OpenStack Image Management (Glance)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

images.py 56KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351
  1. # Copyright 2013 OpenStack Foundation
  2. # All Rights Reserved.
  3. #
  4. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  5. # not use this file except in compliance with the License. You may obtain
  6. # a copy of the License at
  7. #
  8. # http://www.apache.org/licenses/LICENSE-2.0
  9. #
  10. # Unless required by applicable law or agreed to in writing, software
  11. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  12. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  13. # License for the specific language governing permissions and limitations
  14. # under the License.
  15. """
  16. /images endpoint for Glance v1 API
  17. """
  18. import copy
  19. import glance_store as store
  20. import glance_store.location
  21. from oslo_config import cfg
  22. from oslo_log import log as logging
  23. from oslo_utils import encodeutils
  24. from oslo_utils import excutils
  25. from oslo_utils import strutils
  26. import six
  27. from webob.exc import HTTPBadRequest
  28. from webob.exc import HTTPConflict
  29. from webob.exc import HTTPForbidden
  30. from webob.exc import HTTPMethodNotAllowed
  31. from webob.exc import HTTPNotFound
  32. from webob.exc import HTTPRequestEntityTooLarge
  33. from webob.exc import HTTPServiceUnavailable
  34. from webob.exc import HTTPUnauthorized
  35. from webob import Response
  36. from glance.api import common
  37. from glance.api import policy
  38. import glance.api.v1
  39. from glance.api.v1 import controller
  40. from glance.api.v1 import filters
  41. from glance.api.v1 import upload_utils
  42. from glance.common import exception
  43. from glance.common import property_utils
  44. from glance.common import store_utils
  45. from glance.common import timeutils
  46. from glance.common import utils
  47. from glance.common import wsgi
  48. from glance.i18n import _, _LE, _LI, _LW
  49. from glance import notifier
  50. import glance.registry.client.v1.api as registry
  51. LOG = logging.getLogger(__name__)
  52. SUPPORTED_PARAMS = glance.api.v1.SUPPORTED_PARAMS
  53. SUPPORTED_FILTERS = glance.api.v1.SUPPORTED_FILTERS
  54. ACTIVE_IMMUTABLE = glance.api.v1.ACTIVE_IMMUTABLE
  55. IMMUTABLE = glance.api.v1.IMMUTABLE
  56. CONF = cfg.CONF
  57. CONF.import_opt('disk_formats', 'glance.common.config', group='image_format')
  58. CONF.import_opt('container_formats', 'glance.common.config',
  59. group='image_format')
  60. CONF.import_opt('image_property_quota', 'glance.common.config')
  61. def _validate_time(req, values):
  62. """Validates time formats for updated_at, created_at and deleted_at.
  63. 'strftime' only allows values after 1900 in glance v1 so this is enforced
  64. here. This was introduced to keep modularity.
  65. """
  66. for time_field in ['created_at', 'updated_at', 'deleted_at']:
  67. if time_field in values and values[time_field]:
  68. try:
  69. time = timeutils.parse_isotime(values[time_field])
  70. # On Python 2, datetime.datetime.strftime() raises a ValueError
  71. # for years older than 1900. On Python 3, years older than 1900
  72. # are accepted. But we explicitly want to reject timestamps
  73. # older than January 1st, 1900 for Glance API v1.
  74. if time.year < 1900:
  75. raise ValueError
  76. values[time_field] = time.strftime(
  77. timeutils.PERFECT_TIME_FORMAT)
  78. except ValueError:
  79. msg = (_("Invalid time format for %s.") % time_field)
  80. raise HTTPBadRequest(explanation=msg, request=req)
  81. def _validate_format(req, values):
  82. """Validates disk_format and container_format fields
  83. Introduced to split too complex validate_image_meta method.
  84. """
  85. amazon_formats = ('aki', 'ari', 'ami')
  86. disk_format = values.get('disk_format')
  87. container_format = values.get('container_format')
  88. if 'disk_format' in values:
  89. if disk_format not in CONF.image_format.disk_formats:
  90. msg = _("Invalid disk format '%s' for image.") % disk_format
  91. raise HTTPBadRequest(explanation=msg, request=req)
  92. if 'container_format' in values:
  93. if container_format not in CONF.image_format.container_formats:
  94. msg = _("Invalid container format '%s' "
  95. "for image.") % container_format
  96. raise HTTPBadRequest(explanation=msg, request=req)
  97. if any(f in amazon_formats for f in [disk_format, container_format]):
  98. if disk_format is None:
  99. values['disk_format'] = container_format
  100. elif container_format is None:
  101. values['container_format'] = disk_format
  102. elif container_format != disk_format:
  103. msg = (_("Invalid mix of disk and container formats. "
  104. "When setting a disk or container format to "
  105. "one of 'aki', 'ari', or 'ami', the container "
  106. "and disk formats must match."))
  107. raise HTTPBadRequest(explanation=msg, request=req)
  108. def validate_image_meta(req, values):
  109. _validate_format(req, values)
  110. _validate_time(req, values)
  111. name = values.get('name')
  112. checksum = values.get('checksum')
  113. if name and len(name) > 255:
  114. msg = _('Image name too long: %d') % len(name)
  115. raise HTTPBadRequest(explanation=msg, request=req)
  116. # check that checksum retrieved is exactly 32 characters
  117. # as long as we expect md5 checksum
  118. # https://bugs.launchpad.net/glance/+bug/1454730
  119. if checksum and len(checksum) > 32:
  120. msg = (_("Invalid checksum '%s': can't exceed 32 characters") %
  121. checksum)
  122. raise HTTPBadRequest(explanation=msg, request=req)
  123. return values
  124. def redact_loc(image_meta, copy_dict=True):
  125. """
  126. Create a shallow copy of image meta with 'location' removed
  127. for security (as it can contain credentials).
  128. """
  129. if copy_dict:
  130. new_image_meta = copy.copy(image_meta)
  131. else:
  132. new_image_meta = image_meta
  133. new_image_meta.pop('location', None)
  134. new_image_meta.pop('location_data', None)
  135. return new_image_meta
  136. class Controller(controller.BaseController):
  137. """
  138. WSGI controller for images resource in Glance v1 API
  139. The images resource API is a RESTful web service for image data. The API
  140. is as follows::
  141. GET /images -- Returns a set of brief metadata about images
  142. GET /images/detail -- Returns a set of detailed metadata about
  143. images
  144. HEAD /images/<ID> -- Return metadata about an image with id <ID>
  145. GET /images/<ID> -- Return image data for image with id <ID>
  146. POST /images -- Store image data and return metadata about the
  147. newly-stored image
  148. PUT /images/<ID> -- Update image metadata and/or upload image
  149. data for a previously-reserved image
  150. DELETE /images/<ID> -- Delete the image with id <ID>
  151. """
  152. def __init__(self):
  153. self.notifier = notifier.Notifier()
  154. registry.configure_registry_client()
  155. self.policy = policy.Enforcer()
  156. if property_utils.is_property_protection_enabled():
  157. self.prop_enforcer = property_utils.PropertyRules(self.policy)
  158. else:
  159. self.prop_enforcer = None
  160. def _enforce(self, req, action, target=None):
  161. """Authorize an action against our policies"""
  162. if target is None:
  163. target = {}
  164. try:
  165. self.policy.enforce(req.context, action, target)
  166. except exception.Forbidden:
  167. LOG.debug("User not permitted to perform '%s' action", action)
  168. raise HTTPForbidden()
  169. def _enforce_image_property_quota(self,
  170. image_meta,
  171. orig_image_meta=None,
  172. purge_props=False,
  173. req=None):
  174. if CONF.image_property_quota < 0:
  175. # If value is negative, allow unlimited number of properties
  176. return
  177. props = list(image_meta['properties'].keys())
  178. # NOTE(ameade): If we are not removing existing properties,
  179. # take them in to account
  180. if (not purge_props) and orig_image_meta:
  181. original_props = orig_image_meta['properties'].keys()
  182. props.extend(original_props)
  183. props = set(props)
  184. if len(props) > CONF.image_property_quota:
  185. msg = (_("The limit has been exceeded on the number of allowed "
  186. "image properties. Attempted: %(num)s, Maximum: "
  187. "%(quota)s") % {'num': len(props),
  188. 'quota': CONF.image_property_quota})
  189. LOG.warn(msg)
  190. raise HTTPRequestEntityTooLarge(explanation=msg,
  191. request=req,
  192. content_type="text/plain")
  193. def _enforce_create_protected_props(self, create_props, req):
  194. """
  195. Check request is permitted to create certain properties
  196. :param create_props: List of properties to check
  197. :param req: The WSGI/Webob Request object
  198. :raises HTTPForbidden: if request forbidden to create a property
  199. """
  200. if property_utils.is_property_protection_enabled():
  201. for key in create_props:
  202. if (self.prop_enforcer.check_property_rules(
  203. key, 'create', req.context) is False):
  204. msg = _("Property '%s' is protected") % key
  205. LOG.warn(msg)
  206. raise HTTPForbidden(explanation=msg,
  207. request=req,
  208. content_type="text/plain")
  209. def _enforce_read_protected_props(self, image_meta, req):
  210. """
  211. Remove entries from metadata properties if they are read protected
  212. :param image_meta: Mapping of metadata about image
  213. :param req: The WSGI/Webob Request object
  214. """
  215. if property_utils.is_property_protection_enabled():
  216. for key in list(image_meta['properties'].keys()):
  217. if (self.prop_enforcer.check_property_rules(
  218. key, 'read', req.context) is False):
  219. image_meta['properties'].pop(key)
  220. def _enforce_update_protected_props(self, update_props, image_meta,
  221. orig_meta, req):
  222. """
  223. Check request is permitted to update certain properties. Read
  224. permission is required to delete a property.
  225. If the property value is unchanged, i.e. a noop, it is permitted,
  226. however, it is important to ensure read access first. Otherwise the
  227. value could be discovered using brute force.
  228. :param update_props: List of properties to check
  229. :param image_meta: Mapping of proposed new metadata about image
  230. :param orig_meta: Mapping of existing metadata about image
  231. :param req: The WSGI/Webob Request object
  232. :raises HTTPForbidden: if request forbidden to create a property
  233. """
  234. if property_utils.is_property_protection_enabled():
  235. for key in update_props:
  236. has_read = self.prop_enforcer.check_property_rules(
  237. key, 'read', req.context)
  238. if ((self.prop_enforcer.check_property_rules(
  239. key, 'update', req.context) is False and
  240. image_meta['properties'][key] !=
  241. orig_meta['properties'][key]) or not has_read):
  242. msg = _("Property '%s' is protected") % key
  243. LOG.warn(msg)
  244. raise HTTPForbidden(explanation=msg,
  245. request=req,
  246. content_type="text/plain")
  247. def _enforce_delete_protected_props(self, delete_props, image_meta,
  248. orig_meta, req):
  249. """
  250. Check request is permitted to delete certain properties. Read
  251. permission is required to delete a property.
  252. Note, the absence of a property in a request does not necessarily
  253. indicate a delete. The requester may not have read access, and so can
  254. not know the property exists. Hence, read access is a requirement for
  255. delete, otherwise the delete is ignored transparently.
  256. :param delete_props: List of properties to check
  257. :param image_meta: Mapping of proposed new metadata about image
  258. :param orig_meta: Mapping of existing metadata about image
  259. :param req: The WSGI/Webob Request object
  260. :raises HTTPForbidden: if request forbidden to create a property
  261. """
  262. if property_utils.is_property_protection_enabled():
  263. for key in delete_props:
  264. if (self.prop_enforcer.check_property_rules(
  265. key, 'read', req.context) is False):
  266. # NOTE(bourke): if read protected, re-add to image_meta to
  267. # prevent deletion
  268. image_meta['properties'][key] = orig_meta[
  269. 'properties'][key]
  270. elif (self.prop_enforcer.check_property_rules(
  271. key, 'delete', req.context) is False):
  272. msg = _("Property '%s' is protected") % key
  273. LOG.warn(msg)
  274. raise HTTPForbidden(explanation=msg,
  275. request=req,
  276. content_type="text/plain")
  277. def index(self, req):
  278. """
  279. Returns the following information for all public, available images:
  280. * id -- The opaque image identifier
  281. * name -- The name of the image
  282. * disk_format -- The disk image format
  283. * container_format -- The "container" format of the image
  284. * checksum -- MD5 checksum of the image data
  285. * size -- Size of image data in bytes
  286. :param req: The WSGI/Webob Request object
  287. :returns: The response body is a mapping of the following form
  288. ::
  289. {'images': [
  290. {'id': <ID>,
  291. 'name': <NAME>,
  292. 'disk_format': <DISK_FORMAT>,
  293. 'container_format': <DISK_FORMAT>,
  294. 'checksum': <CHECKSUM>,
  295. 'size': <SIZE>}, {...}]
  296. }
  297. """
  298. self._enforce(req, 'get_images')
  299. params = self._get_query_params(req)
  300. try:
  301. images = registry.get_images_list(req.context, **params)
  302. except exception.Invalid as e:
  303. raise HTTPBadRequest(explanation=e.msg, request=req)
  304. return dict(images=images)
  305. def detail(self, req):
  306. """
  307. Returns detailed information for all available images
  308. :param req: The WSGI/Webob Request object
  309. :returns: The response body is a mapping of the following form
  310. ::
  311. {'images':
  312. [{
  313. 'id': <ID>,
  314. 'name': <NAME>,
  315. 'size': <SIZE>,
  316. 'disk_format': <DISK_FORMAT>,
  317. 'container_format': <CONTAINER_FORMAT>,
  318. 'checksum': <CHECKSUM>,
  319. 'min_disk': <MIN_DISK>,
  320. 'min_ram': <MIN_RAM>,
  321. 'store': <STORE>,
  322. 'status': <STATUS>,
  323. 'created_at': <TIMESTAMP>,
  324. 'updated_at': <TIMESTAMP>,
  325. 'deleted_at': <TIMESTAMP>|<NONE>,
  326. 'properties': {'distro': 'Ubuntu 10.04 LTS', {...}}
  327. }, {...}]
  328. }
  329. """
  330. if req.method == 'HEAD':
  331. msg = (_("This operation is currently not permitted on "
  332. "Glance images details."))
  333. raise HTTPMethodNotAllowed(explanation=msg,
  334. headers={'Allow': 'GET'},
  335. body_template='${explanation}')
  336. self._enforce(req, 'get_images')
  337. params = self._get_query_params(req)
  338. try:
  339. images = registry.get_images_detail(req.context, **params)
  340. # Strip out the Location attribute. Temporary fix for
  341. # LP Bug #755916. This information is still coming back
  342. # from the registry, since the API server still needs access
  343. # to it, however we do not return this potential security
  344. # information to the API end user...
  345. for image in images:
  346. redact_loc(image, copy_dict=False)
  347. self._enforce_read_protected_props(image, req)
  348. except exception.Invalid as e:
  349. raise HTTPBadRequest(explanation=e.msg, request=req)
  350. except exception.NotAuthenticated as e:
  351. raise HTTPUnauthorized(explanation=e.msg, request=req)
  352. return dict(images=images)
  353. def _get_query_params(self, req):
  354. """
  355. Extracts necessary query params from request.
  356. :param req: the WSGI Request object
  357. :returns: dict of parameters that can be used by registry client
  358. """
  359. params = {'filters': self._get_filters(req)}
  360. for PARAM in SUPPORTED_PARAMS:
  361. if PARAM in req.params:
  362. params[PARAM] = req.params.get(PARAM)
  363. # Fix for LP Bug #1132294
  364. # Ensure all shared images are returned in v1
  365. params['member_status'] = 'all'
  366. return params
  367. def _get_filters(self, req):
  368. """
  369. Return a dictionary of query param filters from the request
  370. :param req: the Request object coming from the wsgi layer
  371. :returns: a dict of key/value filters
  372. """
  373. query_filters = {}
  374. for param in req.params:
  375. if param in SUPPORTED_FILTERS or param.startswith('property-'):
  376. query_filters[param] = req.params.get(param)
  377. if not filters.validate(param, query_filters[param]):
  378. raise HTTPBadRequest(_('Bad value passed to filter '
  379. '%(filter)s got %(val)s')
  380. % {'filter': param,
  381. 'val': query_filters[param]})
  382. return query_filters
  383. def meta(self, req, id):
  384. """
  385. Returns metadata about an image in the HTTP headers of the
  386. response object
  387. :param req: The WSGI/Webob Request object
  388. :param id: The opaque image identifier
  389. :returns: similar to 'show' method but without image_data
  390. :raises HTTPNotFound: if image metadata is not available to user
  391. """
  392. self._enforce(req, 'get_image')
  393. image_meta = self.get_image_meta_or_404(req, id)
  394. image_meta = redact_loc(image_meta)
  395. self._enforce_read_protected_props(image_meta, req)
  396. return {
  397. 'image_meta': image_meta
  398. }
  399. @staticmethod
  400. def _validate_source(source, req):
  401. """
  402. Validate if external sources (as specified via the location
  403. or copy-from headers) are supported. Otherwise we reject
  404. with 400 "Bad Request".
  405. """
  406. if store_utils.validate_external_location(source):
  407. return source
  408. else:
  409. if source:
  410. msg = _("External sources are not supported: '%s'") % source
  411. else:
  412. msg = _("External source should not be empty")
  413. LOG.warn(msg)
  414. raise HTTPBadRequest(explanation=msg,
  415. request=req,
  416. content_type="text/plain")
  417. @staticmethod
  418. def _copy_from(req):
  419. return req.headers.get('x-glance-api-copy-from')
  420. def _external_source(self, image_meta, req):
  421. if 'location' in image_meta:
  422. self._enforce(req, 'set_image_location')
  423. source = image_meta['location']
  424. elif 'x-glance-api-copy-from' in req.headers:
  425. source = Controller._copy_from(req)
  426. else:
  427. # we have an empty external source value
  428. # so we are creating "draft" of the image and no need validation
  429. return None
  430. return Controller._validate_source(source, req)
  431. @staticmethod
  432. def _get_from_store(context, where, dest=None):
  433. try:
  434. loc = glance_store.location.get_location_from_uri(where)
  435. src_store = store.get_store_from_uri(where)
  436. if dest is not None:
  437. src_store.READ_CHUNKSIZE = dest.WRITE_CHUNKSIZE
  438. image_data, image_size = src_store.get(loc, context=context)
  439. except store.RemoteServiceUnavailable as e:
  440. raise HTTPServiceUnavailable(explanation=e.msg)
  441. except store.NotFound as e:
  442. raise HTTPNotFound(explanation=e.msg)
  443. except (store.StoreGetNotSupported,
  444. store.StoreRandomGetNotSupported,
  445. store.UnknownScheme) as e:
  446. raise HTTPBadRequest(explanation=e.msg)
  447. image_size = int(image_size) if image_size else None
  448. return image_data, image_size
  449. def show(self, req, id):
  450. """
  451. Returns an iterator that can be used to retrieve an image's
  452. data along with the image metadata.
  453. :param req: The WSGI/Webob Request object
  454. :param id: The opaque image identifier
  455. :raises HTTPNotFound: if image is not available to user
  456. """
  457. self._enforce(req, 'get_image')
  458. try:
  459. image_meta = self.get_active_image_meta_or_error(req, id)
  460. except HTTPNotFound:
  461. # provision for backward-compatibility breaking issue
  462. # catch the 404 exception and raise it after enforcing
  463. # the policy
  464. with excutils.save_and_reraise_exception():
  465. self._enforce(req, 'download_image')
  466. else:
  467. target = utils.create_mashup_dict(image_meta)
  468. self._enforce(req, 'download_image', target=target)
  469. self._enforce_read_protected_props(image_meta, req)
  470. if image_meta.get('size') == 0:
  471. image_iterator = iter([])
  472. else:
  473. image_iterator, size = self._get_from_store(req.context,
  474. image_meta['location'])
  475. image_iterator = utils.cooperative_iter(image_iterator)
  476. image_meta['size'] = size or image_meta['size']
  477. image_meta = redact_loc(image_meta)
  478. return {
  479. 'image_iterator': image_iterator,
  480. 'image_meta': image_meta,
  481. }
  482. def _reserve(self, req, image_meta):
  483. """
  484. Adds the image metadata to the registry and assigns
  485. an image identifier if one is not supplied in the request
  486. headers. Sets the image's status to `queued`.
  487. :param req: The WSGI/Webob Request object
  488. :param id: The opaque image identifier
  489. :param image_meta: The image metadata
  490. :raises HTTPConflict: if image already exists
  491. :raises HTTPBadRequest: if image metadata is not valid
  492. """
  493. location = self._external_source(image_meta, req)
  494. scheme = image_meta.get('store')
  495. if scheme and scheme not in store.get_known_schemes():
  496. msg = _("Required store %s is invalid") % scheme
  497. LOG.warn(msg)
  498. raise HTTPBadRequest(explanation=msg,
  499. content_type='text/plain')
  500. image_meta['status'] = ('active' if image_meta.get('size') == 0
  501. else 'queued')
  502. if location:
  503. try:
  504. backend = store.get_store_from_location(location)
  505. except (store.UnknownScheme, store.BadStoreUri):
  506. LOG.debug("Invalid location %s", location)
  507. msg = _("Invalid location %s") % location
  508. raise HTTPBadRequest(explanation=msg,
  509. request=req,
  510. content_type="text/plain")
  511. # check the store exists before we hit the registry, but we
  512. # don't actually care what it is at this point
  513. self.get_store_or_400(req, backend)
  514. # retrieve the image size from remote store (if not provided)
  515. image_meta['size'] = self._get_size(req.context, image_meta,
  516. location)
  517. else:
  518. # Ensure that the size attribute is set to zero for directly
  519. # uploadable images (if not provided). The size will be set
  520. # to a non-zero value during upload
  521. image_meta['size'] = image_meta.get('size', 0)
  522. try:
  523. image_meta = registry.add_image_metadata(req.context, image_meta)
  524. self.notifier.info("image.create", redact_loc(image_meta))
  525. return image_meta
  526. except exception.Duplicate:
  527. msg = (_("An image with identifier %s already exists") %
  528. image_meta['id'])
  529. LOG.warn(msg)
  530. raise HTTPConflict(explanation=msg,
  531. request=req,
  532. content_type="text/plain")
  533. except exception.Invalid as e:
  534. msg = (_("Failed to reserve image. Got error: %s") %
  535. encodeutils.exception_to_unicode(e))
  536. LOG.exception(msg)
  537. raise HTTPBadRequest(explanation=msg,
  538. request=req,
  539. content_type="text/plain")
  540. except exception.Forbidden:
  541. msg = _("Forbidden to reserve image.")
  542. LOG.warn(msg)
  543. raise HTTPForbidden(explanation=msg,
  544. request=req,
  545. content_type="text/plain")
  546. def _upload(self, req, image_meta):
  547. """
  548. Uploads the payload of the request to a backend store in
  549. Glance. If the `x-image-meta-store` header is set, Glance
  550. will attempt to use that scheme; if not, Glance will use the
  551. scheme set by the flag `default_store` to find the backing store.
  552. :param req: The WSGI/Webob Request object
  553. :param image_meta: Mapping of metadata about image
  554. :raises HTTPConflict: if image already exists
  555. :returns: The location where the image was stored
  556. """
  557. scheme = req.headers.get('x-image-meta-store',
  558. CONF.glance_store.default_store)
  559. store = self.get_store_or_400(req, scheme)
  560. copy_from = self._copy_from(req)
  561. if copy_from:
  562. try:
  563. image_data, image_size = self._get_from_store(req.context,
  564. copy_from,
  565. dest=store)
  566. except Exception:
  567. upload_utils.safe_kill(req, image_meta['id'], 'queued')
  568. msg = (_LE("Copy from external source '%(scheme)s' failed for "
  569. "image: %(image)s") %
  570. {'scheme': scheme, 'image': image_meta['id']})
  571. LOG.exception(msg)
  572. return
  573. image_meta['size'] = image_size or image_meta['size']
  574. else:
  575. try:
  576. req.get_content_type(('application/octet-stream',))
  577. except exception.InvalidContentType:
  578. upload_utils.safe_kill(req, image_meta['id'], 'queued')
  579. msg = _("Content-Type must be application/octet-stream")
  580. LOG.warn(msg)
  581. raise HTTPBadRequest(explanation=msg)
  582. image_data = req.body_file
  583. image_id = image_meta['id']
  584. LOG.debug("Setting image %s to status 'saving'", image_id)
  585. registry.update_image_metadata(req.context, image_id,
  586. {'status': 'saving'})
  587. LOG.debug("Uploading image data for image %(image_id)s "
  588. "to %(scheme)s store", {'image_id': image_id,
  589. 'scheme': scheme})
  590. self.notifier.info("image.prepare", redact_loc(image_meta))
  591. image_meta, location_data = upload_utils.upload_data_to_store(
  592. req, image_meta, image_data, store, self.notifier)
  593. self.notifier.info('image.upload', redact_loc(image_meta))
  594. return location_data
  595. def _activate(self, req, image_id, location_data, from_state=None):
  596. """
  597. Sets the image status to `active` and the image's location
  598. attribute.
  599. :param req: The WSGI/Webob Request object
  600. :param image_id: Opaque image identifier
  601. :param location_data: Location of where Glance stored this image
  602. """
  603. image_meta = {
  604. 'location': location_data['url'],
  605. 'status': 'active',
  606. 'location_data': [location_data]
  607. }
  608. try:
  609. s = from_state
  610. image_meta_data = registry.update_image_metadata(req.context,
  611. image_id,
  612. image_meta,
  613. from_state=s)
  614. self.notifier.info("image.activate", redact_loc(image_meta_data))
  615. self.notifier.info("image.update", redact_loc(image_meta_data))
  616. return image_meta_data
  617. except exception.Duplicate:
  618. with excutils.save_and_reraise_exception():
  619. # Delete image data since it has been superseded by another
  620. # upload and re-raise.
  621. LOG.debug("duplicate operation - deleting image data for "
  622. " %(id)s (location:%(location)s)",
  623. {'id': image_id, 'location': image_meta['location']})
  624. upload_utils.initiate_deletion(req, location_data, image_id)
  625. except exception.Invalid as e:
  626. msg = (_("Failed to activate image. Got error: %s") %
  627. encodeutils.exception_to_unicode(e))
  628. LOG.warn(msg)
  629. raise HTTPBadRequest(explanation=msg,
  630. request=req,
  631. content_type="text/plain")
  632. def _upload_and_activate(self, req, image_meta):
  633. """
  634. Safely uploads the image data in the request payload
  635. and activates the image in the registry after a successful
  636. upload.
  637. :param req: The WSGI/Webob Request object
  638. :param image_meta: Mapping of metadata about image
  639. :returns: Mapping of updated image data
  640. """
  641. location_data = self._upload(req, image_meta)
  642. image_id = image_meta['id']
  643. LOG.info(_LI("Uploaded data of image %s from request "
  644. "payload successfully."), image_id)
  645. if location_data:
  646. try:
  647. image_meta = self._activate(req,
  648. image_id,
  649. location_data,
  650. from_state='saving')
  651. except exception.Duplicate:
  652. raise
  653. except Exception:
  654. with excutils.save_and_reraise_exception():
  655. # NOTE(zhiyan): Delete image data since it has already
  656. # been added to store by above _upload() call.
  657. LOG.warn(_LW("Failed to activate image %s in "
  658. "registry. About to delete image "
  659. "bits from store and update status "
  660. "to 'killed'.") % image_id)
  661. upload_utils.initiate_deletion(req, location_data,
  662. image_id)
  663. upload_utils.safe_kill(req, image_id, 'saving')
  664. else:
  665. image_meta = None
  666. return image_meta
  667. def _get_size(self, context, image_meta, location):
  668. # retrieve the image size from remote store (if not provided)
  669. try:
  670. return (image_meta.get('size', 0) or
  671. store.get_size_from_backend(location, context=context))
  672. except store.NotFound as e:
  673. # NOTE(rajesht): The exception is logged as debug message because
  674. # the image is located at third-party server and it has nothing to
  675. # do with glance. If log.exception is used here, in that case the
  676. # log file might be flooded with exception log messages if
  677. # malicious user keeps on trying image-create using non-existent
  678. # location url. Used log.debug because administrator can
  679. # disable debug logs.
  680. LOG.debug(encodeutils.exception_to_unicode(e))
  681. raise HTTPNotFound(explanation=e.msg, content_type="text/plain")
  682. except (store.UnknownScheme, store.BadStoreUri) as e:
  683. # NOTE(rajesht): See above note of store.NotFound
  684. LOG.debug(encodeutils.exception_to_unicode(e))
  685. raise HTTPBadRequest(explanation=e.msg, content_type="text/plain")
  686. def _handle_source(self, req, image_id, image_meta, image_data):
  687. copy_from = self._copy_from(req)
  688. location = image_meta.get('location')
  689. sources = [obj for obj in (copy_from, location, image_data) if obj]
  690. if len(sources) >= 2:
  691. msg = _("It's invalid to provide multiple image sources.")
  692. LOG.warn(msg)
  693. raise HTTPBadRequest(explanation=msg,
  694. request=req,
  695. content_type="text/plain")
  696. if len(sources) == 0:
  697. return image_meta
  698. if image_data:
  699. image_meta = self._validate_image_for_activation(req,
  700. image_id,
  701. image_meta)
  702. image_meta = self._upload_and_activate(req, image_meta)
  703. elif copy_from:
  704. msg = _LI('Triggering asynchronous copy from external source')
  705. LOG.info(msg)
  706. pool = common.get_thread_pool("copy_from_eventlet_pool")
  707. pool.spawn_n(self._upload_and_activate, req, image_meta)
  708. else:
  709. if location:
  710. self._validate_image_for_activation(req, image_id, image_meta)
  711. image_size_meta = image_meta.get('size')
  712. if image_size_meta:
  713. try:
  714. image_size_store = store.get_size_from_backend(
  715. location, req.context)
  716. except (store.BadStoreUri, store.UnknownScheme) as e:
  717. LOG.debug(encodeutils.exception_to_unicode(e))
  718. raise HTTPBadRequest(explanation=e.msg,
  719. request=req,
  720. content_type="text/plain")
  721. # NOTE(zhiyan): A returned size of zero usually means
  722. # the driver encountered an error. In this case the
  723. # size provided by the client will be used as-is.
  724. if (image_size_store and
  725. image_size_store != image_size_meta):
  726. msg = (_("Provided image size must match the stored"
  727. " image size. (provided size: %(ps)d, "
  728. "stored size: %(ss)d)") %
  729. {"ps": image_size_meta,
  730. "ss": image_size_store})
  731. LOG.warn(msg)
  732. raise HTTPConflict(explanation=msg,
  733. request=req,
  734. content_type="text/plain")
  735. location_data = {'url': location, 'metadata': {},
  736. 'status': 'active'}
  737. image_meta = self._activate(req, image_id, location_data)
  738. return image_meta
  739. def _validate_image_for_activation(self, req, id, values):
  740. """Ensures that all required image metadata values are valid."""
  741. image = self.get_image_meta_or_404(req, id)
  742. if values['disk_format'] is None:
  743. if not image['disk_format']:
  744. msg = _("Disk format is not specified.")
  745. raise HTTPBadRequest(explanation=msg, request=req)
  746. values['disk_format'] = image['disk_format']
  747. if values['container_format'] is None:
  748. if not image['container_format']:
  749. msg = _("Container format is not specified.")
  750. raise HTTPBadRequest(explanation=msg, request=req)
  751. values['container_format'] = image['container_format']
  752. if 'name' not in values:
  753. values['name'] = image['name']
  754. values = validate_image_meta(req, values)
  755. return values
  756. @utils.mutating
  757. def create(self, req, image_meta, image_data):
  758. """
  759. Adds a new image to Glance. Four scenarios exist when creating an
  760. image:
  761. 1. If the image data is available directly for upload, create can be
  762. passed the image data as the request body and the metadata as the
  763. request headers. The image will initially be 'queued', during
  764. upload it will be in the 'saving' status, and then 'killed' or
  765. 'active' depending on whether the upload completed successfully.
  766. 2. If the image data exists somewhere else, you can upload indirectly
  767. from the external source using the x-glance-api-copy-from header.
  768. Once the image is uploaded, the external store is not subsequently
  769. consulted, i.e. the image content is served out from the configured
  770. glance image store. State transitions are as for option #1.
  771. 3. If the image data exists somewhere else, you can reference the
  772. source using the x-image-meta-location header. The image content
  773. will be served out from the external store, i.e. is never uploaded
  774. to the configured glance image store.
  775. 4. If the image data is not available yet, but you'd like reserve a
  776. spot for it, you can omit the data and a record will be created in
  777. the 'queued' state. This exists primarily to maintain backwards
  778. compatibility with OpenStack/Rackspace API semantics.
  779. The request body *must* be encoded as application/octet-stream,
  780. otherwise an HTTPBadRequest is returned.
  781. Upon a successful save of the image data and metadata, a response
  782. containing metadata about the image is returned, including its
  783. opaque identifier.
  784. :param req: The WSGI/Webob Request object
  785. :param image_meta: Mapping of metadata about image
  786. :param image_data: Actual image data that is to be stored
  787. :raises HTTPBadRequest: if x-image-meta-location is missing
  788. and the request body is not application/octet-stream
  789. image data.
  790. """
  791. self._enforce(req, 'add_image')
  792. is_public = image_meta.get('is_public')
  793. if is_public:
  794. self._enforce(req, 'publicize_image')
  795. if Controller._copy_from(req):
  796. self._enforce(req, 'copy_from')
  797. if image_data or Controller._copy_from(req):
  798. self._enforce(req, 'upload_image')
  799. self._enforce_create_protected_props(image_meta['properties'].keys(),
  800. req)
  801. self._enforce_image_property_quota(image_meta, req=req)
  802. image_meta = self._reserve(req, image_meta)
  803. id = image_meta['id']
  804. image_meta = self._handle_source(req, id, image_meta, image_data)
  805. location_uri = image_meta.get('location')
  806. if location_uri:
  807. self.update_store_acls(req, id, location_uri, public=is_public)
  808. # Prevent client from learning the location, as it
  809. # could contain security credentials
  810. image_meta = redact_loc(image_meta)
  811. return {'image_meta': image_meta}
  812. @utils.mutating
  813. def update(self, req, id, image_meta, image_data):
  814. """
  815. Updates an existing image with the registry.
  816. :param request: The WSGI/Webob Request object
  817. :param id: The opaque image identifier
  818. :returns: Returns the updated image information as a mapping
  819. """
  820. self._enforce(req, 'modify_image')
  821. is_public = image_meta.get('is_public')
  822. if is_public:
  823. self._enforce(req, 'publicize_image')
  824. if Controller._copy_from(req):
  825. self._enforce(req, 'copy_from')
  826. if image_data or Controller._copy_from(req):
  827. self._enforce(req, 'upload_image')
  828. orig_image_meta = self.get_image_meta_or_404(req, id)
  829. orig_status = orig_image_meta['status']
  830. # Do not allow any updates on a deleted image.
  831. # Fix for LP Bug #1060930
  832. if orig_status == 'deleted':
  833. msg = _("Forbidden to update deleted image.")
  834. raise HTTPForbidden(explanation=msg,
  835. request=req,
  836. content_type="text/plain")
  837. if req.context.is_admin is False:
  838. # Once an image is 'active' only an admin can
  839. # modify certain core metadata keys
  840. for key in ACTIVE_IMMUTABLE:
  841. if ((orig_status == 'active' or orig_status == 'deactivated')
  842. and key in image_meta
  843. and image_meta.get(key) != orig_image_meta.get(key)):
  844. msg = _("Forbidden to modify '%(key)s' of %(status)s "
  845. "image.") % {'key': key, 'status': orig_status}
  846. raise HTTPForbidden(explanation=msg,
  847. request=req,
  848. content_type="text/plain")
  849. for key in IMMUTABLE:
  850. if (key in image_meta and
  851. image_meta.get(key) != orig_image_meta.get(key)):
  852. msg = _("Forbidden to modify '%s' of image.") % key
  853. raise HTTPForbidden(explanation=msg,
  854. request=req,
  855. content_type="text/plain")
  856. # The default behaviour for a PUT /images/<IMAGE_ID> is to
  857. # override any properties that were previously set. This, however,
  858. # leads to a number of issues for the common use case where a caller
  859. # registers an image with some properties and then almost immediately
  860. # uploads an image file along with some more properties. Here, we
  861. # check for a special header value to be false in order to force
  862. # properties NOT to be purged. However we also disable purging of
  863. # properties if an image file is being uploaded...
  864. purge_props = req.headers.get('x-glance-registry-purge-props', True)
  865. purge_props = (strutils.bool_from_string(purge_props) and
  866. image_data is None)
  867. if image_data is not None and orig_status != 'queued':
  868. raise HTTPConflict(_("Cannot upload to an unqueued image"))
  869. # Only allow the Location|Copy-From fields to be modified if the
  870. # image is in queued status, which indicates that the user called
  871. # POST /images but originally supply neither a Location|Copy-From
  872. # field NOR image data
  873. location = self._external_source(image_meta, req)
  874. reactivating = orig_status != 'queued' and location
  875. activating = orig_status == 'queued' and (location or image_data)
  876. # Make image public in the backend store (if implemented)
  877. orig_or_updated_loc = location or orig_image_meta.get('location')
  878. if orig_or_updated_loc:
  879. try:
  880. if is_public is not None or location is not None:
  881. self.update_store_acls(req, id, orig_or_updated_loc,
  882. public=is_public)
  883. except store.BadStoreUri:
  884. msg = _("Invalid location: %s") % location
  885. LOG.warn(msg)
  886. raise HTTPBadRequest(explanation=msg,
  887. request=req,
  888. content_type="text/plain")
  889. if reactivating:
  890. msg = _("Attempted to update Location field for an image "
  891. "not in queued status.")
  892. raise HTTPBadRequest(explanation=msg,
  893. request=req,
  894. content_type="text/plain")
  895. # ensure requester has permissions to create/update/delete properties
  896. # according to property-protections.conf
  897. orig_keys = set(orig_image_meta['properties'])
  898. new_keys = set(image_meta['properties'])
  899. self._enforce_update_protected_props(
  900. orig_keys.intersection(new_keys), image_meta,
  901. orig_image_meta, req)
  902. self._enforce_create_protected_props(
  903. new_keys.difference(orig_keys), req)
  904. if purge_props:
  905. self._enforce_delete_protected_props(
  906. orig_keys.difference(new_keys), image_meta,
  907. orig_image_meta, req)
  908. self._enforce_image_property_quota(image_meta,
  909. orig_image_meta=orig_image_meta,
  910. purge_props=purge_props,
  911. req=req)
  912. try:
  913. if location:
  914. image_meta['size'] = self._get_size(req.context, image_meta,
  915. location)
  916. image_meta = registry.update_image_metadata(req.context,
  917. id,
  918. image_meta,
  919. purge_props)
  920. if activating:
  921. image_meta = self._handle_source(req, id, image_meta,
  922. image_data)
  923. except exception.Invalid as e:
  924. msg = (_("Failed to update image metadata. Got error: %s") %
  925. encodeutils.exception_to_unicode(e))
  926. LOG.warn(msg)
  927. raise HTTPBadRequest(explanation=msg,
  928. request=req,
  929. content_type="text/plain")
  930. except exception.ImageNotFound as e:
  931. msg = (_("Failed to find image to update: %s") %
  932. encodeutils.exception_to_unicode(e))
  933. LOG.warn(msg)
  934. raise HTTPNotFound(explanation=msg,
  935. request=req,
  936. content_type="text/plain")
  937. except exception.Forbidden as e:
  938. msg = (_("Forbidden to update image: %s") %
  939. encodeutils.exception_to_unicode(e))
  940. LOG.warn(msg)
  941. raise HTTPForbidden(explanation=msg,
  942. request=req,
  943. content_type="text/plain")
  944. except (exception.Conflict, exception.Duplicate) as e:
  945. LOG.warn(encodeutils.exception_to_unicode(e))
  946. raise HTTPConflict(body=_('Image operation conflicts'),
  947. request=req,
  948. content_type='text/plain')
  949. else:
  950. self.notifier.info('image.update', redact_loc(image_meta))
  951. # Prevent client from learning the location, as it
  952. # could contain security credentials
  953. image_meta = redact_loc(image_meta)
  954. self._enforce_read_protected_props(image_meta, req)
  955. return {'image_meta': image_meta}
  956. @utils.mutating
  957. def delete(self, req, id):
  958. """
  959. Deletes the image and all its chunks from the Glance
  960. :param req: The WSGI/Webob Request object
  961. :param id: The opaque image identifier
  962. :raises HttpBadRequest: if image registry is invalid
  963. :raises HttpNotFound: if image or any chunk is not available
  964. :raises HttpUnauthorized: if image or any chunk is not
  965. deleteable by the requesting user
  966. """
  967. self._enforce(req, 'delete_image')
  968. image = self.get_image_meta_or_404(req, id)
  969. if image['protected']:
  970. msg = _("Image is protected")
  971. LOG.warn(msg)
  972. raise HTTPForbidden(explanation=msg,
  973. request=req,
  974. content_type="text/plain")
  975. if image['status'] == 'pending_delete':
  976. msg = (_("Forbidden to delete a %s image.") %
  977. image['status'])
  978. LOG.warn(msg)
  979. raise HTTPForbidden(explanation=msg,
  980. request=req,
  981. content_type="text/plain")
  982. elif image['status'] == 'deleted':
  983. msg = _("Image %s not found.") % id
  984. LOG.warn(msg)
  985. raise HTTPNotFound(explanation=msg, request=req,
  986. content_type="text/plain")
  987. if image['location'] and CONF.delayed_delete:
  988. status = 'pending_delete'
  989. else:
  990. status = 'deleted'
  991. ori_status = image['status']
  992. try:
  993. # Update the image from the registry first, since we rely on it
  994. # for authorization checks.
  995. # See https://bugs.launchpad.net/glance/+bug/1065187
  996. image = registry.update_image_metadata(req.context, id,
  997. {'status': status})
  998. try:
  999. # The image's location field may be None in the case
  1000. # of a saving or queued image, therefore don't ask a backend
  1001. # to delete the image if the backend doesn't yet store it.
  1002. # See https://bugs.launchpad.net/glance/+bug/747799
  1003. if image['location']:
  1004. for loc_data in image['location_data']:
  1005. if loc_data['status'] == 'active':
  1006. upload_utils.initiate_deletion(req, loc_data, id)
  1007. except Exception:
  1008. with excutils.save_and_reraise_exception():
  1009. registry.update_image_metadata(req.context, id,
  1010. {'status': ori_status})
  1011. registry.delete_image_metadata(req.context, id)
  1012. except exception.ImageNotFound as e:
  1013. msg = (_("Failed to find image to delete: %s") %
  1014. encodeutils.exception_to_unicode(e))
  1015. LOG.warn(msg)
  1016. raise HTTPNotFound(explanation=msg,
  1017. request=req,
  1018. content_type="text/plain")
  1019. except exception.Forbidden as e:
  1020. msg = (_("Forbidden to delete image: %s") %
  1021. encodeutils.exception_to_unicode(e))
  1022. LOG.warn(msg)
  1023. raise HTTPForbidden(explanation=msg,
  1024. request=req,
  1025. content_type="text/plain")
  1026. except store.InUseByStore as e:
  1027. msg = (_("Image %(id)s could not be deleted because it is in use: "
  1028. "%(exc)s")
  1029. % {"id": id, "exc": encodeutils.exception_to_unicode(e)})
  1030. LOG.warn(msg)
  1031. raise HTTPConflict(explanation=msg,
  1032. request=req,
  1033. content_type="text/plain")
  1034. else:
  1035. self.notifier.info('image.delete', redact_loc(image))
  1036. return Response(body='', status=200)
  1037. def get_store_or_400(self, request, scheme):
  1038. """
  1039. Grabs the storage backend for the supplied store name
  1040. or raises an HTTPBadRequest (400) response
  1041. :param request: The WSGI/Webob Request object
  1042. :param scheme: The backend store scheme
  1043. :raises HTTPBadRequest: if store does not exist
  1044. """
  1045. try:
  1046. return store.get_store_from_scheme(scheme)
  1047. except store.UnknownScheme:
  1048. msg = _("Store for scheme %s not found") % scheme
  1049. LOG.warn(msg)
  1050. raise HTTPBadRequest(explanation=msg,
  1051. request=request,
  1052. content_type='text/plain')
  1053. class ImageDeserializer(wsgi.JSONRequestDeserializer):
  1054. """Handles deserialization of specific controller method requests."""
  1055. def _deserialize(self, request):
  1056. result = {}
  1057. try:
  1058. result['image_meta'] = utils.get_image_meta_from_headers(request)
  1059. except exception.InvalidParameterValue as e:
  1060. msg = encodeutils.exception_to_unicode(e)
  1061. LOG.warn(msg, exc_info=True)
  1062. raise HTTPBadRequest(explanation=e.msg, request=request)
  1063. image_meta = result['image_meta']
  1064. image_meta = validate_image_meta(request, image_meta)
  1065. if request.content_length:
  1066. image_size = request.content_length
  1067. elif 'size' in image_meta:
  1068. image_size = image_meta['size']
  1069. else:
  1070. image_size = None
  1071. data = request.body_file if self.has_body(request) else None
  1072. if image_size is None and data is not None:
  1073. data = utils.LimitingReader(data, CONF.image_size_cap)
  1074. # NOTE(bcwaldon): this is a hack to make sure the downstream code
  1075. # gets the correct image data
  1076. request.body_file = data
  1077. elif image_size is not None and image_size > CONF.image_size_cap:
  1078. max_image_size = CONF.image_size_cap
  1079. msg = (_("Denying attempt to upload image larger than %d"
  1080. " bytes.") % max_image_size)
  1081. LOG.warn(msg)
  1082. raise HTTPBadRequest(explanation=msg, request=request)
  1083. result['image_data'] = data
  1084. return result
  1085. def create(self, request):
  1086. return self._deserialize(request)
  1087. def update(self, request):
  1088. return self._deserialize(request)
  1089. class ImageSerializer(wsgi.JSONResponseSerializer):
  1090. """Handles serialization of specific controller method responses."""
  1091. def __init__(self):
  1092. self.notifier = notifier.Notifier()
  1093. def _inject_location_header(self, response, image_meta):
  1094. location = self._get_image_location(image_meta)
  1095. if six.PY2:
  1096. location = location.encode('utf-8')
  1097. response.headers['Location'] = location
  1098. def _inject_checksum_header(self, response, image_meta):
  1099. if image_meta['checksum'] is not None:
  1100. checksum = image_meta['checksum']
  1101. if six.PY2:
  1102. checksum = checksum.encode('utf-8')
  1103. response.headers['ETag'] = checksum
  1104. def _inject_image_meta_headers(self, response, image_meta):
  1105. """
  1106. Given a response and mapping of image metadata, injects
  1107. the Response with a set of HTTP headers for the image
  1108. metadata. Each main image metadata field is injected
  1109. as a HTTP header with key 'x-image-meta-<FIELD>' except
  1110. for the properties field, which is further broken out
  1111. into a set of 'x-image-meta-property-<KEY>' headers
  1112. :param response: The Webob Response object
  1113. :param image_meta: Mapping of image metadata
  1114. """
  1115. headers = utils.image_meta_to_http_headers(image_meta)
  1116. for k, v in headers.items():
  1117. if six.PY3:
  1118. response.headers[str(k)] = str(v)
  1119. else:
  1120. response.headers[k.encode('utf-8')] = v.encode('utf-8')
  1121. def _get_image_location(self, image_meta):
  1122. """Build a relative url to reach the image defined by image_meta."""
  1123. return "/v1/images/%s" % image_meta['id']
  1124. def meta(self, response, result):
  1125. image_meta = result['image_meta']
  1126. self._inject_image_meta_headers(response, image_meta)
  1127. self._inject_checksum_header(response, image_meta)
  1128. return response
  1129. def show(self, response, result):
  1130. image_meta = result['image_meta']
  1131. image_iter = result['image_iterator']
  1132. # image_meta['size'] should be an int, but could possibly be a str
  1133. expected_size = int(image_meta['size'])
  1134. response.app_iter = common.size_checked_iter(
  1135. response, image_meta, expected_size, image_iter, self.notifier)
  1136. # Using app_iter blanks content-length, so we set it here...
  1137. response.headers['Content-Length'] = str(image_meta['size'])
  1138. response.headers['Content-Type'] = 'application/octet-stream'
  1139. self._inject_image_meta_headers(response, image_meta)
  1140. self._inject_checksum_header(response, image_meta)
  1141. return response
  1142. def update(self, response, result):
  1143. image_meta = result['image_meta']
  1144. response.body = self.to_json(dict(image=image_meta))
  1145. response.headers['Content-Type'] = 'application/json'
  1146. self._inject_checksum_header(response, image_meta)
  1147. return response
  1148. def create(self, response, result):
  1149. image_meta = result['image_meta']
  1150. response.status = 201
  1151. response.headers['Content-Type'] = 'application/json'
  1152. response.body = self.to_json(dict(image=image_meta))
  1153. self._inject_location_header(response, image_meta)
  1154. self._inject_checksum_header(response, image_meta)
  1155. return response
  1156. def create_resource():
  1157. """Images resource factory method"""
  1158. deserializer = ImageDeserializer()
  1159. serializer = ImageSerializer()
  1160. return wsgi.Resource(Controller(), deserializer, serializer)