_server_pid, signal.SIGKILL)
  1464. # Download an image should raise HTTPServiceUnavailable
  1465. path = self._url('/v2/images/%s/file' % image_id)
  1466. headers = self._headers({'Content-Type': 'application/json'})
  1467. response = requests.get(path, headers=headers)
  1468. self.assertEqual(http.SERVICE_UNAVAILABLE, response.status_code)
  1469. # Image Deletion should work
  1470. path = self._url('/v2/images/%s' % image_id)
  1471. response = requests.delete(path, headers=self._headers())
  1472. self.assertEqual(http.NO_CONTENT, response.status_code)
  1473. # This image should be no longer be directly accessible
  1474. path = self._url('/v2/images/%s' % image_id)
  1475. response = requests.get(path, headers=self._headers())
  1476. self.assertEqual(http.NOT_FOUND, response.status_code)
  1477. self.stop_servers()
  1478. def test_image_modification_works_for_owning_tenant_id(self):
  1479. rules = {
  1480. "context_is_admin": "role:admin",
  1481. "default": "",
  1482. "add_image": "",
  1483. "get_image": "",
  1484. "modify_image": "tenant:%(owner)s",
  1485. "upload_image": "",
  1486. "get_image_location": "",
  1487. "delete_image": "",
  1488. "restricted":
  1489. "not ('aki':%(container_format)s and role:_member_)",
  1490. "download_image": "role:admin or rule:restricted"
  1491. }
  1492. self.set_policy_rules(rules)
  1493. self.start_servers(**self.__dict__.copy())
  1494. path = self._url('/v2/images')
  1495. headers = self._headers({'content-type': 'application/json',
  1496. 'X-Roles': 'admin'})
  1497. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  1498. 'container_format': 'aki'})
  1499. response = requests.post(path, headers=headers, data=data)
  1500. self.assertEqual(http.CREATED, response.status_code)
  1501. # Get the image's ID
  1502. image = jsonutils.loads(response.text)
  1503. image_id = image['id']
  1504. path = self._url('/v2/images/%s' % image_id)
  1505. media_type = 'application/openstack-images-v2.1-json-patch'
  1506. headers['content-type'] = media_type
  1507. del headers['X-Roles']
  1508. data = jsonutils.dumps([
  1509. {'op': 'replace', 'path': '/name', 'value': 'new-name'},
  1510. ])
  1511. response = requests.patch(path, headers=headers, data=data)
  1512. self.assertEqual(http.OK, response.status_code)
  1513. self.stop_servers()
  1514. def test_image_modification_fails_on_mismatched_tenant_ids(self):
  1515. rules = {
  1516. "context_is_admin": "role:admin",
  1517. "default": "",
  1518. "add_image": "",
  1519. "get_image": "",
  1520. "modify_image": "'A-Fake-Tenant-Id':%(owner)s",
  1521. "upload_image": "",
  1522. "get_image_location": "",
  1523. "delete_image": "",
  1524. "restricted":
  1525. "not ('aki':%(container_format)s and role:_member_)",
  1526. "download_image": "role:admin or rule:restricted"
  1527. }
  1528. self.set_policy_rules(rules)
  1529. self.start_servers(**self.__dict__.copy())
  1530. path = self._url('/v2/images')
  1531. headers = self._headers({'content-type': 'application/json',
  1532. 'X-Roles': 'admin'})
  1533. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  1534. 'container_format': 'aki'})
  1535. response = requests.post(path, headers=headers, data=data)
  1536. self.assertEqual(http.CREATED, response.status_code)
  1537. # Get the image's ID
  1538. image = jsonutils.loads(response.text)
  1539. image_id = image['id']
  1540. path = self._url('/v2/images/%s' % image_id)
  1541. media_type = 'application/openstack-images-v2.1-json-patch'
  1542. headers['content-type'] = media_type
  1543. del headers['X-Roles']
  1544. data = jsonutils.dumps([
  1545. {'op': 'replace', 'path': '/name', 'value': 'new-name'},
  1546. ])
  1547. response = requests.patch(path, headers=headers, data=data)
  1548. self.assertEqual(http.FORBIDDEN, response.status_code)
  1549. self.stop_servers()
  1550. def test_member_additions_works_for_owning_tenant_id(self):
  1551. rules = {
  1552. "context_is_admin": "role:admin",
  1553. "default": "",
  1554. "add_image": "",
  1555. "get_image": "",
  1556. "modify_image": "",
  1557. "upload_image": "",
  1558. "get_image_location": "",
  1559. "delete_image": "",
  1560. "restricted":
  1561. "not ('aki':%(container_format)s and role:_member_)",
  1562. "download_image": "role:admin or rule:restricted",
  1563. "add_member": "tenant:%(owner)s",
  1564. }
  1565. self.set_policy_rules(rules)
  1566. self.start_servers(**self.__dict__.copy())
  1567. path = self._url('/v2/images')
  1568. headers = self._headers({'content-type': 'application/json',
  1569. 'X-Roles': 'admin'})
  1570. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  1571. 'container_format': 'aki'})
  1572. response = requests.post(path, headers=headers, data=data)
  1573. self.assertEqual(http.CREATED, response.status_code)
  1574. # Get the image's ID
  1575. image = jsonutils.loads(response.text)
  1576. image_id = image['id']
  1577. # Get the image's members resource
  1578. path = self._url('/v2/images/%s/members' % image_id)
  1579. body = jsonutils.dumps({'member': TENANT3})
  1580. del headers['X-Roles']
  1581. response = requests.post(path, headers=headers, data=body)
  1582. self.assertEqual(http.OK, response.status_code)
  1583. self.stop_servers()
  1584. def test_image_additions_works_only_for_specific_tenant_id(self):
  1585. rules = {
  1586. "context_is_admin": "role:admin",
  1587. "default": "",
  1588. "add_image": "'{0}':%(owner)s".format(TENANT1),
  1589. "get_image": "",
  1590. "modify_image": "",
  1591. "upload_image": "",
  1592. "get_image_location": "",
  1593. "delete_image": "",
  1594. "restricted":
  1595. "not ('aki':%(container_format)s and role:_member_)",
  1596. "download_image": "role:admin or rule:restricted",
  1597. "add_member": "",
  1598. }
  1599. self.set_policy_rules(rules)
  1600. self.start_servers(**self.__dict__.copy())
  1601. path = self._url('/v2/images')
  1602. headers = self._headers({'content-type': 'application/json',
  1603. 'X-Roles': 'admin', 'X-Tenant-Id': TENANT1})
  1604. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  1605. 'container_format': 'aki'})
  1606. response = requests.post(path, headers=headers, data=data)
  1607. self.assertEqual(http.CREATED, response.status_code)
  1608. headers['X-Tenant-Id'] = TENANT2
  1609. response = requests.post(path, headers=headers, data=data)
  1610. self.assertEqual(http.FORBIDDEN, response.status_code)
  1611. self.stop_servers()
  1612. def test_owning_tenant_id_can_retrieve_image_information(self):
  1613. rules = {
  1614. "context_is_admin": "role:admin",
  1615. "default": "",
  1616. "add_image": "",
  1617. "get_image": "tenant:%(owner)s",
  1618. "modify_image": "",
  1619. "upload_image": "",
  1620. "get_image_location": "",
  1621. "delete_image": "",
  1622. "restricted":
  1623. "not ('aki':%(container_format)s and role:_member_)",
  1624. "download_image": "role:admin or rule:restricted",
  1625. "add_member": "",
  1626. }
  1627. self.set_policy_rules(rules)
  1628. self.start_servers(**self.__dict__.copy())
  1629. path = self._url('/v2/images')
  1630. headers = self._headers({'content-type': 'application/json',
  1631. 'X-Roles': 'admin', 'X-Tenant-Id': TENANT1})
  1632. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  1633. 'container_format': 'aki'})
  1634. response = requests.post(path, headers=headers, data=data)
  1635. self.assertEqual(http.CREATED, response.status_code)
  1636. # Remove the admin role
  1637. del headers['X-Roles']
  1638. # Get the image's ID
  1639. image = jsonutils.loads(response.text)
  1640. image_id = image['id']
  1641. # Can retrieve the image as TENANT1
  1642. path = self._url('/v2/images/%s' % image_id)
  1643. response = requests.get(path, headers=headers)
  1644. self.assertEqual(http.OK, response.status_code)
  1645. # Can retrieve the image's members as TENANT1
  1646. path = self._url('/v2/images/%s/members' % image_id)
  1647. response = requests.get(path, headers=headers)
  1648. self.assertEqual(http.OK, response.status_code)
  1649. headers['X-Tenant-Id'] = TENANT2
  1650. response = requests.get(path, headers=headers)
  1651. self.assertEqual(http.FORBIDDEN, response.status_code)
  1652. self.stop_servers()
  1653. def test_owning_tenant_can_publicize_image(self):
  1654. rules = {
  1655. "context_is_admin": "role:admin",
  1656. "default": "",
  1657. "add_image": "",
  1658. "publicize_image": "tenant:%(owner)s",
  1659. "get_image": "tenant:%(owner)s",
  1660. "modify_image": "",
  1661. "upload_image": "",
  1662. "get_image_location": "",
  1663. "delete_image": "",
  1664. "restricted":
  1665. "not ('aki':%(container_format)s and role:_member_)",
  1666. "download_image": "role:admin or rule:restricted",
  1667. "add_member": "",
  1668. }
  1669. self.set_policy_rules(rules)
  1670. self.start_servers(**self.__dict__.copy())
  1671. path = self._url('/v2/images')
  1672. headers = self._headers({'content-type': 'application/json',
  1673. 'X-Roles': 'admin', 'X-Tenant-Id': TENANT1})
  1674. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  1675. 'container_format': 'aki'})
  1676. response = requests.post(path, headers=headers, data=data)
  1677. self.assertEqual(http.CREATED, response.status_code)
  1678. # Get the image's ID
  1679. image = jsonutils.loads(response.text)
  1680. image_id = image['id']
  1681. path = self._url('/v2/images/%s' % image_id)
  1682. headers = self._headers({
  1683. 'Content-Type': 'application/openstack-images-v2.1-json-patch',
  1684. 'X-Tenant-Id': TENANT1,
  1685. })
  1686. doc = [{'op': 'replace', 'path': '/visibility', 'value': 'public'}]
  1687. data = jsonutils.dumps(doc)
  1688. response = requests.patch(path, headers=headers, data=data)
  1689. self.assertEqual(http.OK, response.status_code)
  1690. def test_owning_tenant_can_communitize_image(self):
  1691. rules = {
  1692. "context_is_admin": "role:admin",
  1693. "default": "",
  1694. "add_image": "",
  1695. "communitize_image": "tenant:%(owner)s",
  1696. "get_image": "tenant:%(owner)s",
  1697. "modify_image": "",
  1698. "upload_image": "",
  1699. "get_image_location": "",
  1700. "delete_image": "",
  1701. "restricted":
  1702. "not ('aki':%(container_format)s and role:_member_)",
  1703. "download_image": "role:admin or rule:restricted",
  1704. "add_member": "",
  1705. }
  1706. self.set_policy_rules(rules)
  1707. self.start_servers(**self.__dict__.copy())
  1708. path = self._url('/v2/images')
  1709. headers = self._headers({'content-type': 'application/json',
  1710. 'X-Roles': 'admin', 'X-Tenant-Id': TENANT1})
  1711. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  1712. 'container_format': 'aki'})
  1713. response = requests.post(path, headers=headers, data=data)
  1714. self.assertEqual(201, response.status_code)
  1715. # Get the image's ID
  1716. image = jsonutils.loads(response.text)
  1717. image_id = image['id']
  1718. path = self._url('/v2/images/%s' % image_id)
  1719. headers = self._headers({
  1720. 'Content-Type': 'application/openstack-images-v2.1-json-patch',
  1721. 'X-Tenant-Id': TENANT1,
  1722. })
  1723. doc = [{'op': 'replace', 'path': '/visibility', 'value': 'community'}]
  1724. data = jsonutils.dumps(doc)
  1725. response = requests.patch(path, headers=headers, data=data)
  1726. self.assertEqual(200, response.status_code)
  1727. def test_owning_tenant_can_delete_image(self):
  1728. rules = {
  1729. "context_is_admin": "role:admin",
  1730. "default": "",
  1731. "add_image": "",
  1732. "publicize_image": "tenant:%(owner)s",
  1733. "get_image": "tenant:%(owner)s",
  1734. "modify_image": "",
  1735. "upload_image": "",
  1736. "get_image_location": "",
  1737. "delete_image": "",
  1738. "restricted":
  1739. "not ('aki':%(container_format)s and role:_member_)",
  1740. "download_image": "role:admin or rule:restricted",
  1741. "add_member": "",
  1742. }
  1743. self.set_policy_rules(rules)
  1744. self.start_servers(**self.__dict__.copy())
  1745. path = self._url('/v2/images')
  1746. headers = self._headers({'content-type': 'application/json',
  1747. 'X-Roles': 'admin', 'X-Tenant-Id': TENANT1})
  1748. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  1749. 'container_format': 'aki'})
  1750. response = requests.post(path, headers=headers, data=data)
  1751. self.assertEqual(http.CREATED, response.status_code)
  1752. # Get the image's ID
  1753. image = jsonutils.loads(response.text)
  1754. image_id = image['id']
  1755. path = self._url('/v2/images/%s' % image_id)
  1756. response = requests.delete(path, headers=headers)
  1757. self.assertEqual(http.NO_CONTENT, response.status_code)
  1758. def test_list_show_ok_when_get_location_allowed_for_admins(self):
  1759. self.api_server.show_image_direct_url = True
  1760. self.api_server.show_multiple_locations = True
  1761. # setup context to allow a list locations by admin only
  1762. rules = {
  1763. "context_is_admin": "role:admin",
  1764. "default": "",
  1765. "add_image": "",
  1766. "get_image": "",
  1767. "modify_image": "",
  1768. "upload_image": "",
  1769. "get_image_location": "role:admin",
  1770. "delete_image": "",
  1771. "restricted": "",
  1772. "download_image": "",
  1773. "add_member": "",
  1774. }
  1775. self.set_policy_rules(rules)
  1776. self.start_servers(**self.__dict__.copy())
  1777. # Create an image
  1778. path = self._url('/v2/images')
  1779. headers = self._headers({'content-type': 'application/json',
  1780. 'X-Tenant-Id': TENANT1})
  1781. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  1782. 'container_format': 'aki'})
  1783. response = requests.post(path, headers=headers, data=data)
  1784. self.assertEqual(http.CREATED, response.status_code)
  1785. # Get the image's ID
  1786. image = jsonutils.loads(response.text)
  1787. image_id = image['id']
  1788. # Can retrieve the image as TENANT1
  1789. path = self._url('/v2/images/%s' % image_id)
  1790. response = requests.get(path, headers=headers)
  1791. self.assertEqual(http.OK, response.status_code)
  1792. # Can list images as TENANT1
  1793. path = self._url('/v2/images')
  1794. response = requests.get(path, headers=headers)
  1795. self.assertEqual(http.OK, response.status_code)
  1796. self.stop_servers()
  1797. def test_image_size_cap(self):
  1798. self.api_server.image_size_cap = 128
  1799. self.start_servers(**self.__dict__.copy())
  1800. # create an image
  1801. path = self._url('/v2/images')
  1802. headers = self._headers({'content-type': 'application/json'})
  1803. data = jsonutils.dumps({'name': 'image-size-cap-test-image',
  1804. 'type': 'kernel', 'disk_format': 'aki',
  1805. 'container_format': 'aki'})
  1806. response = requests.post(path, headers=headers, data=data)
  1807. self.assertEqual(http.CREATED, response.status_code)
  1808. image = jsonutils.loads(response.text)
  1809. image_id = image['id']
  1810. # try to populate it with oversized data
  1811. path = self._url('/v2/images/%s/file' % image_id)
  1812. headers = self._headers({'Content-Type': 'application/octet-stream'})
  1813. class StreamSim(object):
  1814. # Using a one-shot iterator to force chunked transfer in the PUT
  1815. # request
  1816. def __init__(self, size):
  1817. self.size = size
  1818. def __iter__(self):
  1819. yield b'Z' * self.size
  1820. response = requests.put(path, headers=headers, data=StreamSim(
  1821. self.api_server.image_size_cap + 1))
  1822. self.assertEqual(http.REQUEST_ENTITY_TOO_LARGE, response.status_code)
  1823. # hashlib.md5('Z'*129).hexdigest()
  1824. # == '76522d28cb4418f12704dfa7acd6e7ee'
  1825. # If the image has this checksum, it means that the whole stream was
  1826. # accepted and written to the store, which should not be the case.
  1827. path = self._url('/v2/images/{0}'.format(image_id))
  1828. headers = self._headers({'content-type': 'application/json'})
  1829. response = requests.get(path, headers=headers)
  1830. image_checksum = jsonutils.loads(response.text).get('checksum')
  1831. self.assertNotEqual(image_checksum, '76522d28cb4418f12704dfa7acd6e7ee')
  1832. def test_permissions(self):
  1833. self.start_servers(**self.__dict__.copy())
  1834. # Create an image that belongs to TENANT1
  1835. path = self._url('/v2/images')
  1836. headers = self._headers({'Content-Type': 'application/json'})
  1837. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'raw',
  1838. 'container_format': 'bare'})
  1839. response = requests.post(path, headers=headers, data=data)
  1840. self.assertEqual(http.CREATED, response.status_code)
  1841. image_id = jsonutils.loads(response.text)['id']
  1842. # Upload some image data
  1843. path = self._url('/v2/images/%s/file' % image_id)
  1844. headers = self._headers({'Content-Type': 'application/octet-stream'})
  1845. response = requests.put(path, headers=headers, data='ZZZZZ')
  1846. self.assertEqual(http.NO_CONTENT, response.status_code)
  1847. # TENANT1 should see the image in their list
  1848. path = self._url('/v2/images')
  1849. response = requests.get(path, headers=self._headers())
  1850. self.assertEqual(http.OK, response.status_code)
  1851. images = jsonutils.loads(response.text)['images']
  1852. self.assertEqual(image_id, images[0]['id'])
  1853. # TENANT1 should be able to access the image directly
  1854. path = self._url('/v2/images/%s' % image_id)
  1855. response = requests.get(path, headers=self._headers())
  1856. self.assertEqual(http.OK, response.status_code)
  1857. # TENANT2 should not see the image in their list
  1858. path = self._url('/v2/images')
  1859. headers = self._headers({'X-Tenant-Id': TENANT2})
  1860. response = requests.get(path, headers=headers)
  1861. self.assertEqual(http.OK, response.status_code)
  1862. images = jsonutils.loads(response.text)['images']
  1863. self.assertEqual(0, len(images))
  1864. # TENANT2 should not be able to access the image directly
  1865. path = self._url('/v2/images/%s' % image_id)
  1866. headers = self._headers({'X-Tenant-Id': TENANT2})
  1867. response = requests.get(path, headers=headers)
  1868. self.assertEqual(http.NOT_FOUND, response.status_code)
  1869. # TENANT2 should not be able to modify the image, either
  1870. path = self._url('/v2/images/%s' % image_id)
  1871. headers = self._headers({
  1872. 'Content-Type': 'application/openstack-images-v2.1-json-patch',
  1873. 'X-Tenant-Id': TENANT2,
  1874. })
  1875. doc = [{'op': 'replace', 'path': '/name', 'value': 'image-2'}]
  1876. data = jsonutils.dumps(doc)
  1877. response = requests.patch(path, headers=headers, data=data)
  1878. self.assertEqual(http.NOT_FOUND, response.status_code)
  1879. # TENANT2 should not be able to delete the image, either
  1880. path = self._url('/v2/images/%s' % image_id)
  1881. headers = self._headers({'X-Tenant-Id': TENANT2})
  1882. response = requests.delete(path, headers=headers)
  1883. self.assertEqual(http.NOT_FOUND, response.status_code)
  1884. # Publicize the image as an admin of TENANT1
  1885. path = self._url('/v2/images/%s' % image_id)
  1886. headers = self._headers({
  1887. 'Content-Type': 'application/openstack-images-v2.1-json-patch',
  1888. 'X-Roles': 'admin',
  1889. })
  1890. doc = [{'op': 'replace', 'path': '/visibility', 'value': 'public'}]
  1891. data = jsonutils.dumps(doc)
  1892. response = requests.patch(path, headers=headers, data=data)
  1893. self.assertEqual(http.OK, response.status_code)
  1894. # TENANT3 should now see the image in their list
  1895. path = self._url('/v2/images')
  1896. headers = self._headers({'X-Tenant-Id': TENANT3})
  1897. response = requests.get(path, headers=headers)
  1898. self.assertEqual(http.OK, response.status_code)
  1899. images = jsonutils.loads(response.text)['images']
  1900. self.assertEqual(image_id, images[0]['id'])
  1901. # TENANT3 should also be able to access the image directly
  1902. path = self._url('/v2/images/%s' % image_id)
  1903. headers = self._headers({'X-Tenant-Id': TENANT3})
  1904. response = requests.get(path, headers=headers)
  1905. self.assertEqual(http.OK, response.status_code)
  1906. # TENANT3 still should not be able to modify the image
  1907. path = self._url('/v2/images/%s' % image_id)
  1908. headers = self._headers({
  1909. 'Content-Type': 'application/openstack-images-v2.1-json-patch',
  1910. 'X-Tenant-Id': TENANT3,
  1911. })
  1912. doc = [{'op': 'replace', 'path': '/name', 'value': 'image-2'}]
  1913. data = jsonutils.dumps(doc)
  1914. response = requests.patch(path, headers=headers, data=data)
  1915. self.assertEqual(http.FORBIDDEN, response.status_code)
  1916. # TENANT3 should not be able to delete the image, either
  1917. path = self._url('/v2/images/%s' % image_id)
  1918. headers = self._headers({'X-Tenant-Id': TENANT3})
  1919. response = requests.delete(path, headers=headers)
  1920. self.assertEqual(http.FORBIDDEN, response.status_code)
  1921. # Image data should still be present after the failed delete
  1922. path = self._url('/v2/images/%s/file' % image_id)
  1923. response = requests.get(path, headers=self._headers())
  1924. self.assertEqual(http.OK, response.status_code)
  1925. self.assertEqual(response.text, 'ZZZZZ')
  1926. self.stop_servers()
  1927. def test_property_protections_with_roles(self):
  1928. # Enable property protection
  1929. self.api_server.property_protection_file = self.property_file_roles
  1930. self.start_servers(**self.__dict__.copy())
  1931. # Image list should be empty
  1932. path = self._url('/v2/images')
  1933. response = requests.get(path, headers=self._headers())
  1934. self.assertEqual(http.OK, response.status_code)
  1935. images = jsonutils.loads(response.text)['images']
  1936. self.assertEqual(0, len(images))
  1937. # Create an image for role member with extra props
  1938. # Raises 403 since user is not allowed to set 'foo'
  1939. path = self._url('/v2/images')
  1940. headers = self._headers({'content-type': 'application/json',
  1941. 'X-Roles': 'member'})
  1942. data = jsonutils.dumps({'name': 'image-1', 'foo': 'bar',
  1943. 'disk_format': 'aki',
  1944. 'container_format': 'aki',
  1945. 'x_owner_foo': 'o_s_bar'})
  1946. response = requests.post(path, headers=headers, data=data)
  1947. self.assertEqual(http.FORBIDDEN, response.status_code)
  1948. # Create an image for role member without 'foo'
  1949. path = self._url('/v2/images')
  1950. headers = self._headers({'content-type': 'application/json',
  1951. 'X-Roles': 'member'})
  1952. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  1953. 'container_format': 'aki',
  1954. 'x_owner_foo': 'o_s_bar'})
  1955. response = requests.post(path, headers=headers, data=data)
  1956. self.assertEqual(http.CREATED, response.status_code)
  1957. # Returned image entity should have 'x_owner_foo'
  1958. image = jsonutils.loads(response.text)
  1959. image_id = image['id']
  1960. expected_image = {
  1961. 'status': 'queued',
  1962. 'name': 'image-1',
  1963. 'tags': [],
  1964. 'visibility': 'shared',
  1965. 'self': '/v2/images/%s' % image_id,
  1966. 'protected': False,
  1967. 'file': '/v2/images/%s/file' % image_id,
  1968. 'min_disk': 0,
  1969. 'x_owner_foo': 'o_s_bar',
  1970. 'min_ram': 0,
  1971. 'schema': '/v2/schemas/image',
  1972. }
  1973. for key, value in expected_image.items():
  1974. self.assertEqual(value, image[key], key)
  1975. # Create an image for role spl_role with extra props
  1976. path = self._url('/v2/images')
  1977. headers = self._headers({'content-type': 'application/json',
  1978. 'X-Roles': 'spl_role'})
  1979. data = jsonutils.dumps({'name': 'image-1',
  1980. 'disk_format': 'aki',
  1981. 'container_format': 'aki',
  1982. 'spl_create_prop': 'create_bar',
  1983. 'spl_create_prop_policy': 'create_policy_bar',
  1984. 'spl_read_prop': 'read_bar',
  1985. 'spl_update_prop': 'update_bar',
  1986. 'spl_delete_prop': 'delete_bar',
  1987. 'spl_delete_empty_prop': ''})
  1988. response = requests.post(path, headers=headers, data=data)
  1989. self.assertEqual(http.CREATED, response.status_code)
  1990. image = jsonutils.loads(response.text)
  1991. image_id = image['id']
  1992. # Attempt to replace, add and remove properties which are forbidden
  1993. path = self._url('/v2/images/%s' % image_id)
  1994. media_type = 'application/openstack-images-v2.1-json-patch'
  1995. headers = self._headers({'content-type': media_type,
  1996. 'X-Roles': 'spl_role'})
  1997. data = jsonutils.dumps([
  1998. {'op': 'replace', 'path': '/spl_read_prop', 'value': 'r'},
  1999. {'op': 'replace', 'path': '/spl_update_prop', 'value': 'u'},
  2000. ])
  2001. response = requests.patch(path, headers=headers, data=data)
  2002. self.assertEqual(http.FORBIDDEN, response.status_code, response.text)
  2003. # Attempt to replace, add and remove properties which are forbidden
  2004. path = self._url('/v2/images/%s' % image_id)
  2005. media_type = 'application/openstack-images-v2.1-json-patch'
  2006. headers = self._headers({'content-type': media_type,
  2007. 'X-Roles': 'spl_role'})
  2008. data = jsonutils.dumps([
  2009. {'op': 'add', 'path': '/spl_new_prop', 'value': 'new'},
  2010. {'op': 'remove', 'path': '/spl_create_prop'},
  2011. {'op': 'remove', 'path': '/spl_delete_prop'},
  2012. ])
  2013. response = requests.patch(path, headers=headers, data=data)
  2014. self.assertEqual(http.FORBIDDEN, response.status_code, response.text)
  2015. # Attempt to replace properties
  2016. path = self._url('/v2/images/%s' % image_id)
  2017. media_type = 'application/openstack-images-v2.1-json-patch'
  2018. headers = self._headers({'content-type': media_type,
  2019. 'X-Roles': 'spl_role'})
  2020. data = jsonutils.dumps([
  2021. # Updating an empty property to verify bug #1332103.
  2022. {'op': 'replace', 'path': '/spl_update_prop', 'value': ''},
  2023. {'op': 'replace', 'path': '/spl_update_prop', 'value': 'u'},
  2024. ])
  2025. response = requests.patch(path, headers=headers, data=data)
  2026. self.assertEqual(http.OK, response.status_code, response.text)
  2027. # Returned image entity should reflect the changes
  2028. image = jsonutils.loads(response.text)
  2029. # 'spl_update_prop' has update permission for spl_role
  2030. # hence the value has changed
  2031. self.assertEqual('u', image['spl_update_prop'])
  2032. # Attempt to remove properties
  2033. path = self._url('/v2/images/%s' % image_id)
  2034. media_type = 'application/openstack-images-v2.1-json-patch'
  2035. headers = self._headers({'content-type': media_type,
  2036. 'X-Roles': 'spl_role'})
  2037. data = jsonutils.dumps([
  2038. {'op': 'remove', 'path': '/spl_delete_prop'},
  2039. # Deleting an empty property to verify bug #1332103.
  2040. {'op': 'remove', 'path': '/spl_delete_empty_prop'},
  2041. ])
  2042. response = requests.patch(path, headers=headers, data=data)
  2043. self.assertEqual(http.OK, response.status_code, response.text)
  2044. # Returned image entity should reflect the changes
  2045. image = jsonutils.loads(response.text)
  2046. # 'spl_delete_prop' and 'spl_delete_empty_prop' have delete
  2047. # permission for spl_role hence the property has been deleted
  2048. self.assertNotIn('spl_delete_prop', image.keys())
  2049. self.assertNotIn('spl_delete_empty_prop', image.keys())
  2050. # Image Deletion should work
  2051. path = self._url('/v2/images/%s' % image_id)
  2052. response = requests.delete(path, headers=self._headers())
  2053. self.assertEqual(http.NO_CONTENT, response.status_code)
  2054. # This image should be no longer be directly accessible
  2055. path = self._url('/v2/images/%s' % image_id)
  2056. response = requests.get(path, headers=self._headers())
  2057. self.assertEqual(http.NOT_FOUND, response.status_code)
  2058. self.stop_servers()
  2059. def test_property_protections_with_policies(self):
  2060. # Enable property protection
  2061. self.api_server.property_protection_file = self.property_file_policies
  2062. self.api_server.property_protection_rule_format = 'policies'
  2063. self.start_servers(**self.__dict__.copy())
  2064. # Image list should be empty
  2065. path = self._url('/v2/images')
  2066. response = requests.get(path, headers=self._headers())
  2067. self.assertEqual(http.OK, response.status_code)
  2068. images = jsonutils.loads(response.text)['images']
  2069. self.assertEqual(0, len(images))
  2070. # Create an image for role member with extra props
  2071. # Raises 403 since user is not allowed to set 'foo'
  2072. path = self._url('/v2/images')
  2073. headers = self._headers({'content-type': 'application/json',
  2074. 'X-Roles': 'member'})
  2075. data = jsonutils.dumps({'name': 'image-1', 'foo': 'bar',
  2076. 'disk_format': 'aki',
  2077. 'container_format': 'aki',
  2078. 'x_owner_foo': 'o_s_bar'})
  2079. response = requests.post(path, headers=headers, data=data)
  2080. self.assertEqual(http.FORBIDDEN, response.status_code)
  2081. # Create an image for role member without 'foo'
  2082. path = self._url('/v2/images')
  2083. headers = self._headers({'content-type': 'application/json',
  2084. 'X-Roles': 'member'})
  2085. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  2086. 'container_format': 'aki'})
  2087. response = requests.post(path, headers=headers, data=data)
  2088. self.assertEqual(http.CREATED, response.status_code)
  2089. # Returned image entity
  2090. image = jsonutils.loads(response.text)
  2091. image_id = image['id']
  2092. expected_image = {
  2093. 'status': 'queued',
  2094. 'name': 'image-1',
  2095. 'tags': [],
  2096. 'visibility': 'shared',
  2097. 'self': '/v2/images/%s' % image_id,
  2098. 'protected': False,
  2099. 'file': '/v2/images/%s/file' % image_id,
  2100. 'min_disk': 0,
  2101. 'min_ram': 0,
  2102. 'schema': '/v2/schemas/image',
  2103. }
  2104. for key, value in expected_image.items():
  2105. self.assertEqual(value, image[key], key)
  2106. # Create an image for role spl_role with extra props
  2107. path = self._url('/v2/images')
  2108. headers = self._headers({'content-type': 'application/json',
  2109. 'X-Roles': 'spl_role, admin'})
  2110. data = jsonutils.dumps({'name': 'image-1',
  2111. 'disk_format': 'aki',
  2112. 'container_format': 'aki',
  2113. 'spl_creator_policy': 'creator_bar',
  2114. 'spl_default_policy': 'default_bar'})
  2115. response = requests.post(path, headers=headers, data=data)
  2116. self.assertEqual(http.CREATED, response.status_code)
  2117. image = jsonutils.loads(response.text)
  2118. image_id = image['id']
  2119. self.assertEqual('creator_bar', image['spl_creator_policy'])
  2120. self.assertEqual('default_bar', image['spl_default_policy'])
  2121. # Attempt to replace a property which is permitted
  2122. path = self._url('/v2/images/%s' % image_id)
  2123. media_type = 'application/openstack-images-v2.1-json-patch'
  2124. headers = self._headers({'content-type': media_type,
  2125. 'X-Roles': 'admin'})
  2126. data = jsonutils.dumps([
  2127. # Updating an empty property to verify bug #1332103.
  2128. {'op': 'replace', 'path': '/spl_creator_policy', 'value': ''},
  2129. {'op': 'replace', 'path': '/spl_creator_policy', 'value': 'r'},
  2130. ])
  2131. response = requests.patch(path, headers=headers, data=data)
  2132. self.assertEqual(http.OK, response.status_code, response.text)
  2133. # Returned image entity should reflect the changes
  2134. image = jsonutils.loads(response.text)
  2135. # 'spl_creator_policy' has update permission for admin
  2136. # hence the value has changed
  2137. self.assertEqual('r', image['spl_creator_policy'])
  2138. # Attempt to replace a property which is forbidden
  2139. path = self._url('/v2/images/%s' % image_id)
  2140. media_type = 'application/openstack-images-v2.1-json-patch'
  2141. headers = self._headers({'content-type': media_type,
  2142. 'X-Roles': 'spl_role'})
  2143. data = jsonutils.dumps([
  2144. {'op': 'replace', 'path': '/spl_creator_policy', 'value': 'z'},
  2145. ])
  2146. response = requests.patch(path, headers=headers, data=data)
  2147. self.assertEqual(http.FORBIDDEN, response.status_code, response.text)
  2148. # Attempt to read properties
  2149. path = self._url('/v2/images/%s' % image_id)
  2150. headers = self._headers({'content-type': media_type,
  2151. 'X-Roles': 'random_role'})
  2152. response = requests.get(path, headers=headers)
  2153. self.assertEqual(http.OK, response.status_code)
  2154. image = jsonutils.loads(response.text)
  2155. # 'random_role' is allowed read 'spl_default_policy'.
  2156. self.assertEqual(image['spl_default_policy'], 'default_bar')
  2157. # 'random_role' is forbidden to read 'spl_creator_policy'.
  2158. self.assertNotIn('spl_creator_policy', image)
  2159. # Attempt to replace and remove properties which are permitted
  2160. path = self._url('/v2/images/%s' % image_id)
  2161. media_type = 'application/openstack-images-v2.1-json-patch'
  2162. headers = self._headers({'content-type': media_type,
  2163. 'X-Roles': 'admin'})
  2164. data = jsonutils.dumps([
  2165. # Deleting an empty property to verify bug #1332103.
  2166. {'op': 'replace', 'path': '/spl_creator_policy', 'value': ''},
  2167. {'op': 'remove', 'path': '/spl_creator_policy'},
  2168. ])
  2169. response = requests.patch(path, headers=headers, data=data)
  2170. self.assertEqual(http.OK, response.status_code, response.text)
  2171. # Returned image entity should reflect the changes
  2172. image = jsonutils.loads(response.text)
  2173. # 'spl_creator_policy' has delete permission for admin
  2174. # hence the value has been deleted
  2175. self.assertNotIn('spl_creator_policy', image)
  2176. # Attempt to read a property that is permitted
  2177. path = self._url('/v2/images/%s' % image_id)
  2178. headers = self._headers({'content-type': media_type,
  2179. 'X-Roles': 'random_role'})
  2180. response = requests.get(path, headers=headers)
  2181. self.assertEqual(http.OK, response.status_code)
  2182. # Returned image entity should reflect the changes
  2183. image = jsonutils.loads(response.text)
  2184. self.assertEqual(image['spl_default_policy'], 'default_bar')
  2185. # Image Deletion should work
  2186. path = self._url('/v2/images/%s' % image_id)
  2187. response = requests.delete(path, headers=self._headers())
  2188. self.assertEqual(http.NO_CONTENT, response.status_code)
  2189. # This image should be no longer be directly accessible
  2190. path = self._url('/v2/images/%s' % image_id)
  2191. response = requests.get(path, headers=self._headers())
  2192. self.assertEqual(http.NOT_FOUND, response.status_code)
  2193. self.stop_servers()
  2194. def test_property_protections_special_chars_roles(self):
  2195. # Enable property protection
  2196. self.api_server.property_protection_file = self.property_file_roles
  2197. self.start_servers(**self.__dict__.copy())
  2198. # Verify both admin and unknown role can create properties marked with
  2199. # '@'
  2200. path = self._url('/v2/images')
  2201. headers = self._headers({'content-type': 'application/json',
  2202. 'X-Roles': 'admin'})
  2203. data = jsonutils.dumps({
  2204. 'name': 'image-1',
  2205. 'disk_format': 'aki',
  2206. 'container_format': 'aki',
  2207. 'x_all_permitted_admin': '1'
  2208. })
  2209. response = requests.post(path, headers=headers, data=data)
  2210. self.assertEqual(http.CREATED, response.status_code)
  2211. image = jsonutils.loads(response.text)
  2212. image_id = image['id']
  2213. expected_image = {
  2214. 'status': 'queued',
  2215. 'name': 'image-1',
  2216. 'tags': [],
  2217. 'visibility': 'shared',
  2218. 'self': '/v2/images/%s' % image_id,
  2219. 'protected': False,
  2220. 'file': '/v2/images/%s/file' % image_id,
  2221. 'min_disk': 0,
  2222. 'x_all_permitted_admin': '1',
  2223. 'min_ram': 0,
  2224. 'schema': '/v2/schemas/image',
  2225. }
  2226. for key, value in expected_image.items():
  2227. self.assertEqual(value, image[key], key)
  2228. path = self._url('/v2/images')
  2229. headers = self._headers({'content-type': 'application/json',
  2230. 'X-Roles': 'joe_soap'})
  2231. data = jsonutils.dumps({
  2232. 'name': 'image-1',
  2233. 'disk_format': 'aki',
  2234. 'container_format': 'aki',
  2235. 'x_all_permitted_joe_soap': '1'
  2236. })
  2237. response = requests.post(path, headers=headers, data=data)
  2238. self.assertEqual(http.CREATED, response.status_code)
  2239. image = jsonutils.loads(response.text)
  2240. image_id = image['id']
  2241. expected_image = {
  2242. 'status': 'queued',
  2243. 'name': 'image-1',
  2244. 'tags': [],
  2245. 'visibility': 'shared',
  2246. 'self': '/v2/images/%s' % image_id,
  2247. 'protected': False,
  2248. 'file': '/v2/images/%s/file' % image_id,
  2249. 'min_disk': 0,
  2250. 'x_all_permitted_joe_soap': '1',
  2251. 'min_ram': 0,
  2252. 'schema': '/v2/schemas/image',
  2253. }
  2254. for key, value in expected_image.items():
  2255. self.assertEqual(value, image[key], key)
  2256. # Verify both admin and unknown role can read properties marked with
  2257. # '@'
  2258. headers = self._headers({'content-type': 'application/json',
  2259. 'X-Roles': 'admin'})
  2260. path = self._url('/v2/images/%s' % image_id)
  2261. response = requests.get(path, headers=self._headers())
  2262. self.assertEqual(http.OK, response.status_code)
  2263. image = jsonutils.loads(response.text)
  2264. self.assertEqual('1', image['x_all_permitted_joe_soap'])
  2265. headers = self._headers({'content-type': 'application/json',
  2266. 'X-Roles': 'joe_soap'})
  2267. path = self._url('/v2/images/%s' % image_id)
  2268. response = requests.get(path, headers=self._headers())
  2269. self.assertEqual(http.OK, response.status_code)
  2270. image = jsonutils.loads(response.text)
  2271. self.assertEqual('1', image['x_all_permitted_joe_soap'])
  2272. # Verify both admin and unknown role can update properties marked with
  2273. # '@'
  2274. path = self._url('/v2/images/%s' % image_id)
  2275. media_type = 'application/openstack-images-v2.1-json-patch'
  2276. headers = self._headers({'content-type': media_type,
  2277. 'X-Roles': 'admin'})
  2278. data = jsonutils.dumps([
  2279. {'op': 'replace',
  2280. 'path': '/x_all_permitted_joe_soap', 'value': '2'}
  2281. ])
  2282. response = requests.patch(path, headers=headers, data=data)
  2283. self.assertEqual(http.OK, response.status_code, response.text)
  2284. image = jsonutils.loads(response.text)
  2285. self.assertEqual('2', image['x_all_permitted_joe_soap'])
  2286. path = self._url('/v2/images/%s' % image_id)
  2287. media_type = 'application/openstack-images-v2.1-json-patch'
  2288. headers = self._headers({'content-type': media_type,
  2289. 'X-Roles': 'joe_soap'})
  2290. data = jsonutils.dumps([
  2291. {'op': 'replace',
  2292. 'path': '/x_all_permitted_joe_soap', 'value': '3'}
  2293. ])
  2294. response = requests.patch(path, headers=headers, data=data)
  2295. self.assertEqual(http.OK, response.status_code, response.text)
  2296. image = jsonutils.loads(response.text)
  2297. self.assertEqual('3', image['x_all_permitted_joe_soap'])
  2298. # Verify both admin and unknown role can delete properties marked with
  2299. # '@'
  2300. path = self._url('/v2/images')
  2301. headers = self._headers({'content-type': 'application/json',
  2302. 'X-Roles': 'admin'})
  2303. data = jsonutils.dumps({
  2304. 'name': 'image-1',
  2305. 'disk_format': 'aki',
  2306. 'container_format': 'aki',
  2307. 'x_all_permitted_a': '1',
  2308. 'x_all_permitted_b': '2'
  2309. })
  2310. response = requests.post(path, headers=headers, data=data)
  2311. self.assertEqual(http.CREATED, response.status_code)
  2312. image = jsonutils.loads(response.text)
  2313. image_id = image['id']
  2314. path = self._url('/v2/images/%s' % image_id)
  2315. media_type = 'application/openstack-images-v2.1-json-patch'
  2316. headers = self._headers({'content-type': media_type,
  2317. 'X-Roles': 'admin'})
  2318. data = jsonutils.dumps([
  2319. {'op': 'remove', 'path': '/x_all_permitted_a'}
  2320. ])
  2321. response = requests.patch(path, headers=headers, data=data)
  2322. self.assertEqual(http.OK, response.status_code, response.text)
  2323. image = jsonutils.loads(response.text)
  2324. self.assertNotIn('x_all_permitted_a', image.keys())
  2325. path = self._url('/v2/images/%s' % image_id)
  2326. media_type = 'application/openstack-images-v2.1-json-patch'
  2327. headers = self._headers({'content-type': media_type,
  2328. 'X-Roles': 'joe_soap'})
  2329. data = jsonutils.dumps([
  2330. {'op': 'remove', 'path': '/x_all_permitted_b'}
  2331. ])
  2332. response = requests.patch(path, headers=headers, data=data)
  2333. self.assertEqual(http.OK, response.status_code, response.text)
  2334. image = jsonutils.loads(response.text)
  2335. self.assertNotIn('x_all_permitted_b', image.keys())
  2336. # Verify neither admin nor unknown role can create a property protected
  2337. # with '!'
  2338. path = self._url('/v2/images')
  2339. headers = self._headers({'content-type': 'application/json',
  2340. 'X-Roles': 'admin'})
  2341. data = jsonutils.dumps({
  2342. 'name': 'image-1',
  2343. 'disk_format': 'aki',
  2344. 'container_format': 'aki',
  2345. 'x_none_permitted_admin': '1'
  2346. })
  2347. response = requests.post(path, headers=headers, data=data)
  2348. self.assertEqual(http.FORBIDDEN, response.status_code)
  2349. path = self._url('/v2/images')
  2350. headers = self._headers({'content-type': 'application/json',
  2351. 'X-Roles': 'joe_soap'})
  2352. data = jsonutils.dumps({
  2353. 'name': 'image-1',
  2354. 'disk_format': 'aki',
  2355. 'container_format': 'aki',
  2356. 'x_none_permitted_joe_soap': '1'
  2357. })
  2358. response = requests.post(path, headers=headers, data=data)
  2359. self.assertEqual(http.FORBIDDEN, response.status_code)
  2360. # Verify neither admin nor unknown role can read properties marked with
  2361. # '!'
  2362. path = self._url('/v2/images')
  2363. headers = self._headers({'content-type': 'application/json',
  2364. 'X-Roles': 'admin'})
  2365. data = jsonutils.dumps({
  2366. 'name': 'image-1',
  2367. 'disk_format': 'aki',
  2368. 'container_format': 'aki',
  2369. 'x_none_read': '1'
  2370. })
  2371. response = requests.post(path, headers=headers, data=data)
  2372. self.assertEqual(http.CREATED, response.status_code)
  2373. image = jsonutils.loads(response.text)
  2374. image_id = image['id']
  2375. self.assertNotIn('x_none_read', image.keys())
  2376. headers = self._headers({'content-type': 'application/json',
  2377. 'X-Roles': 'admin'})
  2378. path = self._url('/v2/images/%s' % image_id)
  2379. response = requests.get(path, headers=self._headers())
  2380. self.assertEqual(http.OK, response.status_code)
  2381. image = jsonutils.loads(response.text)
  2382. self.assertNotIn('x_none_read', image.keys())
  2383. headers = self._headers({'content-type': 'application/json',
  2384. 'X-Roles': 'joe_soap'})
  2385. path = self._url('/v2/images/%s' % image_id)
  2386. response = requests.get(path, headers=self._headers())
  2387. self.assertEqual(http.OK, response.status_code)
  2388. image = jsonutils.loads(response.text)
  2389. self.assertNotIn('x_none_read', image.keys())
  2390. # Verify neither admin nor unknown role can update properties marked
  2391. # with '!'
  2392. path = self._url('/v2/images')
  2393. headers = self._headers({'content-type': 'application/json',
  2394. 'X-Roles': 'admin'})
  2395. data = jsonutils.dumps({
  2396. 'name': 'image-1',
  2397. 'disk_format': 'aki',
  2398. 'container_format': 'aki',
  2399. 'x_none_update': '1'
  2400. })
  2401. response = requests.post(path, headers=headers, data=data)
  2402. self.assertEqual(http.CREATED, response.status_code)
  2403. image = jsonutils.loads(response.text)
  2404. image_id = image['id']
  2405. self.assertEqual('1', image['x_none_update'])
  2406. path = self._url('/v2/images/%s' % image_id)
  2407. media_type = 'application/openstack-images-v2.1-json-patch'
  2408. headers = self._headers({'content-type': media_type,
  2409. 'X-Roles': 'admin'})
  2410. data = jsonutils.dumps([
  2411. {'op': 'replace',
  2412. 'path': '/x_none_update', 'value': '2'}
  2413. ])
  2414. response = requests.patch(path, headers=headers, data=data)
  2415. self.assertEqual(http.FORBIDDEN, response.status_code, response.text)
  2416. path = self._url('/v2/images/%s' % image_id)
  2417. media_type = 'application/openstack-images-v2.1-json-patch'
  2418. headers = self._headers({'content-type': media_type,
  2419. 'X-Roles': 'joe_soap'})
  2420. data = jsonutils.dumps([
  2421. {'op': 'replace',
  2422. 'path': '/x_none_update', 'value': '3'}
  2423. ])
  2424. response = requests.patch(path, headers=headers, data=data)
  2425. self.assertEqual(http.CONFLICT, response.status_code, response.text)
  2426. # Verify neither admin nor unknown role can delete properties marked
  2427. # with '!'
  2428. path = self._url('/v2/images')
  2429. headers = self._headers({'content-type': 'application/json',
  2430. 'X-Roles': 'admin'})
  2431. data = jsonutils.dumps({
  2432. 'name': 'image-1',
  2433. 'disk_format': 'aki',
  2434. 'container_format': 'aki',
  2435. 'x_none_delete': '1',
  2436. })
  2437. response = requests.post(path, headers=headers, data=data)
  2438. self.assertEqual(http.CREATED, response.status_code)
  2439. image = jsonutils.loads(response.text)
  2440. image_id = image['id']
  2441. path = self._url('/v2/images/%s' % image_id)
  2442. media_type = 'application/openstack-images-v2.1-json-patch'
  2443. headers = self._headers({'content-type': media_type,
  2444. 'X-Roles': 'admin'})
  2445. data = jsonutils.dumps([
  2446. {'op': 'remove', 'path': '/x_none_delete'}
  2447. ])
  2448. response = requests.patch(path, headers=headers, data=data)
  2449. self.assertEqual(http.FORBIDDEN, response.status_code, response.text)
  2450. path = self._url('/v2/images/%s' % image_id)
  2451. media_type = 'application/openstack-images-v2.1-json-patch'
  2452. headers = self._headers({'content-type': media_type,
  2453. 'X-Roles': 'joe_soap'})
  2454. data = jsonutils.dumps([
  2455. {'op': 'remove', 'path': '/x_none_delete'}
  2456. ])
  2457. response = requests.patch(path, headers=headers, data=data)
  2458. self.assertEqual(http.CONFLICT, response.status_code, response.text)
  2459. self.stop_servers()
  2460. def test_property_protections_special_chars_policies(self):
  2461. # Enable property protection
  2462. self.api_server.property_protection_file = self.property_file_policies
  2463. self.api_server.property_protection_rule_format = 'policies'
  2464. self.start_servers(**self.__dict__.copy())
  2465. # Verify both admin and unknown role can create properties marked with
  2466. # '@'
  2467. path = self._url('/v2/images')
  2468. headers = self._headers({'content-type': 'application/json',
  2469. 'X-Roles': 'admin'})
  2470. data = jsonutils.dumps({
  2471. 'name': 'image-1',
  2472. 'disk_format': 'aki',
  2473. 'container_format': 'aki',
  2474. 'x_all_permitted_admin': '1'
  2475. })
  2476. response = requests.post(path, headers=headers, data=data)
  2477. self.assertEqual(http.CREATED, response.status_code)
  2478. image = jsonutils.loads(response.text)
  2479. image_id = image['id']
  2480. expected_image = {
  2481. 'status': 'queued',
  2482. 'name': 'image-1',
  2483. 'tags': [],
  2484. 'visibility': 'shared',
  2485. 'self': '/v2/images/%s' % image_id,
  2486. 'protected': False,
  2487. 'file': '/v2/images/%s/file' % image_id,
  2488. 'min_disk': 0,
  2489. 'x_all_permitted_admin': '1',
  2490. 'min_ram': 0,
  2491. 'schema': '/v2/schemas/image',
  2492. }
  2493. for key, value in expected_image.items():
  2494. self.assertEqual(value, image[key], key)
  2495. path = self._url('/v2/images')
  2496. headers = self._headers({'content-type': 'application/json',
  2497. 'X-Roles': 'joe_soap'})
  2498. data = jsonutils.dumps({
  2499. 'name': 'image-1',
  2500. 'disk_format': 'aki',
  2501. 'container_format': 'aki',
  2502. 'x_all_permitted_joe_soap': '1'
  2503. })
  2504. response = requests.post(path, headers=headers, data=data)
  2505. self.assertEqual(http.CREATED, response.status_code)
  2506. image = jsonutils.loads(response.text)
  2507. image_id = image['id']
  2508. expected_image = {
  2509. 'status': 'queued',
  2510. 'name': 'image-1',
  2511. 'tags': [],
  2512. 'visibility': 'shared',
  2513. 'self': '/v2/images/%s' % image_id,
  2514. 'protected': False,
  2515. 'file': '/v2/images/%s/file' % image_id,
  2516. 'min_disk': 0,
  2517. 'x_all_permitted_joe_soap': '1',
  2518. 'min_ram': 0,
  2519. 'schema': '/v2/schemas/image',
  2520. }
  2521. for key, value in expected_image.items():
  2522. self.assertEqual(value, image[key], key)
  2523. # Verify both admin and unknown role can read properties marked with
  2524. # '@'
  2525. headers = self._headers({'content-type': 'application/json',
  2526. 'X-Roles': 'admin'})
  2527. path = self._url('/v2/images/%s' % image_id)
  2528. response = requests.get(path, headers=self._headers())
  2529. self.assertEqual(http.OK, response.status_code)
  2530. image = jsonutils.loads(response.text)
  2531. self.assertEqual('1', image['x_all_permitted_joe_soap'])
  2532. headers = self._headers({'content-type': 'application/json',
  2533. 'X-Roles': 'joe_soap'})
  2534. path = self._url('/v2/images/%s' % image_id)
  2535. response = requests.get(path, headers=self._headers())
  2536. self.assertEqual(http.OK, response.status_code)
  2537. image = jsonutils.loads(response.text)
  2538. self.assertEqual('1', image['x_all_permitted_joe_soap'])
  2539. # Verify both admin and unknown role can update properties marked with
  2540. # '@'
  2541. path = self._url('/v2/images/%s' % image_id)
  2542. media_type = 'application/openstack-images-v2.1-json-patch'
  2543. headers = self._headers({'content-type': media_type,
  2544. 'X-Roles': 'admin'})
  2545. data = jsonutils.dumps([
  2546. {'op': 'replace',
  2547. 'path': '/x_all_permitted_joe_soap', 'value': '2'}
  2548. ])
  2549. response = requests.patch(path, headers=headers, data=data)
  2550. self.assertEqual(http.OK, response.status_code, response.text)
  2551. image = jsonutils.loads(response.text)
  2552. self.assertEqual('2', image['x_all_permitted_joe_soap'])
  2553. path = self._url('/v2/images/%s' % image_id)
  2554. media_type = 'application/openstack-images-v2.1-json-patch'
  2555. headers = self._headers({'content-type': media_type,
  2556. 'X-Roles': 'joe_soap'})
  2557. data = jsonutils.dumps([
  2558. {'op': 'replace',
  2559. 'path': '/x_all_permitted_joe_soap', 'value': '3'}
  2560. ])
  2561. response = requests.patch(path, headers=headers, data=data)
  2562. self.assertEqual(http.OK, response.status_code, response.text)
  2563. image = jsonutils.loads(response.text)
  2564. self.assertEqual('3', image['x_all_permitted_joe_soap'])
  2565. # Verify both admin and unknown role can delete properties marked with
  2566. # '@'
  2567. path = self._url('/v2/images')
  2568. headers = self._headers({'content-type': 'application/json',
  2569. 'X-Roles': 'admin'})
  2570. data = jsonutils.dumps({
  2571. 'name': 'image-1',
  2572. 'disk_format': 'aki',
  2573. 'container_format': 'aki',
  2574. 'x_all_permitted_a': '1',
  2575. 'x_all_permitted_b': '2'
  2576. })
  2577. response = requests.post(path, headers=headers, data=data)
  2578. self.assertEqual(http.CREATED, response.status_code)
  2579. image = jsonutils.loads(response.text)
  2580. image_id = image['id']
  2581. path = self._url('/v2/images/%s' % image_id)
  2582. media_type = 'application/openstack-images-v2.1-json-patch'
  2583. headers = self._headers({'content-type': media_type,
  2584. 'X-Roles': 'admin'})
  2585. data = jsonutils.dumps([
  2586. {'op': 'remove', 'path': '/x_all_permitted_a'}
  2587. ])
  2588. response = requests.patch(path, headers=headers, data=data)
  2589. self.assertEqual(http.OK, response.status_code, response.text)
  2590. image = jsonutils.loads(response.text)
  2591. self.assertNotIn('x_all_permitted_a', image.keys())
  2592. path = self._url('/v2/images/%s' % image_id)
  2593. media_type = 'application/openstack-images-v2.1-json-patch'
  2594. headers = self._headers({'content-type': media_type,
  2595. 'X-Roles': 'joe_soap'})
  2596. data = jsonutils.dumps([
  2597. {'op': 'remove', 'path': '/x_all_permitted_b'}
  2598. ])
  2599. response = requests.patch(path, headers=headers, data=data)
  2600. self.assertEqual(http.OK, response.status_code, response.text)
  2601. image = jsonutils.loads(response.text)
  2602. self.assertNotIn('x_all_permitted_b', image.keys())
  2603. # Verify neither admin nor unknown role can create a property protected
  2604. # with '!'
  2605. path = self._url('/v2/images')
  2606. headers = self._headers({'content-type': 'application/json',
  2607. 'X-Roles': 'admin'})
  2608. data = jsonutils.dumps({
  2609. 'name': 'image-1',
  2610. 'disk_format': 'aki',
  2611. 'container_format': 'aki',
  2612. 'x_none_permitted_admin': '1'
  2613. })
  2614. response = requests.post(path, headers=headers, data=data)
  2615. self.assertEqual(http.FORBIDDEN, response.status_code)
  2616. path = self._url('/v2/images')
  2617. headers = self._headers({'content-type': 'application/json',
  2618. 'X-Roles': 'joe_soap'})
  2619. data = jsonutils.dumps({
  2620. 'name': 'image-1',
  2621. 'disk_format': 'aki',
  2622. 'container_format': 'aki',
  2623. 'x_none_permitted_joe_soap': '1'
  2624. })
  2625. response = requests.post(path, headers=headers, data=data)
  2626. self.assertEqual(http.FORBIDDEN, response.status_code)
  2627. # Verify neither admin nor unknown role can read properties marked with
  2628. # '!'
  2629. path = self._url('/v2/images')
  2630. headers = self._headers({'content-type': 'application/json',
  2631. 'X-Roles': 'admin'})
  2632. data = jsonutils.dumps({
  2633. 'name': 'image-1',
  2634. 'disk_format': 'aki',
  2635. 'container_format': 'aki',
  2636. 'x_none_read': '1'
  2637. })
  2638. response = requests.post(path, headers=headers, data=data)
  2639. self.assertEqual(http.CREATED, response.status_code)
  2640. image = jsonutils.loads(response.text)
  2641. image_id = image['id']
  2642. self.assertNotIn('x_none_read', image.keys())
  2643. headers = self._headers({'content-type': 'application/json',
  2644. 'X-Roles': 'admin'})
  2645. path = self._url('/v2/images/%s' % image_id)
  2646. response = requests.get(path, headers=self._headers())
  2647. self.assertEqual(http.OK, response.status_code)
  2648. image = jsonutils.loads(response.text)
  2649. self.assertNotIn('x_none_read', image.keys())
  2650. headers = self._headers({'content-type': 'application/json',
  2651. 'X-Roles': 'joe_soap'})
  2652. path = self._url('/v2/images/%s' % image_id)
  2653. response = requests.get(path, headers=self._headers())
  2654. self.assertEqual(http.OK, response.status_code)
  2655. image = jsonutils.loads(response.text)
  2656. self.assertNotIn('x_none_read', image.keys())
  2657. # Verify neither admin nor unknown role can update properties marked
  2658. # with '!'
  2659. path = self._url('/v2/images')
  2660. headers = self._headers({'content-type': 'application/json',
  2661. 'X-Roles': 'admin'})
  2662. data = jsonutils.dumps({
  2663. 'name': 'image-1',
  2664. 'disk_format': 'aki',
  2665. 'container_format': 'aki',
  2666. 'x_none_update': '1'
  2667. })
  2668. response = requests.post(path, headers=headers, data=data)
  2669. self.assertEqual(http.CREATED, response.status_code)
  2670. image = jsonutils.loads(response.text)
  2671. image_id = image['id']
  2672. self.assertEqual('1', image['x_none_update'])
  2673. path = self._url('/v2/images/%s' % image_id)
  2674. media_type = 'application/openstack-images-v2.1-json-patch'
  2675. headers = self._headers({'content-type': media_type,
  2676. 'X-Roles': 'admin'})
  2677. data = jsonutils.dumps([
  2678. {'op': 'replace',
  2679. 'path': '/x_none_update', 'value': '2'}
  2680. ])
  2681. response = requests.patch(path, headers=headers, data=data)
  2682. self.assertEqual(http.FORBIDDEN, response.status_code, response.text)
  2683. path = self._url('/v2/images/%s' % image_id)
  2684. media_type = 'application/openstack-images-v2.1-json-patch'
  2685. headers = self._headers({'content-type': media_type,
  2686. 'X-Roles': 'joe_soap'})
  2687. data = jsonutils.dumps([
  2688. {'op': 'replace',
  2689. 'path': '/x_none_update', 'value': '3'}
  2690. ])
  2691. response = requests.patch(path, headers=headers, data=data)
  2692. self.assertEqual(http.CONFLICT, response.status_code, response.text)
  2693. # Verify neither admin nor unknown role can delete properties marked
  2694. # with '!'
  2695. path = self._url('/v2/images')
  2696. headers = self._headers({'content-type': 'application/json',
  2697. 'X-Roles': 'admin'})
  2698. data = jsonutils.dumps({
  2699. 'name': 'image-1',
  2700. 'disk_format': 'aki',
  2701. 'container_format': 'aki',
  2702. 'x_none_delete': '1',
  2703. })
  2704. response = requests.post(path, headers=headers, data=data)
  2705. self.assertEqual(http.CREATED, response.status_code)
  2706. image = jsonutils.loads(response.text)
  2707. image_id = image['id']
  2708. path = self._url('/v2/images/%s' % image_id)
  2709. media_type = 'application/openstack-images-v2.1-json-patch'
  2710. headers = self._headers({'content-type': media_type,
  2711. 'X-Roles': 'admin'})
  2712. data = jsonutils.dumps([
  2713. {'op': 'remove', 'path': '/x_none_delete'}
  2714. ])
  2715. response = requests.patch(path, headers=headers, data=data)
  2716. self.assertEqual(http.FORBIDDEN, response.status_code, response.text)
  2717. path = self._url('/v2/images/%s' % image_id)
  2718. media_type = 'application/openstack-images-v2.1-json-patch'
  2719. headers = self._headers({'content-type': media_type,
  2720. 'X-Roles': 'joe_soap'})
  2721. data = jsonutils.dumps([
  2722. {'op': 'remove', 'path': '/x_none_delete'}
  2723. ])
  2724. response = requests.patch(path, headers=headers, data=data)
  2725. self.assertEqual(http.CONFLICT, response.status_code, response.text)
  2726. self.stop_servers()
  2727. def test_tag_lifecycle(self):
  2728. self.start_servers(**self.__dict__.copy())
  2729. # Create an image with a tag - duplicate should be ignored
  2730. path = self._url('/v2/images')
  2731. headers = self._headers({'Content-Type': 'application/json'})
  2732. data = jsonutils.dumps({'name': 'image-1', 'tags': ['sniff', 'sniff']})
  2733. response = requests.post(path, headers=headers, data=data)
  2734. self.assertEqual(http.CREATED, response.status_code)
  2735. image_id = jsonutils.loads(response.text)['id']
  2736. # Image should show a list with a single tag
  2737. path = self._url('/v2/images/%s' % image_id)
  2738. response = requests.get(path, headers=self._headers())
  2739. self.assertEqual(http.OK, response.status_code)
  2740. tags = jsonutils.loads(response.text)['tags']
  2741. self.assertEqual(['sniff'], tags)
  2742. # Delete all tags
  2743. for tag in tags:
  2744. path = self._url('/v2/images/%s/tags/%s' % (image_id, tag))
  2745. response = requests.delete(path, headers=self._headers())
  2746. self.assertEqual(http.NO_CONTENT, response.status_code)
  2747. # Update image with too many tags via PUT
  2748. # Configured limit is 10 tags
  2749. for i in range(10):
  2750. path = self._url('/v2/images/%s/tags/foo%i' % (image_id, i))
  2751. response = requests.put(path, headers=self._headers())
  2752. self.assertEqual(http.NO_CONTENT, response.status_code)
  2753. # 11th tag should fail
  2754. path = self._url('/v2/images/%s/tags/fail_me' % image_id)
  2755. response = requests.put(path, headers=self._headers())
  2756. self.assertEqual(http.REQUEST_ENTITY_TOO_LARGE, response.status_code)
  2757. # Make sure the 11th tag was not added
  2758. path = self._url('/v2/images/%s' % image_id)
  2759. response = requests.get(path, headers=self._headers())
  2760. self.assertEqual(http.OK, response.status_code)
  2761. tags = jsonutils.loads(response.text)['tags']
  2762. self.assertEqual(10, len(tags))
  2763. # Update image tags via PATCH
  2764. path = self._url('/v2/images/%s' % image_id)
  2765. media_type = 'application/openstack-images-v2.1-json-patch'
  2766. headers = self._headers({'content-type': media_type})
  2767. doc = [
  2768. {
  2769. 'op': 'replace',
  2770. 'path': '/tags',
  2771. 'value': ['foo'],
  2772. },
  2773. ]
  2774. data = jsonutils.dumps(doc)
  2775. response = requests.patch(path, headers=headers, data=data)
  2776. self.assertEqual(http.OK, response.status_code)
  2777. # Update image with too many tags via PATCH
  2778. # Configured limit is 10 tags
  2779. path = self._url('/v2/images/%s' % image_id)
  2780. media_type = 'application/openstack-images-v2.1-json-patch'
  2781. headers = self._headers({'content-type': media_type})
  2782. tags = ['foo%d' % i for i in range(11)]
  2783. doc = [
  2784. {
  2785. 'op': 'replace',
  2786. 'path': '/tags',
  2787. 'value': tags,
  2788. },
  2789. ]
  2790. data = jsonutils.dumps(doc)
  2791. response = requests.patch(path, headers=headers, data=data)
  2792. self.assertEqual(http.REQUEST_ENTITY_TOO_LARGE, response.status_code)
  2793. # Tags should not have changed since request was over limit
  2794. path = self._url('/v2/images/%s' % image_id)
  2795. response = requests.get(path, headers=self._headers())
  2796. self.assertEqual(http.OK, response.status_code)
  2797. tags = jsonutils.loads(response.text)['tags']
  2798. self.assertEqual(['foo'], tags)
  2799. # Update image with duplicate tag - it should be ignored
  2800. path = self._url('/v2/images/%s' % image_id)
  2801. media_type = 'application/openstack-images-v2.1-json-patch'
  2802. headers = self._headers({'content-type': media_type})
  2803. doc = [
  2804. {
  2805. 'op': 'replace',
  2806. 'path': '/tags',
  2807. 'value': ['sniff', 'snozz', 'snozz'],
  2808. },
  2809. ]
  2810. data = jsonutils.dumps(doc)
  2811. response = requests.patch(path, headers=headers, data=data)
  2812. self.assertEqual(http.OK, response.status_code)
  2813. tags = jsonutils.loads(response.text)['tags']
  2814. self.assertEqual(['sniff', 'snozz'], sorted(tags))
  2815. # Image should show the appropriate tags
  2816. path = self._url('/v2/images/%s' % image_id)
  2817. response = requests.get(path, headers=self._headers())
  2818. self.assertEqual(http.OK, response.status_code)
  2819. tags = jsonutils.loads(response.text)['tags']
  2820. self.assertEqual(['sniff', 'snozz'], sorted(tags))
  2821. # Attempt to tag the image with a duplicate should be ignored
  2822. path = self._url('/v2/images/%s/tags/snozz' % image_id)
  2823. response = requests.put(path, headers=self._headers())
  2824. self.assertEqual(http.NO_CONTENT, response.status_code)
  2825. # Create another more complex tag
  2826. path = self._url('/v2/images/%s/tags/gabe%%40example.com' % image_id)
  2827. response = requests.put(path, headers=self._headers())
  2828. self.assertEqual(http.NO_CONTENT, response.status_code)
  2829. # Double-check that the tags container on the image is populated
  2830. path = self._url('/v2/images/%s' % image_id)
  2831. response = requests.get(path, headers=self._headers())
  2832. self.assertEqual(http.OK, response.status_code)
  2833. tags = jsonutils.loads(response.text)['tags']
  2834. self.assertEqual(['gabe@example.com', 'sniff', 'snozz'],
  2835. sorted(tags))
  2836. # Query images by single tag
  2837. path = self._url('/v2/images?tag=sniff')
  2838. response = requests.get(path, headers=self._headers())
  2839. self.assertEqual(http.OK, response.status_code)
  2840. images = jsonutils.loads(response.text)['images']
  2841. self.assertEqual(1, len(images))
  2842. self.assertEqual('image-1', images[0]['name'])
  2843. # Query images by multiple tags
  2844. path = self._url('/v2/images?tag=sniff&tag=snozz')
  2845. response = requests.get(path, headers=self._headers())
  2846. self.assertEqual(http.OK, response.status_code)
  2847. images = jsonutils.loads(response.text)['images']
  2848. self.assertEqual(1, len(images))
  2849. self.assertEqual('image-1', images[0]['name'])
  2850. # Query images by tag and other attributes
  2851. path = self._url('/v2/images?tag=sniff&status=queued')
  2852. response = requests.get(path, headers=self._headers())
  2853. self.assertEqual(http.OK, response.status_code)
  2854. images = jsonutils.loads(response.text)['images']
  2855. self.assertEqual(1, len(images))
  2856. self.assertEqual('image-1', images[0]['name'])
  2857. # Query images by tag and a nonexistent tag
  2858. path = self._url('/v2/images?tag=sniff&tag=fake')
  2859. response = requests.get(path, headers=self._headers())
  2860. self.assertEqual(http.OK, response.status_code)
  2861. images = jsonutils.loads(response.text)['images']
  2862. self.assertEqual(0, len(images))
  2863. # The tag should be deletable
  2864. path = self._url('/v2/images/%s/tags/gabe%%40example.com' % image_id)
  2865. response = requests.delete(path, headers=self._headers())
  2866. self.assertEqual(http.NO_CONTENT, response.status_code)
  2867. # List of tags should reflect the deletion
  2868. path = self._url('/v2/images/%s' % image_id)
  2869. response = requests.get(path, headers=self._headers())
  2870. self.assertEqual(http.OK, response.status_code)
  2871. tags = jsonutils.loads(response.text)['tags']
  2872. self.assertEqual(['sniff', 'snozz'], sorted(tags))
  2873. # Deleting the same tag should return a 404
  2874. path = self._url('/v2/images/%s/tags/gabe%%40example.com' % image_id)
  2875. response = requests.delete(path, headers=self._headers())
  2876. self.assertEqual(http.NOT_FOUND, response.status_code)
  2877. # The tags won't be able to query the images after deleting
  2878. path = self._url('/v2/images?tag=gabe%%40example.com')
  2879. response = requests.get(path, headers=self._headers())
  2880. self.assertEqual(http.OK, response.status_code)
  2881. images = jsonutils.loads(response.text)['images']
  2882. self.assertEqual(0, len(images))
  2883. # Try to add a tag that is too long
  2884. big_tag = 'a' * 300
  2885. path = self._url('/v2/images/%s/tags/%s' % (image_id, big_tag))
  2886. response = requests.put(path, headers=self._headers())
  2887. self.assertEqual(http.BAD_REQUEST, response.status_code)
  2888. # Tags should not have changed since request was over limit
  2889. path = self._url('/v2/images/%s' % image_id)
  2890. response = requests.get(path, headers=self._headers())
  2891. self.assertEqual(http.OK, response.status_code)
  2892. tags = jsonutils.loads(response.text)['tags']
  2893. self.assertEqual(['sniff', 'snozz'], sorted(tags))
  2894. self.stop_servers()
  2895. def test_images_container(self):
  2896. # Image list should be empty and no next link should be present
  2897. self.start_servers(**self.__dict__.copy())
  2898. path = self._url('/v2/images')
  2899. response = requests.get(path, headers=self._headers())
  2900. self.assertEqual(http.OK, response.status_code)
  2901. images = jsonutils.loads(response.text)['images']
  2902. first = jsonutils.loads(response.text)['first']
  2903. self.assertEqual(0, len(images))
  2904. self.assertNotIn('next', jsonutils.loads(response.text))
  2905. self.assertEqual('/v2/images', first)
  2906. # Create 7 images
  2907. images = []
  2908. fixtures = [
  2909. {'name': 'image-3', 'type': 'kernel', 'ping': 'pong',
  2910. 'container_format': 'ami', 'disk_format': 'ami'},
  2911. {'name': 'image-4', 'type': 'kernel', 'ping': 'pong',
  2912. 'container_format': 'bare', 'disk_format': 'ami'},
  2913. {'name': 'image-1', 'type': 'kernel', 'ping': 'pong'},
  2914. {'name': 'image-3', 'type': 'ramdisk', 'ping': 'pong'},
  2915. {'name': 'image-2', 'type': 'kernel', 'ping': 'ding'},
  2916. {'name': 'image-3', 'type': 'kernel', 'ping': 'pong'},
  2917. {'name': 'image-2,image-5', 'type': 'kernel', 'ping': 'pong'},
  2918. ]
  2919. path = self._url('/v2/images')
  2920. headers = self._headers({'content-type': 'application/json'})
  2921. for fixture in fixtures:
  2922. data = jsonutils.dumps(fixture)
  2923. response = requests.post(path, headers=headers, data=data)
  2924. self.assertEqual(http.CREATED, response.status_code)
  2925. images.append(jsonutils.loads(response.text))
  2926. # Image list should contain 7 images
  2927. path = self._url('/v2/images')
  2928. response = requests.get(path, headers=self._headers())
  2929. self.assertEqual(http.OK, response.status_code)
  2930. body = jsonutils.loads(response.text)
  2931. self.assertEqual(7, len(body['images']))
  2932. self.assertEqual('/v2/images', body['first'])
  2933. self.assertNotIn('next', jsonutils.loads(response.text))
  2934. # Image list filters by created_at time
  2935. url_template = '/v2/images?created_at=lt:%s'
  2936. path = self._url(url_template % images[0]['created_at'])
  2937. response = requests.get(path, headers=self._headers())
  2938. self.assertEqual(http.OK, response.status_code)
  2939. body = jsonutils.loads(response.text)
  2940. self.assertEqual(0, len(body['images']))
  2941. self.assertEqual(url_template % images[0]['created_at'],
  2942. urllib.parse.unquote(body['first']))
  2943. # Image list filters by updated_at time
  2944. url_template = '/v2/images?updated_at=lt:%s'
  2945. path = self._url(url_template % images[2]['updated_at'])
  2946. response = requests.get(path, headers=self._headers())
  2947. self.assertEqual(http.OK, response.status_code)
  2948. body = jsonutils.loads(response.text)
  2949. self.assertGreaterEqual(3, len(body['images']))
  2950. self.assertEqual(url_template % images[2]['updated_at'],
  2951. urllib.parse.unquote(body['first']))
  2952. # Image list filters by updated_at and created time with invalid value
  2953. url_template = '/v2/images?%s=lt:invalid_value'
  2954. for filter in ['updated_at', 'created_at']:
  2955. path = self._url(url_template % filter)
  2956. response = requests.get(path, headers=self._headers())
  2957. self.assertEqual(http.BAD_REQUEST, response.status_code)
  2958. # Image list filters by updated_at and created_at with invalid operator
  2959. url_template = '/v2/images?%s=invalid_operator:2015-11-19T12:24:02Z'
  2960. for filter in ['updated_at', 'created_at']:
  2961. path = self._url(url_template % filter)
  2962. response = requests.get(path, headers=self._headers())
  2963. self.assertEqual(http.BAD_REQUEST, response.status_code)
  2964. # Image list filters by non-'URL encoding' value
  2965. path = self._url('/v2/images?name=%FF')
  2966. response = requests.get(path, headers=self._headers())
  2967. self.assertEqual(http.BAD_REQUEST, response.status_code)
  2968. # Image list filters by name with in operator
  2969. url_template = '/v2/images?name=in:%s'
  2970. filter_value = 'image-1,image-2'
  2971. path = self._url(url_template % filter_value)
  2972. response = requests.get(path, headers=self._headers())
  2973. self.assertEqual(http.OK, response.status_code)
  2974. body = jsonutils.loads(response.text)
  2975. self.assertGreaterEqual(3, len(body['images']))
  2976. # Image list filters by container_format with in operator
  2977. url_template = '/v2/images?container_format=in:%s'
  2978. filter_value = 'bare,ami'
  2979. path = self._url(url_template % filter_value)
  2980. response = requests.get(path, headers=self._headers())
  2981. self.assertEqual(http.OK, response.status_code)
  2982. body = jsonutils.loads(response.text)
  2983. self.assertGreaterEqual(2, len(body['images']))
  2984. # Image list filters by disk_format with in operator
  2985. url_template = '/v2/images?disk_format=in:%s'
  2986. filter_value = 'bare,ami,iso'
  2987. path = self._url(url_template % filter_value)
  2988. response = requests.get(path, headers=self._headers())
  2989. self.assertEqual(http.OK, response.status_code)
  2990. body = jsonutils.loads(response.text)
  2991. self.assertGreaterEqual(2, len(body['images']))
  2992. # Begin pagination after the first image
  2993. template_url = ('/v2/images?limit=2&sort_dir=asc&sort_key=name'
  2994. '&marker=%s&type=kernel&ping=pong')
  2995. path = self._url(template_url % images[2]['id'])
  2996. response = requests.get(path, headers=self._headers())
  2997. self.assertEqual(http.OK, response.status_code)
  2998. body = jsonutils.loads(response.text)
  2999. self.assertEqual(2, len(body['images']))
  3000. response_ids = [image['id'] for image in body['images']]
  3001. self.assertEqual([images[6]['id'], images[0]['id']], response_ids)
  3002. # Continue pagination using next link from previous request
  3003. path = self._url(body['next'])
  3004. response = requests.get(path, headers=self._headers())
  3005. self.assertEqual(http.OK, response.status_code)
  3006. body = jsonutils.loads(response.text)
  3007. self.assertEqual(2, len(body['images']))
  3008. response_ids = [image['id'] for image in body['images']]
  3009. self.assertEqual([images[5]['id'], images[1]['id']], response_ids)
  3010. # Continue pagination - expect no results
  3011. path = self._url(body['next'])
  3012. response = requests.get(path, headers=self._headers())
  3013. self.assertEqual(http.OK, response.status_code)
  3014. body = jsonutils.loads(response.text)
  3015. self.assertEqual(0, len(body['images']))
  3016. # Delete first image
  3017. path = self._url('/v2/images/%s' % images[0]['id'])
  3018. response = requests.delete(path, headers=self._headers())
  3019. self.assertEqual(http.NO_CONTENT, response.status_code)
  3020. # Ensure bad request for using a deleted image as marker
  3021. path = self._url('/v2/images?marker=%s' % images[0]['id'])
  3022. response = requests.get(path, headers=self._headers())
  3023. self.assertEqual(http.BAD_REQUEST, response.status_code)
  3024. self.stop_servers()
  3025. def test_image_visibility_to_different_users(self):
  3026. self.cleanup()
  3027. self.api_server.deployment_flavor = 'fakeauth'
  3028. self.registry_server.deployment_flavor = 'fakeauth'
  3029. kwargs = self.__dict__.copy()
  3030. kwargs['use_user_token'] = True
  3031. self.start_servers(**kwargs)
  3032. owners = ['admin', 'tenant1', 'tenant2', 'none']
  3033. visibilities = ['public', 'private', 'shared', 'community']
  3034. for owner in owners:
  3035. for visibility in visibilities:
  3036. path = self._url('/v2/images')
  3037. headers = self._headers({
  3038. 'content-type': 'application/json',
  3039. 'X-Auth-Token': 'createuser:%s:admin' % owner,
  3040. })
  3041. data = jsonutils.dumps({
  3042. 'name': '%s-%s' % (owner, visibility),
  3043. 'visibility': visibility,
  3044. })
  3045. response = requests.post(path, headers=headers, data=data)
  3046. self.assertEqual(http.CREATED, response.status_code)
  3047. def list_images(tenant, role='', visibility=None):
  3048. auth_token = 'user:%s:%s' % (tenant, role)
  3049. headers = {'X-Auth-Token': auth_token}
  3050. path = self._url('/v2/images')
  3051. if visibility is not None:
  3052. path += '?visibility=%s' % visibility
  3053. response = requests.get(path, headers=headers)
  3054. self.assertEqual(http.OK, response.status_code)
  3055. return jsonutils.loads(response.text)['images']
  3056. # 1. Known user sees public and their own images
  3057. images = list_images('tenant1')
  3058. self.assertEqual(7, len(images))
  3059. for image in images:
  3060. self.assertTrue(image['visibility'] == 'public'
  3061. or 'tenant1' in image['name'])
  3062. # 2. Known user, visibility=public, sees all public images
  3063. images = list_images('tenant1', visibility='public')
  3064. self.assertEqual(4, len(images))
  3065. for image in images:
  3066. self.assertEqual('public', image['visibility'])
  3067. # 3. Known user, visibility=private, sees only their private image
  3068. images = list_images('tenant1', visibility='private')
  3069. self.assertEqual(1, len(images))
  3070. image = images[0]
  3071. self.assertEqual('private', image['visibility'])
  3072. self.assertIn('tenant1', image['name'])
  3073. # 4. Known user, visibility=shared, sees only their shared image
  3074. images = list_images('tenant1', visibility='shared')
  3075. self.assertEqual(1, len(images))
  3076. image = images[0]
  3077. self.assertEqual('shared', image['visibility'])
  3078. self.assertIn('tenant1', image['name'])
  3079. # 5. Known user, visibility=community, sees all community images
  3080. images = list_images('tenant1', visibility='community')
  3081. self.assertEqual(4, len(images))
  3082. for image in images:
  3083. self.assertEqual('community', image['visibility'])
  3084. # 6. Unknown user sees only public images
  3085. images = list_images('none')
  3086. self.assertEqual(4, len(images))
  3087. for image in images:
  3088. self.assertEqual('public', image['visibility'])
  3089. # 7. Unknown user, visibility=public, sees only public images
  3090. images = list_images('none', visibility='public')
  3091. self.assertEqual(4, len(images))
  3092. for image in images:
  3093. self.assertEqual('public', image['visibility'])
  3094. # 8. Unknown user, visibility=private, sees no images
  3095. images = list_images('none', visibility='private')
  3096. self.assertEqual(0, len(images))
  3097. # 9. Unknown user, visibility=shared, sees no images
  3098. images = list_images('none', visibility='shared')
  3099. self.assertEqual(0, len(images))
  3100. # 10. Unknown user, visibility=community, sees only community images
  3101. images = list_images('none', visibility='community')
  3102. self.assertEqual(4, len(images))
  3103. for image in images:
  3104. self.assertEqual('community', image['visibility'])
  3105. # 11. Unknown admin sees all images except for community images
  3106. images = list_images('none', role='admin')
  3107. self.assertEqual(12, len(images))
  3108. # 12. Unknown admin, visibility=public, shows only public images
  3109. images = list_images('none', role='admin', visibility='public')
  3110. self.assertEqual(4, len(images))
  3111. for image in images:
  3112. self.assertEqual('public', image['visibility'])
  3113. # 13. Unknown admin, visibility=private, sees only private images
  3114. images = list_images('none', role='admin', visibility='private')
  3115. self.assertEqual(4, len(images))
  3116. for image in images:
  3117. self.assertEqual('private', image['visibility'])
  3118. # 14. Unknown admin, visibility=shared, sees only shared images
  3119. images = list_images('none', role='admin', visibility='shared')
  3120. self.assertEqual(4, len(images))
  3121. for image in images:
  3122. self.assertEqual('shared', image['visibility'])
  3123. # 15. Unknown admin, visibility=community, sees only community images
  3124. images = list_images('none', role='admin', visibility='community')
  3125. self.assertEqual(4, len(images))
  3126. for image in images:
  3127. self.assertEqual('community', image['visibility'])
  3128. # 16. Known admin sees all images, except community images owned by
  3129. # others
  3130. images = list_images('admin', role='admin')
  3131. self.assertEqual(13, len(images))
  3132. # 17. Known admin, visibility=public, sees all public images
  3133. images = list_images('admin', role='admin', visibility='public')
  3134. self.assertEqual(4, len(images))
  3135. for image in images:
  3136. self.assertEqual('public', image['visibility'])
  3137. # 18. Known admin, visibility=private, sees all private images
  3138. images = list_images('admin', role='admin', visibility='private')
  3139. self.assertEqual(4, len(images))
  3140. for image in images:
  3141. self.assertEqual('private', image['visibility'])
  3142. # 19. Known admin, visibility=shared, sees all shared images
  3143. images = list_images('admin', role='admin', visibility='shared')
  3144. self.assertEqual(4, len(images))
  3145. for image in images:
  3146. self.assertEqual('shared', image['visibility'])
  3147. # 20. Known admin, visibility=community, sees all community images
  3148. images = list_images('admin', role='admin', visibility='community')
  3149. self.assertEqual(4, len(images))
  3150. for image in images:
  3151. self.assertEqual('community', image['visibility'])
  3152. self.stop_servers()
  3153. def test_update_locations(self):
  3154. self.api_server.show_multiple_locations = True
  3155. self.start_servers(**self.__dict__.copy())
  3156. # Create an image
  3157. path = self._url('/v2/images')
  3158. headers = self._headers({'content-type': 'application/json'})
  3159. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  3160. 'container_format': 'aki'})
  3161. response = requests.post(path, headers=headers, data=data)
  3162. self.assertEqual(http.CREATED, response.status_code)
  3163. # Returned image entity should have a generated id and status
  3164. image = jsonutils.loads(response.text)
  3165. image_id = image['id']
  3166. self.assertEqual('queued', image['status'])
  3167. self.assertIsNone(image['size'])
  3168. self.assertIsNone(image['virtual_size'])
  3169. # Update locations for the queued image
  3170. path = self._url('/v2/images/%s' % image_id)
  3171. media_type = 'application/openstack-images-v2.1-json-patch'
  3172. headers = self._headers({'content-type': media_type})
  3173. url = 'http://127.0.0.1:%s/foo_image' % self.http_port0
  3174. data = jsonutils.dumps([{'op': 'replace', 'path': '/locations',
  3175. 'value': [{'url': url, 'metadata': {}}]
  3176. }])
  3177. response = requests.patch(path, headers=headers, data=data)
  3178. self.assertEqual(http.OK, response.status_code, response.text)
  3179. # The image size should be updated
  3180. path = self._url('/v2/images/%s' % image_id)
  3181. response = requests.get(path, headers=headers)
  3182. self.assertEqual(http.OK, response.status_code)
  3183. image = jsonutils.loads(response.text)
  3184. self.assertEqual(10, image['size'])
  3185. def test_update_locations_with_restricted_sources(self):
  3186. self.api_server.show_multiple_locations = True
  3187. self.start_servers(**self.__dict__.copy())
  3188. # Create an image
  3189. path = self._url('/v2/images')
  3190. headers = self._headers({'content-type': 'application/json'})
  3191. data = jsonutils.dumps({'name': 'image-1', 'disk_format': 'aki',
  3192. 'container_format': 'aki'})
  3193. response = requests.post(path, headers=headers, data=data)
  3194. self.assertEqual(http.CREATED, response.status_code)
  3195. # Returned image entity should have a generated id and status
  3196. image = jsonutils.loads(response.text)
  3197. image_id = image['id']
  3198. self.assertEqual('queued', image['status'])
  3199. self.assertIsNone(image['size'])
  3200. self.assertIsNone(image['virtual_size'])
  3201. # Update locations for the queued image
  3202. path = self._url('/v2/images/%s' % image_id)
  3203. media_type = 'application/openstack-images-v2.1-json-patch'
  3204. headers = self._headers({'content-type': media_type})
  3205. data = jsonutils.dumps([{'op': 'replace', 'path': '/locations',
  3206. 'value': [{'url': 'file:///foo_image',
  3207. 'metadata': {}}]
  3208. }])
  3209. response = requests.patch(path, headers=headers, data=data)
  3210. self.assertEqual(http.BAD_REQUEST, response.status_code, response.text)
  3211. data = jsonutils.dumps([{'op': 'replace', 'path': '/locations',
  3212. 'value': [{'url': 'swift+config:///foo_image',
  3213. 'metadata': {}}]
  3214. }])
  3215. response = requests.patch(path, headers=headers, data=data)
  3216. self.assertEqual(http.BAD_REQUEST, response.status_code, response.text)
  3217. class TestImagesWithRegistry(TestImages):
  3218. def setUp(self):
  3219. super(TestImagesWithRegistry, self).setUp()
  3220. self.api_server.data_api = (
  3221. 'glance.tests.functional.v2.registry_data_api')
  3222. self.registry_server.deployment_flavor = 'trusted-auth'
  3223. self.api_server.use_user_token = True
  3224. class TestImagesIPv6(functional.FunctionalTest):
  3225. """Verify that API and REG servers running IPv6 can communicate"""
  3226. def setUp(self):
  3227. """
  3228. First applying monkey patches of functions and methods which have
  3229. IPv4 hardcoded.
  3230. """
  3231. # Setting up initial monkey patch (1)
  3232. test_utils.get_unused_port_ipv4 = test_utils.get_unused_port
  3233. test_utils.get_unused_port_and_socket_ipv4 = (
  3234. test_utils.get_unused_port_and_socket)
  3235. test_utils.get_unused_port = test_utils.get_unused_port_ipv6
  3236. test_utils.get_unused_port_and_socket = (
  3237. test_utils.get_unused_port_and_socket_ipv6)
  3238. super(TestImagesIPv6, self).setUp()
  3239. self.cleanup()
  3240. # Setting up monkey patch (2), after object is ready...
  3241. self.ping_server_ipv4 = self.ping_server
  3242. self.ping_server = self.ping_server_ipv6
  3243. self.include_scrubber = False
  3244. def tearDown(self):
  3245. # Cleaning up monkey patch (2).
  3246. self.ping_server = self.ping_server_ipv4
  3247. super(TestImagesIPv6, self).tearDown()
  3248. # Cleaning up monkey patch (1).
  3249. test_utils.get_unused_port = test_utils.get_unused_port_ipv4
  3250. test_utils.get_unused_port_and_socket = (
  3251. test_utils.get_unused_port_and_socket_ipv4)
  3252. def _url(self, path):
  3253. return "http://[::1]:%d%s" % (self.api_port, path)
  3254. def _headers(self, custom_headers=None):
  3255. base_headers = {
  3256. 'X-Identity-Status': 'Confirmed',
  3257. 'X-Auth-Token': '932c5c84-02ac-4fe5-a9ba-620af0e2bb96',
  3258. 'X-User-Id': 'f9a41d13-0c13-47e9-bee2-ce4e8bfe958e',
  3259. 'X-Tenant-Id': TENANT1,
  3260. 'X-Roles': 'member',
  3261. }
  3262. base_headers.update(custom_headers or {})
  3263. return base_headers
  3264. def test_image_list_ipv6(self):
  3265. # Image list should be empty
  3266. self.api_server.data_api = (
  3267. 'glance.tests.functional.v2.registry_data_api')
  3268. self.registry_server.deployment_flavor = 'trusted-auth'
  3269. # Setting up configuration parameters properly
  3270. # (bind_host is not needed since it is replaced by monkey patches,
  3271. # but it would be reflected in the configuration file, which is
  3272. # at least improving consistency)
  3273. self.registry_server.bind_host = "::1"
  3274. self.api_server.bind_host = "::1"
  3275. self.api_server.registry_host = "::1"
  3276. self.scrubber_daemon.registry_host = "::1"
  3277. self.start_servers(**self.__dict__.copy())
  3278. requests.get(self._url('/'), headers=self._headers())
  3279. path = self._url('/v2/images')
  3280. response = requests.get(path, headers=self._headers())
  3281. self.assertEqual(200, response.status_code)
  3282. images = jsonutils.loads(response.text)['images']
  3283. self.assertEqual(0, len(images))
  3284. class TestImageDirectURLVisibility(functional.FunctionalTest):
  3285. def setUp(self):
  3286. super(TestImageDirectURLVisibility, self).setUp()
  3287. self.cleanup()
  3288. self.include_scrubber = False
  3289. self.api_server.deployment_flavor = 'noauth'
  3290. def _url(self, path):
  3291. return 'http://127.0.0.1:%d%s' % (self.api_port, path)
  3292. def _headers(self, custom_headers=None):
  3293. base_headers = {
  3294. 'X-Identity-Status': 'Confirmed',
  3295. 'X-Auth-Token': '932c5c84-02ac-4fe5-a9ba-620af0e2bb96',
  3296. 'X-User-Id': 'f9a41d13-0c13-47e9-bee2-ce4e8bfe958e',
  3297. 'X-Tenant-Id': TENANT1,
  3298. 'X-Roles': 'member',
  3299. }
  3300. base_headers.update(custom_headers or {})
  3301. return base_headers
  3302. def test_v2_not_enabled(self):
  3303. self.api_server.enable_v2_api = False
  3304. self.start_servers(**self.__dict__.copy())
  3305. path = self._url('/v2/images')
  3306. response = requests.get(path, headers=self._headers())
  3307. self.assertEqual(http.MULTIPLE_CHOICES, response.status_code)
  3308. self.stop_servers()
  3309. def test_v2_enabled(self):
  3310. self.api_server.enable_v2_api = True
  3311. self.start_servers(**self.__dict__.copy())
  3312. path = self._url('/v2/images')
  3313. response = requests.get(path, headers=self._headers())
  3314. self.assertEqual(http.OK, response.status_code)
  3315. self.stop_servers()
  3316. def test_image_direct_url_visible(self):
  3317. self.api_server.show_image_direct_url = True
  3318. self.start_servers(**self.__dict__.copy())
  3319. # Image list should be empty
  3320. path = self._url('/v2/images')
  3321. response = requests.get(path, headers=self._headers())
  3322. self.assertEqual(http.OK, response.status_code)
  3323. images = jsonutils.loads(response.text)['images']
  3324. self.assertEqual(0, len(images))
  3325. # Create an image
  3326. path = self._url('/v2/images')
  3327. headers = self._headers({'content-type': 'application/json'})
  3328. data = jsonutils.dumps({'name': 'image-1', 'type': 'kernel',
  3329. 'foo': 'bar', 'disk_format': 'aki',
  3330. 'container_format': 'aki',
  3331. 'visibility': 'public'})
  3332. response = requests.post(path, headers=headers, data=data)
  3333. self.assertEqual(http.CREATED, response.status_code)
  3334. # Get the image id
  3335. image = jsonutils.loads(response.text)
  3336. image_id = image['id']
  3337. # Image direct_url should not be visible before location is set
  3338. path = self._url('/v2/images/%s' % image_id)
  3339. headers = self._headers({'Content-Type': 'application/json'})
  3340. response = requests.get(path, headers=headers)
  3341. self.assertEqual(http.OK, response.status_code)
  3342. image = jsonutils.loads(response.text)
  3343. self.assertNotIn('direct_url', image)
  3344. # Upload some image data, setting the image location
  3345. path = self._url('/v2/images/%s/file' % image_id)
  3346. headers = self._headers({'Content-Type': 'application/octet-stream'})
  3347. response = requests.put(path, headers=headers, data='ZZZZZ')
  3348. self.assertEqual(http.NO_CONTENT, response.status_code)
  3349. # Image direct_url should be visible
  3350. path = self._url('/v2/images/%s' % image_id)
  3351. headers = self._headers({'Content-Type': 'application/json'})
  3352. response = requests.get(path, headers=headers)
  3353. self.assertEqual(http.OK, response.status_code)
  3354. image = jsonutils.loads(response.text)
  3355. self.assertIn('direct_url', image)
  3356. # Image direct_url should be visible to non-owner, non-admin user
  3357. path = self._url('/v2/images/%s' % image_id)
  3358. headers = self._headers({'Content-Type': 'application/json',
  3359. 'X-Tenant-Id': TENANT2})
  3360. response = requests.get(path, headers=headers)
  3361. self.assertEqual(http.OK, response.status_code)
  3362. image = jsonutils.loads(response.text)
  3363. self.assertIn('direct_url', image)
  3364. # Image direct_url should be visible in a list
  3365. path = self._url('/v2/images')
  3366. headers = self._headers({'Content-Type': 'application/json'})
  3367. response = requests.get(path, headers=headers)
  3368. self.assertEqual(http.OK, response.status_code)
  3369. image = jsonutils.loads(response.text)['images'][0]
  3370. self.assertIn('direct_url', image)
  3371. self.stop_servers()
  3372. def test_image_multiple_location_url_visible(self):
  3373. self.api_server.show_multiple_locations = True
  3374. self.start_servers(**self.__dict__.copy())
  3375. # Create an image
  3376. path = self._url('/v2/images')
  3377. headers = self._headers({'content-type': 'application/json'})
  3378. data = jsonutils.dumps({'name': 'image-1', 'type': 'kernel',
  3379. 'foo': 'bar', 'disk_format': 'aki',
  3380. 'container_format': 'aki'})
  3381. response = requests.post(path, headers=headers, data=data)
  3382. self.assertEqual(http.CREATED, response.status_code)
  3383. # Get the image id
  3384. image = jsonutils.loads(response.text)
  3385. image_id = image['id']
  3386. # Image locations should not be visible before location is set
  3387. path = self._url('/v2/images/%s' % image_id)
  3388. headers = self._headers({'Content-Type': 'application/json'})
  3389. response = requests.get(path, headers=headers)
  3390. self.assertEqual(http.OK, response.status_code)
  3391. image = jsonutils.loads(response.text)
  3392. self.assertIn('locations', image)
  3393. self.assertEqual([], image["locations"])
  3394. # Upload some image data, setting the image location
  3395. path = self._url('/v2/images/%s/file' % image_id)
  3396. headers = self._headers({'Content-Type': 'application/octet-stream'})
  3397. response = requests.put(path, headers=headers, data='ZZZZZ')
  3398. self.assertEqual(http.NO_CONTENT, response.status_code)
  3399. # Image locations should be visible
  3400. path = self._url('/v2/images/%s' % image_id)
  3401. headers = self._headers({'Content-Type': 'application/json'})
  3402. response = requests.get(path, headers=headers)
  3403. self.assertEqual(http.OK, response.status_code)
  3404. image = jsonutils.loads(response.text)
  3405. self.assertIn('locations', image)
  3406. loc = image['locations']
  3407. self.assertGreater(len(loc), 0)
  3408. loc = loc[0]
  3409. self.assertIn('url', loc)
  3410. self.assertIn('metadata', loc)
  3411. self.stop_servers()
  3412. def test_image_direct_url_not_visible(self):
  3413. self.api_server.show_image_direct_url = False
  3414. self.start_servers(**self.__dict__.copy())
  3415. # Image list should be empty
  3416. path = self._url('/v2/images')
  3417. response = requests.get(path, headers=self._headers())
  3418. self.assertEqual(http.OK, response.status_code)
  3419. images = jsonutils.loads(response.text)['images']
  3420. self.assertEqual(0, len(images))
  3421. # Create an image
  3422. path = self._url('/v2/images')
  3423. headers = self._headers({'content-type': 'application/json'})
  3424. data = jsonutils.dumps({'name': 'image-1', 'type': 'kernel',
  3425. 'foo': 'bar', 'disk_format': 'aki',
  3426. 'container_format': 'aki'})
  3427. response = requests.post(path, headers=headers, data=data)
  3428. self.assertEqual(http.CREATED, response.status_code)
  3429. # Get the image id
  3430. image = jsonutils.loads(response.text)
  3431. image_id = image['id']
  3432. # Upload some image data, setting the image location
  3433. path = self._url('/v2/images/%s/file' % image_id)
  3434. headers = self._headers({'Content-Type': 'application/octet-stream'})
  3435. response = requests.put(path, headers=headers, data='ZZZZZ')
  3436. self.assertEqual(http.NO_CONTENT, response.status_code)
  3437. # Image direct_url should not be visible
  3438. path = self._url('/v2/images/%s' % image_id)
  3439. headers = self._headers({'Content-Type': 'application/json'})
  3440. response = requests.get(path, headers=headers)
  3441. self.assertEqual(http.OK, response.status_code)
  3442. image = jsonutils.loads(response.text)
  3443. self.assertNotIn('direct_url', image)
  3444. # Image direct_url should not be visible in a list
  3445. path = self._url('/v2/images')
  3446. headers = self._headers({'Content-Type': 'application/json'})
  3447. response = requests.get(path, headers=headers)
  3448. self.assertEqual(http.OK, response.status_code)
  3449. image = jsonutils.loads(response.text)['images'][0]
  3450. self.assertNotIn('direct_url', image)
  3451. self.stop_servers()
  3452. class TestImageDirectURLVisibilityWithRegistry(TestImageDirectURLVisibility):
  3453. def setUp(self):
  3454. super(TestImageDirectURLVisibilityWithRegistry, self).setUp()
  3455. self.api_server.data_api = (
  3456. 'glance.tests.functional.v2.registry_data_api')
  3457. self.registry_server.deployment_flavor = 'trusted-auth'
  3458. class TestImageLocationSelectionStrategy(functional.FunctionalTest):
  3459. def setUp(self):
  3460. super(TestImageLocationSelectionStrategy, self).setUp()
  3461. self.cleanup()
  3462. self.include_scrubber = False
  3463. self.api_server.deployment_flavor = 'noauth'
  3464. for i in range(3):
  3465. ret = test_utils.start_http_server("foo_image_id%d" % i,
  3466. "foo_image%d" % i)
  3467. setattr(self, 'http_server%d_pid' % i, ret[0])
  3468. setattr(self, 'http_port%d' % i, ret[1])
  3469. def tearDown(self):
  3470. for i in range(3):
  3471. pid = getattr(self, 'http_server%d_pid' % i, None)
  3472. if pid:
  3473. os.kill(pid, signal.SIGKILL)
  3474. super(TestImageLocationSelectionStrategy, self).tearDown()
  3475. def _url(self, path):
  3476. return 'http://127.0.0.1:%d%s' % (self.api_port, path)
  3477. def _headers(self, custom_headers=None):
  3478. base_headers = {
  3479. 'X-Identity-Status': 'Confirmed',
  3480. 'X-Auth-Token': '932c5c84-02ac-4fe5-a9ba-620af0e2bb96',
  3481. 'X-User-Id': 'f9a41d13-0c13-47e9-bee2-ce4e8bfe958e',
  3482. 'X-Tenant-Id': TENANT1,
  3483. 'X-Roles': 'member',
  3484. }
  3485. base_headers.update(custom_headers or {})
  3486. return base_headers
  3487. def test_image_locations_with_order_strategy(self):
  3488. self.api_server.show_image_direct_url = True
  3489. self.api_server.show_multiple_locations = True
  3490. self.image_location_quota = 10
  3491. self.api_server.location_strategy = 'location_order'
  3492. preference = "http, swift, filesystem"
  3493. self.api_server.store_type_location_strategy_preference = preference
  3494. self.start_servers(**self.__dict__.copy())
  3495. # Create an image
  3496. path = self._url('/v2/images')
  3497. headers = self._headers({'content-type': 'application/json'})
  3498. data = jsonutils.dumps({'name': 'image-1', 'type': 'kernel',
  3499. 'foo': 'bar', 'disk_format': 'aki',
  3500. 'container_format': 'aki'})
  3501. response = requests.post(path, headers=headers, data=data)
  3502. self.assertEqual(http.CREATED, response.status_code)
  3503. # Get the image id
  3504. image = jsonutils.loads(response.text)
  3505. image_id = image['id']
  3506. # Image locations should not be visible before location is set
  3507. path = self._url('/v2/images/%s' % image_id)
  3508. headers = self._headers({'Content-Type': 'application/json'})
  3509. response = requests.get(path, headers=headers)
  3510. self.assertEqual(http.OK, response.status_code)
  3511. image = jsonutils.loads(response.text)
  3512. self.assertIn('locations', image)
  3513. self.assertEqual([], image["locations"])
  3514. # Update image locations via PATCH
  3515. path = self._url('/v2/images/%s' % image_id)
  3516. media_type = 'application/openstack-images-v2.1-json-patch'
  3517. headers = self._headers({'content-type': media_type})
  3518. values = [{'url': 'http://127.0.0.1:%s/foo_image' % self.http_port0,
  3519. 'metadata': {}},
  3520. {'url': 'http://127.0.0.1:%s/foo_image' % self.http_port1,
  3521. 'metadata': {}}]
  3522. doc = [{'op': 'replace',
  3523. 'path': '/locations',
  3524. 'value': values}]
  3525. data = jsonutils.dumps(doc)
  3526. response = requests.patch(path, headers=headers, data=data)
  3527. self.assertEqual(http.OK, response.status_code)
  3528. # Image locations should be visible
  3529. path = self._url('/v2/images/%s' % image_id)
  3530. headers = self._headers({'Content-Type': 'application/json'})
  3531. response = requests.get(path, headers=headers)
  3532. self.assertEqual(http.OK, response.status_code)
  3533. image = jsonutils.loads(response.text)
  3534. self.assertIn('locations', image)
  3535. self.assertEqual(values, image['locations'])
  3536. self.assertIn('direct_url', image)
  3537. self.assertEqual(values[0]['url'], image['direct_url'])
  3538. self.stop_servers()
  3539. class TestImageLocationSelectionStrategyWithRegistry(
  3540. TestImageLocationSelectionStrategy):
  3541. def setUp(self):
  3542. super(TestImageLocationSelectionStrategyWithRegistry, self).setUp()
  3543. self.api_server.data_api = (
  3544. 'glance.tests.functional.v2.registry_data_api')
  3545. self.registry_server.deployment_flavor = 'trusted-auth'
  3546. class TestImageMembers(functional.FunctionalTest):
  3547. def setUp(self):
  3548. super(TestImageMembers, self).setUp()
  3549. self.cleanup()
  3550. self.include_scrubber = False
  3551. self.api_server.deployment_flavor = 'fakeauth'
  3552. self.registry_server.deployment_flavor = 'fakeauth'
  3553. self.start_servers(**self.__dict__.copy())
  3554. def _url(self, path):
  3555. return 'http://127.0.0.1:%d%s' % (self.api_port, path)
  3556. def _headers(self, custom_headers=None):
  3557. base_headers = {
  3558. 'X-Identity-Status': 'Confirmed',
  3559. 'X-Auth-Token': '932c5c84-02ac-4fe5-a9ba-620af0e2bb96',
  3560. 'X-User-Id': 'f9a41d13-0c13-47e9-bee2-ce4e8bfe958e',
  3561. 'X-Tenant-Id': TENANT1,
  3562. 'X-Roles': 'member',
  3563. }
  3564. base_headers.update(custom_headers or {})
  3565. return base_headers
  3566. def test_image_member_lifecycle(self):
  3567. def get_header(tenant, role=''):
  3568. auth_token = 'user:%s:%s' % (tenant, role)
  3569. headers = {'X-Auth-Token': auth_token}
  3570. return headers
  3571. # Image list should be empty
  3572. path = self._url('/v2/images')
  3573. response = requests.get(path, headers=get_header('tenant1'))
  3574. self.assertEqual(http.OK, response.status_code)
  3575. images = jsonutils.loads(response.text)['images']
  3576. self.assertEqual(0, len(images))
  3577. owners = ['tenant1', 'tenant2', 'admin']
  3578. visibilities = ['community', 'private', 'public', 'shared']
  3579. image_fixture = []
  3580. for owner in owners:
  3581. for visibility in visibilities:
  3582. path = self._url('/v2/images')
  3583. headers = self._headers({
  3584. 'content-type': 'application/json',
  3585. 'X-Auth-Token': 'createuser:%s:admin' % owner,
  3586. })
  3587. data = jsonutils.dumps({
  3588. 'name': '%s-%s' % (owner, visibility),
  3589. 'visibility': visibility,
  3590. })
  3591. response = requests.post(path, headers=headers, data=data)
  3592. self.assertEqual(http.CREATED, response.status_code)
  3593. image_fixture.append(jsonutils.loads(response.text))
  3594. # Image list should contain 6 images for tenant1
  3595. path = self._url('/v2/images')
  3596. response = requests.get(path, headers=get_header('tenant1'))
  3597. self.assertEqual(http.OK, response.status_code)
  3598. images = jsonutils.loads(response.text)['images']
  3599. self.assertEqual(6, len(images))
  3600. # Image list should contain 3 images for TENANT3
  3601. path = self._url('/v2/images')
  3602. response = requests.get(path, headers=get_header(TENANT3))
  3603. self.assertEqual(http.OK, response.status_code)
  3604. images = jsonutils.loads(response.text)['images']
  3605. self.assertEqual(3, len(images))
  3606. # Add Image member for tenant1-shared image
  3607. path = self._url('/v2/images/%s/members' % image_fixture[3]['id'])
  3608. body = jsonutils.dumps({'member': TENANT3})
  3609. response = requests.post(path, headers=get_header('tenant1'),
  3610. data=body)
  3611. self.assertEqual(http.OK, response.status_code)
  3612. image_member = jsonutils.loads(response.text)
  3613. self.assertEqual(image_fixture[3]['id'], image_member['image_id'])
  3614. self.assertEqual(TENANT3, image_member['member_id'])
  3615. self.assertIn('created_at', image_member)
  3616. self.assertIn('updated_at', image_member)
  3617. self.assertEqual('pending', image_member['status'])
  3618. # Image list should contain 3 images for TENANT3
  3619. path = self._url('/v2/images')
  3620. response = requests.get(path, headers=get_header(TENANT3))
  3621. self.assertEqual(http.OK, response.status_code)
  3622. images = jsonutils.loads(response.text)['images']
  3623. self.assertEqual(3, len(images))
  3624. # Image list should contain 0 shared images for TENANT3
  3625. # because default is accepted
  3626. path = self._url('/v2/images?visibility=shared')
  3627. response = requests.get(path, headers=get_header(TENANT3))
  3628. self.assertEqual(http.OK, response.status_code)
  3629. images = jsonutils.loads(response.text)['images']
  3630. self.assertEqual(0, len(images))
  3631. # Image list should contain 4 images for TENANT3 with status pending
  3632. path = self._url('/v2/images?member_status=pending')
  3633. response = requests.get(path, headers=get_header(TENANT3))
  3634. self.assertEqual(http.OK, response.status_code)
  3635. images = jsonutils.loads(response.text)['images']
  3636. self.assertEqual(4, len(images))
  3637. # Image list should contain 4 images for TENANT3 with status all
  3638. path = self._url('/v2/images?member_status=all')
  3639. response = requests.get(path, headers=get_header(TENANT3))
  3640. self.assertEqual(http.OK, response.status_code)
  3641. images = jsonutils.loads(response.text)['images']
  3642. self.assertEqual(4, len(images))
  3643. # Image list should contain 1 image for TENANT3 with status pending
  3644. # and visibility shared
  3645. path = self._url('/v2/images?member_status=pending&visibility=shared')
  3646. response = requests.get(path, headers=get_header(TENANT3))
  3647. self.assertEqual(http.OK, response.status_code)
  3648. images = jsonutils.loads(response.text)['images']
  3649. self.assertEqual(1, len(images))
  3650. self.assertEqual(images[0]['name'], 'tenant1-shared')
  3651. # Image list should contain 0 image for TENANT3 with status rejected
  3652. # and visibility shared
  3653. path = self._url('/v2/images?member_status=rejected&visibility=shared')
  3654. response = requests.get(path, headers=get_header(TENANT3))
  3655. self.assertEqual(http.OK, response.status_code)
  3656. images = jsonutils.loads(response.text)['images']
  3657. self.assertEqual(0, len(images))
  3658. # Image list should contain 0 image for TENANT3 with status accepted
  3659. # and visibility shared
  3660. path = self._url('/v2/images?member_status=accepted&visibility=shared')
  3661. response = requests.get(path, headers=get_header(TENANT3))
  3662. self.assertEqual(http.OK, response.status_code)
  3663. images = jsonutils.loads(response.text)['images']
  3664. self.assertEqual(0, len(images))
  3665. # Image list should contain 0 image for TENANT3 with status accepted
  3666. # and visibility private
  3667. path = self._url('/v2/images?visibility=private')
  3668. response = requests.get(path, headers=get_header(TENANT3))
  3669. self.assertEqual(http.OK, response.status_code)
  3670. images = jsonutils.loads(response.text)['images']
  3671. self.assertEqual(0, len(images))
  3672. # Image tenant2-shared's image members list should contain no members
  3673. path = self._url('/v2/images/%s/members' % image_fixture[7]['id'])
  3674. response = requests.get(path, headers=get_header('tenant2'))
  3675. self.assertEqual(http.OK, response.status_code)
  3676. body = jsonutils.loads(response.text)
  3677. self.assertEqual(0, len(body['members']))
  3678. # Tenant 1, who is the owner cannot change status of image member
  3679. path = self._url('/v2/images/%s/members/%s' % (image_fixture[3]['id'],
  3680. TENANT3))
  3681. body = jsonutils.dumps({'status': 'accepted'})
  3682. response = requests.put(path, headers=get_header('tenant1'), data=body)
  3683. self.assertEqual(http.FORBIDDEN, response.status_code)
  3684. # Tenant 1, who is the owner can get status of its own image member
  3685. path = self._url('/v2/images/%s/members/%s' % (image_fixture[3]['id'],
  3686. TENANT3))
  3687. response = requests.get(path, headers=get_header('tenant1'))
  3688. self.assertEqual(http.OK, response.status_code)
  3689. body = jsonutils.loads(response.text)
  3690. self.assertEqual('pending', body['status'])
  3691. self.assertEqual(image_fixture[3]['id'], body['image_id'])
  3692. self.assertEqual(TENANT3, body['member_id'])
  3693. # Tenant 3, who is the member can get status of its own status
  3694. path = self._url('/v2/images/%s/members/%s' % (image_fixture[3]['id'],
  3695. TENANT3))
  3696. response = requests.get(path, headers=get_header(TENANT3))
  3697. self.assertEqual(http.OK, response.status_code)
  3698. body = jsonutils.loads(response.text)
  3699. self.assertEqual('pending', body['status'])
  3700. self.assertEqual(image_fixture[3]['id'], body['image_id'])
  3701. self.assertEqual(TENANT3, body['member_id'])
  3702. # Tenant 2, who not the owner cannot get status of image member
  3703. path = self._url('/v2/images/%s/members/%s' % (image_fixture[3]['id'],
  3704. TENANT3))
  3705. response = requests.get(path, headers=get_header('tenant2'))
  3706. self.assertEqual(http.NOT_FOUND, response.status_code)
  3707. # Tenant 3 can change status of image member
  3708. path = self._url('/v2/images/%s/members/%s' % (image_fixture[3]['id'],
  3709. TENANT3))
  3710. body = jsonutils.dumps({'status': 'accepted'})
  3711. response = requests.put(path, headers=get_header(TENANT3), data=body)
  3712. self.assertEqual(http.OK, response.status_code)
  3713. image_member = jsonutils.loads(response.text)
  3714. self.assertEqual(image_fixture[3]['id'], image_member['image_id'])
  3715. self.assertEqual(TENANT3, image_member['member_id'])
  3716. self.assertEqual('accepted', image_member['status'])
  3717. # Image list should contain 4 images for TENANT3 because status is
  3718. # accepted
  3719. path = self._url('/v2/images')
  3720. response = requests.get(path, headers=get_header(TENANT3))
  3721. self.assertEqual(http.OK, response.status_code)
  3722. images = jsonutils.loads(response.text)['images']
  3723. self.assertEqual(4, len(images))
  3724. # Tenant 3 invalid status change
  3725. path = self._url('/v2/images/%s/members/%s' % (image_fixture[3]['id'],
  3726. TENANT3))
  3727. body = jsonutils.dumps({'status': 'invalid-status'})
  3728. response = requests.put(path, headers=get_header(TENANT3), data=body)
  3729. self.assertEqual(http.BAD_REQUEST, response.status_code)
  3730. # Owner cannot change status of image
  3731. path = self._url('/v2/images/%s/members/%s' % (image_fixture[3]['id'],
  3732. TENANT3))
  3733. body = jsonutils.dumps({'status': 'accepted'})
  3734. response = requests.put(path, headers=get_header('tenant1'), data=body)
  3735. self.assertEqual(http.FORBIDDEN, response.status_code)
  3736. # Add Image member for tenant2-shared image
  3737. path = self._url('/v2/images/%s/members' % image_fixture[7]['id'])
  3738. body = jsonutils.dumps({'member': TENANT4})
  3739. response = requests.post(path, headers=get_header('tenant2'),
  3740. data=body)
  3741. self.assertEqual(http.OK, response.status_code)
  3742. image_member = jsonutils.loads(response.text)
  3743. self.assertEqual(image_fixture[7]['id'], image_member['image_id'])
  3744. self.assertEqual(TENANT4, image_member['member_id'])
  3745. self.assertIn('created_at', image_member)
  3746. self.assertIn('updated_at', image_member)
  3747. # Add Image member to public image
  3748. path = self._url('/v2/images/%s/members' % image_fixture[2]['id'])
  3749. body = jsonutils.dumps({'member': TENANT2})
  3750. response = requests.post(path, headers=get_header('tenant1'),
  3751. data=body)
  3752. self.assertEqual(http.FORBIDDEN, response.status_code)
  3753. # Add Image member to private image
  3754. path = self._url('/v2/images/%s/members' % image_fixture[1]['id'])
  3755. body = jsonutils.dumps({'member': TENANT2})
  3756. response = requests.post(path, headers=get_header('tenant1'),
  3757. data=body)
  3758. self.assertEqual(http.FORBIDDEN, response.status_code)
  3759. # Add Image member to community image
  3760. path = self._url('/v2/images/%s/members' % image_fixture[0]['id'])
  3761. body = jsonutils.dumps({'member': TENANT2})
  3762. response = requests.post(path, headers=get_header('tenant1'),
  3763. data=body)
  3764. self.assertEqual(http.FORBIDDEN, response.status_code)
  3765. # Image tenant1-shared's members list should contain 1 member
  3766. path = self._url('/v2/images/%s/members' % image_fixture[3]['id'])
  3767. response = requests.get(path, headers=get_header('tenant1'))
  3768. self.assertEqual(http.OK, response.status_code)
  3769. body = jsonutils.loads(response.text)
  3770. self.assertEqual(1, len(body['members']))
  3771. # Admin can see any members
  3772. path = self._url('/v2/images/%s/members' % image_fixture[3]['id'])
  3773. response = requests.get(path, headers=get_header('tenant1', 'admin'))
  3774. self.assertEqual(http.OK, response.status_code)
  3775. body = jsonutils.loads(response.text)
  3776. self.assertEqual(1, len(body['members']))
  3777. # Image members not found for private image not owned by TENANT 1
  3778. path = self._url('/v2/images/%s/members' % image_fixture[7]['id'])
  3779. response = requests.get(path, headers=get_header('tenant1'))
  3780. self.assertEqual(http.NOT_FOUND, response.status_code)
  3781. # Image members forbidden for public image
  3782. path = self._url('/v2/images/%s/members' % image_fixture[2]['id'])
  3783. response = requests.get(path, headers=get_header('tenant1'))
  3784. self.assertIn("Only shared images have members", response.text)
  3785. self.assertEqual(http.FORBIDDEN, response.status_code)
  3786. # Image members forbidden for community image
  3787. path = self._url('/v2/images/%s/members' % image_fixture[0]['id'])
  3788. response = requests.get(path, headers=get_header('tenant1'))
  3789. self.assertIn("Only shared images have members", response.text)
  3790. self.assertEqual(http.FORBIDDEN, response.status_code)
  3791. # Image members forbidden for private image
  3792. path = self._url('/v2/images/%s/members' % image_fixture[1]['id'])
  3793. response = requests.get(path, headers=get_header('tenant1'))
  3794. self.assertIn("Only shared images have members", response.text)
  3795. self.assertEqual(http.FORBIDDEN, response.status_code)
  3796. # Image Member Cannot delete Image membership
  3797. path = self._url('/v2/images/%s/members/%s' % (image_fixture[3]['id'],
  3798. TENANT3))
  3799. response = requests.delete(path, headers=get_header(TENANT3))
  3800. self.assertEqual(http.FORBIDDEN, response.status_code)
  3801. # Delete Image member
  3802. path = self._url('/v2/images/%s/members/%s' % (image_fixture[3]['id'],
  3803. TENANT3))
  3804. response = requests.delete(path, headers=get_header('tenant1'))
  3805. self.assertEqual(http.NO_CONTENT, response.status_code)
  3806. # Now the image has no members
  3807. path = self._url('/v2/images/%s/members' % image_fixture[3]['id'])
  3808. response = requests.get(path, headers=get_header('tenant1'))
  3809. self.assertEqual(http.OK, response.status_code)
  3810. body = jsonutils.loads(response.text)
  3811. self.assertEqual(0, len(body['members']))
  3812. # Adding 11 image members should fail since configured limit is 10
  3813. path = self._url('/v2/images/%s/members' % image_fixture[3]['id'])
  3814. for i in range(10):
  3815. body = jsonutils.dumps({'member': str(uuid.uuid4())})
  3816. response = requests.post(path, headers=get_header('tenant1'),
  3817. data=body)
  3818. self.assertEqual(http.OK, response.status_code)
  3819. body = jsonutils.dumps({'member': str(uuid.uuid4())})
  3820. response = requests.post(path, headers=get_header('tenant1'),
  3821. data=body)
  3822. self.assertEqual(http.REQUEST_ENTITY_TOO_LARGE, response.status_code)
  3823. # Get Image member should return not found for public image
  3824. path = self._url('/v2/images/%s/members/%s' % (image_fixture[2]['id'],
  3825. TENANT3))
  3826. response = requests.get(path, headers=get_header('tenant1'))
  3827. self.assertEqual(http.NOT_FOUND, response.status_code)
  3828. # Get Image member should return not found for community image
  3829. path = self._url('/v2/images/%s/members/%s' % (image_fixture[0]['id'],
  3830. TENANT3))
  3831. response = requests.get(path, headers=get_header('tenant1'))
  3832. self.assertEqual(http.NOT_FOUND, response.status_code)
  3833. # Get Image member should return not found for private image
  3834. path = self._url('/v2/images/%s/members/%s' % (image_fixture[1]['id'],
  3835. TENANT3))
  3836. response = requests.get(path, headers=get_header('tenant1'))
  3837. self.assertEqual(http.NOT_FOUND, response.status_code)
  3838. # Delete Image member should return forbidden for public image
  3839. path = self._url('/v2/images/%s/members/%s' % (image_fixture[2]['id'],
  3840. TENANT3))
  3841. response = requests.delete(path, headers=get_header('tenant1'))
  3842. self.assertEqual(http.FORBIDDEN, response.status_code)
  3843. # Delete Image member should return forbidden for community image
  3844. path = self._url('/v2/images/%s/members/%s' % (image_fixture[0]['id'],
  3845. TENANT3))
  3846. response = requests.delete(path, headers=get_header('tenant1'))
  3847. self.assertEqual(http.FORBIDDEN, response.status_code)
  3848. # Delete Image member should return forbidden for private image
  3849. path = self._url('/v2/images/%s/members/%s' % (image_fixture[1]['id'],
  3850. TENANT3))
  3851. response = requests.delete(path, headers=get_header('tenant1'))
  3852. self.assertEqual(http.FORBIDDEN, response.status_code)
  3853. self.stop_servers()
  3854. class TestImageMembersWithRegistry(TestImageMembers):
  3855. def setUp(self):
  3856. super(TestImageMembersWithRegistry, self).setUp()
  3857. self.api_server.data_api = (
  3858. 'glance.tests.functional.v2.registry_data_api')
  3859. self.registry_server.deployment_flavor = 'trusted-auth'
  3860. class TestQuotas(functional.FunctionalTest):
  3861. def setUp(self):
  3862. super(TestQuotas, self).setUp()
  3863. self.cleanup()
  3864. self.include_scrubber = False
  3865. self.api_server.deployment_flavor = 'noauth'
  3866. self.registry_server.deployment_flavor = 'trusted-auth'
  3867. self.user_storage_quota = 100
  3868. self.start_servers(**self.__dict__.copy())
  3869. def _url(self, path):
  3870. return 'http://127.0.0.1:%d%s' % (self.api_port, path)
  3871. def _headers(self, custom_headers=None):
  3872. base_headers = {
  3873. 'X-Identity-Status': 'Confirmed',
  3874. 'X-Auth-Token': '932c5c84-02ac-4fe5-a9ba-620af0e2bb96',
  3875. 'X-User-Id': 'f9a41d13-0c13-47e9-bee2-ce4e8bfe958e',
  3876. 'X-Tenant-Id': TENANT1,
  3877. 'X-Roles': 'member',
  3878. }
  3879. base_headers.update(custom_headers or {})
  3880. return base_headers
  3881. def _upload_image_test(self, data_src, expected_status):
  3882. # Image list should be empty
  3883. path = self._url('/v2/images')
  3884. response = requests.get(path, headers=self._headers())
  3885. self.assertEqual(http.OK, response.status_code)
  3886. images = jsonutils.loads(response.text)['images']
  3887. self.assertEqual(0, len(images))
  3888. # Create an image (with a deployer-defined property)
  3889. path = self._url('/v2/images')
  3890. headers = self._headers({'content-type': 'application/json'})
  3891. data = jsonutils.dumps({'name': 'testimg',
  3892. 'type': 'kernel',
  3893. 'foo': 'bar',
  3894. 'disk_format': 'aki',
  3895. 'container_format': 'aki'})
  3896. response = requests.post(path, headers=headers, data=data)
  3897. self.assertEqual(http.CREATED, response.status_code)
  3898. image = jsonutils.loads(response.text)
  3899. image_id = image['id']
  3900. # upload data
  3901. path = self._url('/v2/images/%s/file' % image_id)
  3902. headers = self._headers({'Content-Type': 'application/octet-stream'})
  3903. response = requests.put(path, headers=headers, data=data_src)
  3904. self.assertEqual(expected_status, response.status_code)
  3905. # Deletion should work
  3906. path = self._url('/v2/images/%s' % image_id)
  3907. response = requests.delete(path, headers=self._headers())
  3908. self.assertEqual(http.NO_CONTENT, response.status_code)
  3909. def test_image_upload_under_quota(self):
  3910. data = b'x' * (self.user_storage_quota - 1)
  3911. self._upload_image_test(data, http.NO_CONTENT)
  3912. def test_image_upload_exceed_quota(self):
  3913. data = b'x' * (self.user_storage_quota + 1)
  3914. self._upload_image_test(data, http.REQUEST_ENTITY_TOO_LARGE)
  3915. def test_chunked_image_upload_under_quota(self):
  3916. def data_gen():
  3917. yield b'x' * (self.user_storage_quota - 1)
  3918. self._upload_image_test(data_gen(), http.NO_CONTENT)
  3919. def test_chunked_image_upload_exceed_quota(self):
  3920. def data_gen():
  3921. yield b'x' * (self.user_storage_quota + 1)
  3922. self._upload_image_test(data_gen(), http.REQUEST_ENTITY_TOO_LARGE)
  3923. class TestQuotasWithRegistry(TestQuotas):
  3924. def setUp(self):
  3925. super(TestQuotasWithRegistry, self).setUp()
  3926. self.api_server.data_api = (
  3927. 'glance.tests.functional.v2.registry_data_api')
  3928. self.registry_server.deployment_flavor = 'trusted-auth'
  3929. class TestImagesMultipleBackend(functional.MultipleBackendFunctionalTest):
  3930. def setUp(self):
  3931. super(TestImagesMultipleBackend, self).setUp()
  3932. self.cleanup()
  3933. self.include_scrubber = False
  3934. self.api_server_multiple_backend.deployment_flavor = 'noauth'
  3935. self.api_server_multiple_backend.data_api = 'glance.db.sqlalchemy.api'
  3936. for i in range(3):
  3937. ret = test_utils.start_http_server("foo_image_id%d" % i,
  3938. "foo_image%d" % i)
  3939. setattr(self, 'http_server%d_pid' % i, ret[0])
  3940. setattr(self, 'http_port%d' % i, ret[1])
  3941. def tearDown(self):
  3942. for i in range(3):
  3943. pid = getattr(self, 'http_server%d_pid' % i, None)
  3944. if pid:
  3945. os.kill(pid, signal.SIGKILL)
  3946. super(TestImagesMultipleBackend, self).tearDown()
  3947. def _url(self, path):
  3948. return 'http://127.0.0.1:%d%s' % (self.api_port, path)
  3949. def _headers(self, custom_headers=None):
  3950. base_headers = {
  3951. 'X-Identity-Status': 'Confirmed',
  3952. 'X-Auth-Token': '932c5c84-02ac-4fe5-a9ba-620af0e2bb96',
  3953. 'X-User-Id': 'f9a41d13-0c13-47e9-bee2-ce4e8bfe958e',
  3954. 'X-Tenant-Id': TENANT1,
  3955. 'X-Roles': 'member',
  3956. }
  3957. base_headers.update(custom_headers or {})
  3958. return base_headers
  3959. def test_image_import_using_glance_direct(self):
  3960. self.start_servers(**self.__dict__.copy())
  3961. # Image list should be empty
  3962. path = self._url('/v2/images')
  3963. response = requests.get(path, headers=self._headers())
  3964. self.assertEqual(http.OK, response.status_code)
  3965. images = jsonutils.loads(response.text)['images']
  3966. self.assertEqual(0, len(images))
  3967. # glance-direct should be available in discovery response
  3968. path = self._url('/v2/info/import')
  3969. response = requests.get(path, headers=self._headers())
  3970. self.assertEqual(http.OK, response.status_code)
  3971. discovery_calls = jsonutils.loads(
  3972. response.text)['import-methods']['value']
  3973. self.assertIn("glance-direct", discovery_calls)
  3974. # file1 and file2 should be available in discovery response
  3975. available_stores = ['file1', 'file2']
  3976. path = self._url('/v2/info/stores')
  3977. response = requests.get(path, headers=self._headers())
  3978. self.assertEqual(http.OK, response.status_code)
  3979. discovery_calls = jsonutils.loads(
  3980. response.text)['stores']
  3981. for stores in discovery_calls:
  3982. self.assertIn('id', stores)
  3983. self.assertIn(stores['id'], available_stores)
  3984. # Create an image
  3985. path = self._url('/v2/images')
  3986. headers = self._headers({'content-type': 'application/json'})
  3987. data = jsonutils.dumps({'name': 'image-1', 'type': 'kernel',
  3988. 'disk_format': 'aki',
  3989. 'container_format': 'aki'})
  3990. response = requests.post(path, headers=headers, data=data)
  3991. self.assertEqual(http.CREATED, response.status_code)
  3992. # Check 'OpenStack-image-store-ids' header present in response
  3993. self.assertIn('OpenStack-image-store-ids', response.headers)
  3994. for store in available_stores:
  3995. self.assertIn(store, response.headers['OpenStack-image-store-ids'])
  3996. # Returned image entity should have a generated id and status
  3997. image = jsonutils.loads(response.text)
  3998. image_id = image['id']
  3999. checked_keys = set([
  4000. u'status',
  4001. u'name',
  4002. u'tags',
  4003. u'created_at',
  4004. u'updated_at',
  4005. u'visibility',
  4006. u'self',
  4007. u'protected',
  4008. u'id',
  4009. u'file',
  4010. u'min_disk',
  4011. u'type',
  4012. u'min_ram',
  4013. u'schema',
  4014. u'disk_format',
  4015. u'container_format',
  4016. u'owner',
  4017. u'checksum',
  4018. u'size',
  4019. u'virtual_size',
  4020. u'os_hidden',
  4021. u'os_hash_algo',
  4022. u'os_hash_value'
  4023. ])
  4024. self.assertEqual(checked_keys, set(image.keys()))
  4025. expected_image = {
  4026. 'status': 'queued',
  4027. 'name': 'image-1',
  4028. 'tags': [],
  4029. 'visibility': 'shared',
  4030. 'self': '/v2/images/%s' % image_id,
  4031. 'protected': False,
  4032. 'file': '/v2/images/%s/file' % image_id,
  4033. 'min_disk': 0,
  4034. 'type': 'kernel',
  4035. 'min_ram': 0,
  4036. 'schema': '/v2/schemas/image',
  4037. }
  4038. for key, value in expected_image.items():
  4039. self.assertEqual(value, image[key], key)
  4040. # Image list should now have one entry
  4041. path = self._url('/v2/images')
  4042. response = requests.get(path, headers=self._headers())
  4043. self.assertEqual(http.OK, response.status_code)
  4044. images = jsonutils.loads(response.text)['images']
  4045. self.assertEqual(1, len(images))
  4046. self.assertEqual(image_id, images[0]['id'])
  4047. def _verify_image_checksum_and_status(checksum=None, status=None):
  4048. # Checksum should be populated and status should be active
  4049. path = self._url('/v2/images/%s' % image_id)
  4050. response = requests.get(path, headers=self._headers())
  4051. self.assertEqual(http.OK, response.status_code)
  4052. image = jsonutils.loads(response.text)
  4053. self.assertEqual(checksum, image['checksum'])
  4054. self.assertEqual(status, image['status'])
  4055. # Upload some image data to staging area
  4056. path = self._url('/v2/images/%s/stage' % image_id)
  4057. headers = self._headers({'Content-Type': 'application/octet-stream'})
  4058. response = requests.put(path, headers=headers, data='ZZZZZ')
  4059. self.assertEqual(http.NO_CONTENT, response.status_code)
  4060. # Verify image is in uploading state and checksum is None
  4061. _verify_image_checksum_and_status(status='uploading')
  4062. # Import image to store
  4063. path = self._url('/v2/images/%s/import' % image_id)
  4064. headers = self._headers({
  4065. 'content-type': 'application/json',
  4066. 'X-Roles': 'admin',
  4067. })
  4068. data = jsonutils.dumps({'method': {
  4069. 'name': 'glance-direct'
  4070. }})
  4071. response = requests.post(path, headers=headers, data=data)
  4072. self.assertEqual(http.ACCEPTED, response.status_code)
  4073. # Verify image is in active state and checksum is set
  4074. # NOTE(abhishekk): As import is a async call we need to provide
  4075. # some timelap to complete the call.
  4076. path = self._url('/v2/images/%s' % image_id)
  4077. func_utils.wait_for_status(request_path=path,
  4078. request_headers=self._headers(),
  4079. status='active',
  4080. max_sec=2,
  4081. delay_sec=0.2)
  4082. _verify_image_checksum_and_status(
  4083. checksum='8f113e38d28a79a5a451b16048cc2b72',
  4084. status='active')
  4085. # Ensure the size is updated to reflect the data uploaded
  4086. path = self._url('/v2/images/%s' % image_id)
  4087. response = requests.get(path, headers=self._headers())
  4088. self.assertEqual(http.OK, response.status_code)
  4089. self.assertEqual(5, jsonutils.loads(response.text)['size'])
  4090. # Ensure image is created in default backend
  4091. self.assertIn('file1', jsonutils.loads(response.text)['stores'])
  4092. # Deleting image should work
  4093. path = self._url('/v2/images/%s' % image_id)
  4094. response = requests.delete(path, headers=self._headers())
  4095. self.assertEqual(http.NO_CONTENT, response.status_code)
  4096. # Image list should now be empty
  4097. path = self._url('/v2/images')
  4098. response = requests.get(path, headers=self._headers())
  4099. self.assertEqual(http.OK, response.status_code)
  4100. images = jsonutils.loads(response.text)['images']
  4101. self.assertEqual(0, len(images))
  4102. self.stop_servers()
  4103. def test_image_import_using_glance_direct_different_backend(self):
  4104. self.start_servers(**self.__dict__.copy())
  4105. # Image list should be empty
  4106. path = self._url('/v2/images')
  4107. response = requests.get(path, headers=self._headers())
  4108. self.assertEqual(http.OK, response.status_code)
  4109. images = jsonutils.loads(response.text)['images']
  4110. self.assertEqual(0, len(images))
  4111. # glance-direct should be available in discovery response
  4112. path = self._url('/v2/info/import')
  4113. response = requests.get(path, headers=self._headers())
  4114. self.assertEqual(http.OK, response.status_code)
  4115. discovery_calls = jsonutils.loads(
  4116. response.text)['import-methods']['value']
  4117. self.assertIn("glance-direct", discovery_calls)
  4118. # file1 and file2 should be available in discovery response
  4119. available_stores = ['file1', 'file2']
  4120. path = self._url('/v2/info/stores')
  4121. response = requests.get(path, headers=self._headers())
  4122. self.assertEqual(http.OK, response.status_code)
  4123. discovery_calls = jsonutils.loads(
  4124. response.text)['stores']
  4125. for stores in discovery_calls:
  4126. self.assertIn('id', stores)
  4127. self.assertIn(stores['id'], available_stores)
  4128. # Create an image
  4129. path = self._url('/v2/images')
  4130. headers = self._headers({'content-type': 'application/json'})
  4131. data = jsonutils.dumps({'name': 'image-1', 'type': 'kernel',
  4132. 'disk_format': 'aki',
  4133. 'container_format': 'aki'})
  4134. response = requests.post(path, headers=headers, data=data)
  4135. self.assertEqual(http.CREATED, response.status_code)
  4136. # Check 'OpenStack-image-store-ids' header present in response
  4137. self.assertIn('OpenStack-image-store-ids', response.headers)
  4138. for store in available_stores:
  4139. self.assertIn(store, response.headers['OpenStack-image-store-ids'])
  4140. # Returned image entity should have a generated id and status
  4141. image = jsonutils.loads(response.text)
  4142. image_id = image['id']
  4143. checked_keys = set([
  4144. u'status',
  4145. u'name',
  4146. u'tags',
  4147. u'created_at',
  4148. u'updated_at',
  4149. u'visibility',
  4150. u'self',
  4151. u'protected',
  4152. u'id',
  4153. u'file',
  4154. u'min_disk',
  4155. u'type',
  4156. u'min_ram',
  4157. u'schema',
  4158. u'disk_format',
  4159. u'container_format',
  4160. u'owner',
  4161. u'checksum',
  4162. u'size',
  4163. u'virtual_size',
  4164. u'os_hidden',
  4165. u'os_hash_algo',
  4166. u'os_hash_value'
  4167. ])
  4168. self.assertEqual(checked_keys, set(image.keys()))
  4169. expected_image = {
  4170. 'status': 'queued',
  4171. 'name': 'image-1',
  4172. 'tags': [],
  4173. 'visibility': 'shared',
  4174. 'self': '/v2/images/%s' % image_id,
  4175. 'protected': False,
  4176. 'file': '/v2/images/%s/file' % image_id,
  4177. 'min_disk': 0,
  4178. 'type': 'kernel',
  4179. 'min_ram': 0,
  4180. 'schema': '/v2/schemas/image',
  4181. }
  4182. for key, value in expected_image.items():
  4183. self.assertEqual(value, image[key], key)
  4184. # Image list should now have one entry
  4185. path = self._url('/v2/images')
  4186. response = requests.get(path, headers=self._headers())
  4187. self.assertEqual(http.OK, response.status_code)
  4188. images = jsonutils.loads(response.text)['images']
  4189. self.assertEqual(1, len(images))
  4190. self.assertEqual(image_id, images[0]['id'])
  4191. def _verify_image_checksum_and_status(checksum=None, status=None):
  4192. # Checksum should be populated and status should be active
  4193. path = self._url('/v2/images/%s' % image_id)
  4194. response = requests.get(path, headers=self._headers())
  4195. self.assertEqual(http.OK, response.status_code)
  4196. image = jsonutils.loads(response.text)
  4197. self.assertEqual(checksum, image['checksum'])
  4198. self.assertEqual(status, image['status'])
  4199. # Upload some image data to staging area
  4200. path = self._url('/v2/images/%s/stage' % image_id)
  4201. headers = self._headers({'Content-Type': 'application/octet-stream'})
  4202. response = requests.put(path, headers=headers, data='ZZZZZ')
  4203. self.assertEqual(http.NO_CONTENT, response.status_code)
  4204. # Verify image is in uploading state and checksum is None
  4205. _verify_image_checksum_and_status(status='uploading')
  4206. # Import image to file2 store (other than default backend)
  4207. path = self._url('/v2/images/%s/import' % image_id)
  4208. headers = self._headers({
  4209. 'content-type': 'application/json',
  4210. 'X-Roles': 'admin',
  4211. 'X-Image-Meta-Store': 'file2'
  4212. })
  4213. data = jsonutils.dumps({'method': {
  4214. 'name': 'glance-direct'
  4215. }})
  4216. response = requests.post(path, headers=headers, data=data)
  4217. self.assertEqual(http.ACCEPTED, response.status_code)
  4218. # Verify image is in active state and checksum is set
  4219. # NOTE(abhishekk): As import is a async call we need to provide
  4220. # some timelap to complete the call.
  4221. path = self._url('/v2/images/%s' % image_id)
  4222. func_utils.wait_for_status(request_path=path,
  4223. request_headers=self._headers(),
  4224. status='active',
  4225. max_sec=2,
  4226. delay_sec=0.2)
  4227. _verify_image_checksum_and_status(
  4228. checksum='8f113e38d28a79a5a451b16048cc2b72',
  4229. status='active')
  4230. # Ensure the size is updated to reflect the data uploaded
  4231. path = self._url('/v2/images/%s' % image_id)
  4232. response = requests.get(path, headers=self._headers())
  4233. self.assertEqual(http.OK, response.status_code)
  4234. self.assertEqual(5, jsonutils.loads(response.text)['size'])
  4235. # Ensure image is created in different backend
  4236. self.assertIn('file2', jsonutils.loads(response.text)['stores'])
  4237. # Deleting image should work
  4238. path = self._url('/v2/images/%s' % image_id)
  4239. response = requests.delete(path, headers=self._headers())
  4240. self.assertEqual(http.NO_CONTENT, response.status_code)
  4241. # Image list should now be empty
  4242. path = self._url('/v2/images')
  4243. response = requests.get(path, headers=self._headers())
  4244. self.assertEqual(http.OK, response.status_code)
  4245. images = jsonutils.loads(response.text)['images']
  4246. self.assertEqual(0, len(images))
  4247. self.stop_servers()
  4248. def test_image_import_using_web_download(self):
  4249. self.config(node_staging_uri="file:///tmp/staging/")
  4250. self.start_servers(**self.__dict__.copy())
  4251. # Image list should be empty
  4252. path = self._url('/v2/images')
  4253. response = requests.get(path, headers=self._headers())
  4254. self.assertEqual(http.OK, response.status_code)
  4255. images = jsonutils.loads(response.text)['images']
  4256. self.assertEqual(0, len(images))
  4257. # web-download should be available in discovery response
  4258. path = self._url('/v2/info/import')
  4259. response = requests.get(path, headers=self._headers())
  4260. self.assertEqual(http.OK, response.status_code)
  4261. discovery_calls = jsonutils.loads(
  4262. response.text)['import-methods']['value']
  4263. self.assertIn("web-download", discovery_calls)
  4264. # file1 and file2 should be available in discovery response
  4265. available_stores = ['file1', 'file2']
  4266. path = self._url('/v2/info/stores')
  4267. response = requests.get(path, headers=self._headers())
  4268. self.assertEqual(http.OK, response.status_code)
  4269. discovery_calls = jsonutils.loads(
  4270. response.text)['stores']
  4271. for stores in discovery_calls:
  4272. self.assertIn('id', stores)
  4273. self.assertIn(stores['id'], available_stores)
  4274. # Create an image
  4275. path = self._url('/v2/images')
  4276. headers = self._headers({'content-type': 'application/json'})
  4277. data = jsonutils.dumps({'name': 'image-1', 'type': 'kernel',
  4278. 'disk_format': 'aki',
  4279. 'container_format': 'aki'})
  4280. response = requests.post(path, headers=headers, data=data)
  4281. self.assertEqual(http.CREATED, response.status_code)
  4282. # Check 'OpenStack-image-store-ids' header present in response
  4283. self.assertIn('OpenStack-image-store-ids', response.headers)
  4284. for store in available_stores:
  4285. self.assertIn(store, response.headers['OpenStack-image-store-ids'])
  4286. # Returned image entity should have a generated id and status
  4287. image = jsonutils.loads(response.text)
  4288. image_id = image['id']
  4289. checked_keys = set([
  4290. u'status',
  4291. u'name',
  4292. u'tags',
  4293. u'created_at',
  4294. u'updated_at',
  4295. u'visibility',
  4296. u'self',
  4297. u'protected',
  4298. u'id',
  4299. u'file',
  4300. u'min_disk',
  4301. u'type',
  4302. u'min_ram',
  4303. u'schema',
  4304. u'disk_format',
  4305. u'container_format',
  4306. u'owner',
  4307. u'checksum',
  4308. u'size',
  4309. u'virtual_size',
  4310. u'os_hidden',
  4311. u'os_hash_algo',
  4312. u'os_hash_value'
  4313. ])
  4314. self.assertEqual(checked_keys, set(image.keys()))
  4315. expected_image = {
  4316. 'status': 'queued',
  4317. 'name': 'image-1',
  4318. 'tags': [],
  4319. 'visibility': 'shared',
  4320. 'self': '/v2/images/%s' % image_id,
  4321. 'protected': False,
  4322. 'file': '/v2/images/%s/file' % image_id,
  4323. 'min_disk': 0,
  4324. 'type': 'kernel',
  4325. 'min_ram': 0,
  4326. 'schema': '/v2/schemas/image',
  4327. }
  4328. for key, value in expected_image.items():
  4329. self.assertEqual(value, image[key], key)
  4330. # Image list should now have one entry
  4331. path = self._url('/v2/images')
  4332. response = requests.get(path, headers=self._headers())
  4333. self.assertEqual(http.OK, response.status_code)
  4334. images = jsonutils.loads(response.text)['images']
  4335. self.assertEqual(1, len(images))
  4336. self.assertEqual(image_id, images[0]['id'])
  4337. def _verify_image_checksum_and_status(checksum=None, status=None):
  4338. # Checksum should be populated and status should be active
  4339. path = self._url('/v2/images/%s' % image_id)
  4340. response = requests.get(path, headers=self._headers())
  4341. self.assertEqual(http.OK, response.status_code)
  4342. image = jsonutils.loads(response.text)
  4343. self.assertEqual(checksum, image['checksum'])
  4344. self.assertEqual(status, image['status'])
  4345. # Verify image is in queued state and checksum is None
  4346. _verify_image_checksum_and_status(status='queued')
  4347. # Import image to store
  4348. path = self._url('/v2/images/%s/import' % image_id)
  4349. headers = self._headers({
  4350. 'content-type': 'application/json',
  4351. 'X-Roles': 'admin',
  4352. })
  4353. data = jsonutils.dumps({'method': {
  4354. 'name': 'web-download',
  4355. 'uri': 'https://www.openstack.org/assets/openstack-logo/'
  4356. '2016R/OpenStack-Logo-Horizontal.eps.zip'
  4357. }})
  4358. response = requests.post(path, headers=headers, data=data)
  4359. self.assertEqual(http.ACCEPTED, response.status_code)
  4360. # Verify image is in active state and checksum is set
  4361. # NOTE(abhishekk): As import is a async call we need to provide
  4362. # some timelap to complete the call.
  4363. path = self._url('/v2/images/%s' % image_id)
  4364. func_utils.wait_for_status(request_path=path,
  4365. request_headers=self._headers(),
  4366. status='active',
  4367. max_sec=20,
  4368. delay_sec=0.2,
  4369. start_delay_sec=1)
  4370. _verify_image_checksum_and_status(
  4371. checksum='bcd65f8922f61a9e6a20572ad7aa2bdd',
  4372. status='active')
  4373. # Ensure image is created in default backend
  4374. path = self._url('/v2/images/%s' % image_id)
  4375. response = requests.get(path, headers=self._headers())
  4376. self.assertEqual(http.OK, response.status_code)
  4377. self.assertIn('file1', jsonutils.loads(response.text)['stores'])
  4378. # Deleting image should work
  4379. path = self._url('/v2/images/%s' % image_id)
  4380. response = requests.delete(path, headers=self._headers())
  4381. self.assertEqual(http.NO_CONTENT, response.status_code)
  4382. # Image list should now be empty
  4383. path = self._url('/v2/images')
  4384. response = requests.get(path, headers=self._headers())
  4385. self.assertEqual(http.OK, response.status_code)
  4386. images = jsonutils.loads(response.text)['images']
  4387. self.assertEqual(0, len(images))
  4388. self.stop_servers()
  4389. def test_image_import_using_web_download_different_backend(self):
  4390. self.config(node_staging_uri="file:///tmp/staging/")
  4391. self.start_servers(**self.__dict__.copy())
  4392. # Image list should be empty
  4393. path = self._url('/v2/images')
  4394. response = requests.get(path, headers=self._headers())
  4395. self.assertEqual(http.OK, response.status_code)
  4396. images = jsonutils.loads(response.text)['images']
  4397. self.assertEqual(0, len(images))
  4398. # web-download should be available in discovery response
  4399. path = self._url('/v2/info/import')
  4400. response = requests.get(path, headers=self._headers())
  4401. self.assertEqual(http.OK, response.status_code)
  4402. discovery_calls = jsonutils.loads(
  4403. response.text)['import-methods']['value']
  4404. self.assertIn("web-download", discovery_calls)
  4405. # file1 and file2 should be available in discovery response
  4406. available_stores = ['file1', 'file2']
  4407. path = self._url('/v2/info/stores')
  4408. response = requests.get(path, headers=self._headers())
  4409. self.assertEqual(http.OK, response.status_code)
  4410. discovery_calls = jsonutils.loads(
  4411. response.text)['stores']
  4412. for stores in discovery_calls:
  4413. self.assertIn('id', stores)
  4414. self.assertIn(stores['id'], available_stores)
  4415. # Create an image
  4416. path = self._url('/v2/images')
  4417. headers = self._headers({'content-type': 'application/json'})
  4418. data = jsonutils.dumps({'name': 'image-1', 'type': 'kernel',
  4419. 'disk_format': 'aki',
  4420. 'container_format': 'aki'})
  4421. response = requests.post(path, headers=headers, data=data)
  4422. self.assertEqual(http.CREATED, response.status_code)
  4423. # Check 'OpenStack-image-store-ids' header present in response
  4424. self.assertIn('OpenStack-image-store-ids', response.headers)
  4425. for store in available_stores:
  4426. self.assertIn(store, response.headers['OpenStack-image-store-ids'])
  4427. # Returned image entity should have a generated id and status
  4428. image = jsonutils.loads(response.text)
  4429. image_id = image['id']
  4430. checked_keys = set([
  4431. u'status',
  4432. u'name',
  4433. u'tags',
  4434. u'created_at',
  4435. u'updated_at',
  4436. u'visibility',
  4437. u'self',
  4438. u'protected',
  4439. u'id',
  4440. u'file',
  4441. u'min_disk',
  4442. u'type',
  4443. u'min_ram',
  4444. u'schema',
  4445. u'disk_format',
  4446. u'container_format',
  4447. u'owner',
  4448. u'checksum',
  4449. u'size',
  4450. u'virtual_size',
  4451. u'os_hidden',
  4452. u'os_hash_algo',
  4453. u'os_hash_value'
  4454. ])
  4455. self.assertEqual(checked_keys, set(image.keys()))
  4456. expected_image = {
  4457. 'status': 'queued',
  4458. 'name': 'image-1',
  4459. 'tags': [],
  4460. 'visibility': 'shared',
  4461. 'self': '/v2/images/%s' % image_id,
  4462. 'protected': False,
  4463. 'file': '/v2/images/%s/file' % image_id,
  4464. 'min_disk': 0,
  4465. 'type': 'kernel',
  4466. 'min_ram': 0,
  4467. 'schema': '/v2/schemas/image',
  4468. }
  4469. for key, value in expected_image.items():
  4470. self.assertEqual(value, image[key], key)
  4471. # Image list should now have one entry
  4472. path = self._url('/v2/images')
  4473. response = requests.get(path, headers=self._headers())
  4474. self.assertEqual(http.OK, response.status_code)
  4475. images = jsonutils.loads(response.text)['images']
  4476. self.assertEqual(1, len(images))
  4477. self.assertEqual(image_id, images[0]['id'])
  4478. def _verify_image_checksum_and_status(checksum=None, status=None):
  4479. # Checksum should be populated and status should be active
  4480. path = self._url('/v2/images/%s' % image_id)
  4481. response = requests.get(path, headers=self._headers())
  4482. self.assertEqual(http.OK, response.status_code)
  4483. image = jsonutils.loads(response.text)
  4484. self.assertEqual(checksum, image['checksum'])
  4485. self.assertEqual(status, image['status'])
  4486. # Verify image is in queued state and checksum is None
  4487. _verify_image_checksum_and_status(status='queued')
  4488. # Import image to store
  4489. path = self._url('/v2/images/%s/import' % image_id)
  4490. headers = self._headers({
  4491. 'content-type': 'application/json',
  4492. 'X-Roles': 'admin',
  4493. 'X-Image-Meta-Store': 'file2'
  4494. })
  4495. data = jsonutils.dumps({'method': {
  4496. 'name': 'web-download',
  4497. 'uri': 'https://www.openstack.org/assets/openstack-logo/'
  4498. '2016R/OpenStack-Logo-Horizontal.eps.zip'
  4499. }})
  4500. response = requests.post(path, headers=headers, data=data)
  4501. self.assertEqual(http.ACCEPTED, response.status_code)
  4502. # Verify image is in active state and checksum is set
  4503. # NOTE(abhishekk): As import is a async call we need to provide
  4504. # some timelap to complete the call.
  4505. path = self._url('/v2/images/%s' % image_id)
  4506. func_utils.wait_for_status(request_path=path,
  4507. request_headers=self._headers(),
  4508. status='active',
  4509. max_sec=20,
  4510. delay_sec=0.2,
  4511. start_delay_sec=1)
  4512. _verify_image_checksum_and_status(
  4513. checksum='bcd65f8922f61a9e6a20572ad7aa2bdd',
  4514. status='active')
  4515. # Ensure image is created in different backend
  4516. path = self._url('/v2/images/%s' % image_id)
  4517. response = requests.get(path, headers=self._headers())
  4518. self.assertEqual(http.OK, response.status_code)
  4519. self.assertIn('file2', jsonutils.loads(response.text)['stores'])
  4520. # Deleting image should work
  4521. path = self._url('/v2/images/%s' % image_id)
  4522. response = requests.delete(path, headers=self._headers())
  4523. self.assertEqual(http.NO_CONTENT, response.status_code)
  4524. # Image list should now be empty
  4525. path = self._url('/v2/images')
  4526. response = requests.get(path, headers=self._headers())
  4527. self.assertEqual(http.OK, response.status_code)
  4528. images = jsonutils.loads(response.text)['images']
  4529. self.assertEqual(0, len(images))
  4530. self.stop_servers()
  4531. def test_image_lifecycle(self):
  4532. # Image list should be empty
  4533. self.start_servers(**self.__dict__.copy())
  4534. path = self._url('/v2/images')
  4535. response = requests.get(path, headers=self._headers())
  4536. self.assertEqual(http.OK, response.status_code)
  4537. images = jsonutils.loads(response.text)['images']
  4538. self.assertEqual(0, len(images))
  4539. # file1 and file2 should be available in discovery response
  4540. available_stores = ['file1', 'file2']
  4541. path = self._url('/v2/info/stores')
  4542. response = requests.get(path, headers=self._headers())
  4543. self.assertEqual(http.OK, response.status_code)
  4544. discovery_calls = jsonutils.loads(
  4545. response.text)['stores']
  4546. for stores in discovery_calls:
  4547. self.assertIn('id', stores)
  4548. self.assertIn(stores['id'], available_stores)
  4549. # Create an image (with two deployer-defined properties)
  4550. path = self._url('/v2/images')
  4551. headers = self._headers({'content-type': 'application/json'})
  4552. data = jsonutils.dumps({'name': 'image-1', 'type': 'kernel',
  4553. 'foo': 'bar', 'disk_format': 'aki',
  4554. 'container_format': 'aki', 'abc': 'xyz',
  4555. 'protected': True})
  4556. response = requests.post(path, headers=headers, data=data)
  4557. self.assertEqual(http.CREATED, response.status_code)
  4558. # Check 'OpenStack-image-store-ids' header present in response
  4559. self.assertIn('OpenStack-image-store-ids', response.headers)
  4560. for store in available_stores:
  4561. self.assertIn(store, response.headers['OpenStack-image-store-ids'])
  4562. # Returned image entity should have a generated id and status
  4563. image = jsonutils.loads(response.text)
  4564. image_id = image['id']
  4565. checked_keys = set([
  4566. u'status',
  4567. u'name',
  4568. u'tags',
  4569. u'created_at',
  4570. u'updated_at',
  4571. u'visibility',
  4572. u'self',
  4573. u'protected',
  4574. u'id',
  4575. u'file',
  4576. u'min_disk',
  4577. u'foo',
  4578. u'abc',
  4579. u'type',
  4580. u'min_ram',
  4581. u'schema',
  4582. u'disk_format',
  4583. u'container_format',
  4584. u'owner',
  4585. u'checksum',
  4586. u'size',
  4587. u'virtual_size',
  4588. u'os_hidden',
  4589. u'os_hash_algo',
  4590. u'os_hash_value'
  4591. ])
  4592. self.assertEqual(checked_keys, set(image.keys()))
  4593. expected_image = {
  4594. 'status': 'queued',
  4595. 'name': 'image-1',
  4596. 'tags': [],
  4597. 'visibility': 'shared',
  4598. 'self': '/v2/images/%s' % image_id,
  4599. 'protected': True,
  4600. 'file': '/v2/images/%s/file' % image_id,
  4601. 'min_disk': 0,
  4602. 'foo': 'bar',
  4603. 'abc': 'xyz',
  4604. 'type': 'kernel',
  4605. 'min_ram': 0,
  4606. 'schema': '/v2/schemas/image',
  4607. }
  4608. for key, value in expected_image.items():
  4609. self.assertEqual(value, image[key], key)
  4610. # Image list should now have one entry
  4611. path = self._url('/v2/images')
  4612. response = requests.get(path, headers=self._headers())
  4613. self.assertEqual(http.OK, response.status_code)
  4614. images = jsonutils.loads(response.text)['images']
  4615. self.assertEqual(1, len(images))
  4616. self.assertEqual(image_id, images[0]['id'])
  4617. # Try to download data before its uploaded
  4618. path = self._url('/v2/images/%s/file' % image_id)
  4619. headers = self._headers()
  4620. response = requests.get(path, headers=headers)
  4621. self.assertEqual(http.NO_CONTENT, response.status_code)
  4622. def _verify_image_checksum_and_status(checksum, status):
  4623. # Checksum should be populated and status should be active
  4624. path = self._url('/v2/images/%s' % image_id)
  4625. response = requests.get(path, headers=self._headers())
  4626. self.assertEqual(http.OK, response.status_code)
  4627. image = jsonutils.loads(response.text)
  4628. self.assertEqual(checksum, image['checksum'])
  4629. self.assertEqual(status, image['status'])
  4630. # Upload some image data
  4631. path = self._url('/v2/images/%s/file' % image_id)
  4632. headers = self._headers({'Content-Type': 'application/octet-stream'})
  4633. response = requests.put(path, headers=headers, data='ZZZZZ')
  4634. self.assertEqual(http.NO_CONTENT, response.status_code)
  4635. expected_checksum = '8f113e38d28a79a5a451b16048cc2b72'
  4636. _verify_image_checksum_and_status(expected_checksum, 'active')
  4637. # Ensure image is created in default backend
  4638. path = self._url('/v2/images/%s' % image_id)
  4639. response = requests.get(path, headers=self._headers())
  4640. self.assertEqual(http.OK, response.status_code)
  4641. self.assertIn('file1', jsonutils.loads(response.text)['stores'])
  4642. # Try to download the data that was just uploaded
  4643. path = self._url('/v2/images/%s/file' % image_id)
  4644. response = requests.get(path, headers=self._headers())
  4645. self.assertEqual(http.OK, response.status_code)
  4646. self.assertEqual(expected_checksum, response.headers['Content-MD5'])
  4647. self.assertEqual('ZZZZZ', response.text)
  4648. # Ensure the size is updated to reflect the data uploaded
  4649. path = self._url('/v2/images/%s' % image_id)
  4650. response = requests.get(path, headers=self._headers())
  4651. self.assertEqual(http.OK, response.status_code)
  4652. self.assertEqual(5, jsonutils.loads(response.text)['size'])
  4653. # Unprotect image for deletion
  4654. path = self._url('/v2/images/%s' % image_id)
  4655. media_type = 'application/openstack-images-v2.1-json-patch'
  4656. headers = self._headers({'content-type': media_type})
  4657. doc = [{'op': 'replace', 'path': '/protected', 'value': False}]
  4658. data = jsonutils.dumps(doc)
  4659. response = requests.patch(path, headers=headers, data=data)
  4660. self.assertEqual(http.OK, response.status_code, response.text)
  4661. # Deletion should work. Deleting image
  4662. path = self._url('/v2/images/%s' % image_id)
  4663. response = requests.delete(path, headers=self._headers())
  4664. self.assertEqual(http.NO_CONTENT, response.status_code)
  4665. # This image should be no longer be directly accessible
  4666. path = self._url('/v2/images/%s' % image_id)
  4667. response = requests.get(path, headers=self._headers())
  4668. self.assertEqual(http.NOT_FOUND, response.status_code)
  4669. # And neither should its data
  4670. path = self._url('/v2/images/%s/file' % image_id)
  4671. headers = self._headers()
  4672. response = requests.get(path, headers=headers)
  4673. self.assertEqual(http.NOT_FOUND, response.status_code)
  4674. # Image list should now be empty
  4675. path = self._url('/v2/images')
  4676. response = requests.get(path, headers=self._headers())
  4677. self.assertEqual(http.OK, response.status_code)
  4678. images = jsonutils.loads(response.text)['images']
  4679. self.assertEqual(0, len(images))
  4680. self.stop_servers()
  4681. def test_image_lifecycle_different_backend(self):
  4682. # Image list should be empty
  4683. self.start_servers(**self.__dict__.copy())
  4684. path = self._url('/v2/images')
  4685. response = requests.get(path, headers=self._headers())
  4686. self.assertEqual(http.OK, response.status_code)
  4687. images = jsonutils.loads(response.text)['images']
  4688. self.assertEqual(0, len(images))
  4689. # file1 and file2 should be available in discovery response
  4690. available_stores = ['file1', 'file2']
  4691. path = self._url('/v2/info/stores')
  4692. response = requests.get(path, headers=self._headers())
  4693. self.assertEqual(http.OK, response.status_code)
  4694. discovery_calls = jsonutils.loads(
  4695. response.text)['stores']
  4696. for stores in discovery_calls:
  4697. self.assertIn('id', stores)
  4698. self.assertIn(stores['id'], available_stores)
  4699. # Create an image (with two deployer-defined properties)
  4700. path = self._url('/v2/images')
  4701. headers = self._headers({'content-type': 'application/json'})
  4702. data = jsonutils.dumps({'name': 'image-1', 'type': 'kernel',
  4703. 'foo': 'bar', 'disk_format': 'aki',
  4704. 'container_format': 'aki', 'abc': 'xyz',
  4705. 'protected': True})
  4706. response = requests.post(path, headers=headers, data=data)
  4707. self.assertEqual(http.CREATED, response.status_code)
  4708. # Check 'OpenStack-image-store-ids' header present in response
  4709. self.assertIn('OpenStack-image-store-ids', response.headers)
  4710. for store in available_stores:
  4711. self.assertIn(store, response.headers['OpenStack-image-store-ids'])
  4712. # Returned image entity should have a generated id and status
  4713. image = jsonutils.loads(response.text)
  4714. image_id = image['id']
  4715. checked_keys = set([
  4716. u'status',
  4717. u'name',
  4718. u'tags',
  4719. u'created_at',
  4720. u'updated_at',
  4721. u'visibility',
  4722. u'self',
  4723. u'protected',
  4724. u'id',
  4725. u'file',
  4726. u'min_disk',
  4727. u'foo',
  4728. u'abc',
  4729. u'type',
  4730. u'min_ram',
  4731. u'schema',
  4732. u'disk_format',
  4733. u'container_format',
  4734. u'owner',
  4735. u'checksum',
  4736. u'size',
  4737. u'virtual_size',
  4738. u'os_hidden',
  4739. u'os_hash_algo',
  4740. u'os_hash_value'
  4741. ])
  4742. self.assertEqual(checked_keys, set(image.keys()))
  4743. expected_image = {
  4744. 'status': 'queued',
  4745. 'name': 'image-1',
  4746. 'tags': [],
  4747. 'visibility': 'shared',
  4748. 'self': '/v2/images/%s' % image_id,
  4749. 'protected': True,
  4750. 'file': '/v2/images/%s/file' % image_id,
  4751. 'min_disk': 0,
  4752. 'foo': 'bar',
  4753. 'abc': 'xyz',
  4754. 'type': 'kernel',
  4755. 'min_ram': 0,
  4756. 'schema': '/v2/schemas/image',
  4757. }
  4758. for key, value in expected_image.items():
  4759. self.assertEqual(value, image[key], key)
  4760. # Image list should now have one entry
  4761. path = self._url('/v2/images')
  4762. response = requests.get(path, headers=self._headers())
  4763. self.assertEqual(http.OK, response.status_code)
  4764. images = jsonutils.loads(response.text)['images']
  4765. self.assertEqual(1, len(images))
  4766. self.assertEqual(image_id, images[0]['id'])
  4767. # Try to download data before its uploaded
  4768. path = self._url('/v2/images/%s/file' % image_id)
  4769. headers = self._headers()
  4770. response = requests.get(path, headers=headers)
  4771. self.assertEqual(http.NO_CONTENT, response.status_code)
  4772. def _verify_image_checksum_and_status(checksum, status):
  4773. # Checksum should be populated and status should be active
  4774. path = self._url('/v2/images/%s' % image_id)
  4775. response = requests.get(path, headers=self._headers())
  4776. self.assertEqual(http.OK, response.status_code)
  4777. image = jsonutils.loads(response.text)
  4778. self.assertEqual(checksum, image['checksum'])
  4779. self.assertEqual(status, image['status'])
  4780. # Upload some image data
  4781. path = self._url('/v2/images/%s/file' % image_id)
  4782. headers = self._headers({
  4783. 'Content-Type': 'application/octet-stream',
  4784. 'X-Image-Meta-Store': 'file2'
  4785. })
  4786. response = requests.put(path, headers=headers, data='ZZZZZ')
  4787. self.assertEqual(http.NO_CONTENT, response.status_code)
  4788. expected_checksum = '8f113e38d28a79a5a451b16048cc2b72'
  4789. _verify_image_checksum_and_status(expected_checksum, 'active')
  4790. # Ensure image is created in different backend
  4791. path = self._url('/v2/images/%s' % image_id)
  4792. response = requests.get(path, headers=self._headers())
  4793. self.assertEqual(http.OK, response.status_code)
  4794. self.assertIn('file2', jsonutils.loads(response.text)['stores'])
  4795. # Try to download the data that was just uploaded
  4796. path = self._url('/v2/images/%s/file' % image_id)
  4797. response = requests.get(path, headers=self._headers())
  4798. self.assertEqual(http.OK, response.status_code)
  4799. self.assertEqual(expected_checksum, response.headers['Content-MD5'])
  4800. self.assertEqual('ZZZZZ', response.text)
  4801. # Ensure the size is updated to reflect the data uploaded
  4802. path = self._url('/v2/images/%s' % image_id)
  4803. response = requests.get(path, headers=self._headers())
  4804. self.assertEqual(http.OK, response.status_code)
  4805. self.assertEqual(5, jsonutils.loads(response.text)['size'])
  4806. # Unprotect image for deletion
  4807. path = self._url('/v2/images/%s' % image_id)
  4808. media_type = 'application/openstack-images-v2.1-json-patch'
  4809. headers = self._headers({'content-type': media_type})
  4810. doc = [{'op': 'replace', 'path': '/protected', 'value': False}]
  4811. data = jsonutils.dumps(doc)
  4812. response = requests.patch(path, headers=headers, data=data)
  4813. self.assertEqual(http.OK, response.status_code, response.text)
  4814. # Deletion should work. Deleting image
  4815. path = self._url('/v2/images/%s' % image_id)
  4816. response = requests.delete(path, headers=self._headers())
  4817. self.assertEqual(http.NO_CONTENT, response.status_code)
  4818. # This image should be no longer be directly accessible
  4819. path = self._url('/v2/images/%s' % image_id)
  4820. response = requests.get(path, headers=self._headers())
  4821. self.assertEqual(http.NOT_FOUND, response.status_code)
  4822. # And neither should its data
  4823. path = self._url('/v2/images/%s/file' % image_id)
  4824. headers = self._headers()
  4825. response = requests.get(path, headers=headers)
  4826. self.assertEqual(http.NOT_FOUND, response.status_code)
  4827. # Image list should now be empty
  4828. path = self._url('/v2/images')
  4829. response = requests.get(path, headers=self._headers())
  4830. self.assertEqual(http.OK, response.status_code)
  4831. images = jsonutils.loads(response.text)['images']
  4832. self.assertEqual(0, len(images))
  4833. self.stop_servers()