Glance

v1 API returns 200 OK when an admin deletes a deleted image

Bug #1060944 reported by Rohit Karajgi
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
Medium
Unmesh Gurjar
Glance grizzly-1 "g1"
Folsom
Fix Released
Medium
Brian Waldon
Glance 2012.2.1
Grizzly
Fix Released
Medium
Unmesh Gurjar
Glance 2013.1 "grizzly"
glance (Ubuntu)
Fix Released
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned

Bug Description

1. Delete an image in Glance

$ curl -v -H "X-Auth-Token:e546b5340e3041448beeee37323d5120" -H "Content-type: application/json" -X DELETE http://10.2.3.102:9292/v1/images/e05f88fb-9729-4f06-b6dd-90e600444212
* About to connect() to 10.2.3.102 port 9292 (#0)
* Trying 10.2.3.102... connected
> DELETE /v1/images/e05f88fb-9729-4f06-b6dd-90e600444212 HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: 10.2.3.102:9292
> Accept: */*
> X-Auth-Token:e546b5340e3041448beeee37323d5120
> Content-type: application/json
>
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Content-Length: 4
< X-Openstack-Request-Id: req-693d82be-0a35-41a8-a0d1-4d0c4fa67622
< Date: Wed, 03 Oct 2012 13:06:47 GMT
<
* Connection #0 to host 10.2.3.102 left intact
* Closing connection #0

Check image details:
--------------------------------
$ glance image-show e05f88fb-9729-4f06-b6dd-90e600444212
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| container_format | ovf |
| created_at | 2012-10-03T13:05:12 |
| deleted | True |
| deleted_at | 2012-10-03T13:06:47 |
| disk_format | raw |
| id | e05f88fb-9729-4f06-b6dd-90e600444212 |
| is_public | False |
| min_disk | 0 |
| min_ram | 0 |
| name | demos_image |
| owner | b1519b1ea6b8439fb7d88b1ec79ceec2 |
| protected | False |
| size | 0 |
| status | deleted |
| updated_at | 2012-10-03T13:09:48 |
+------------------+--------------------------------------+

2. Retry Deleting the image(as Admin):
k$ curl -v -H "X-Auth-Token:e546b5340e3041448beeee37323d5120" -H "Content-type: application/json" -X DELETE http://10.2.3.102:9292/v1/images/e05f88fb-9729-4f06-b6dd-90e600444212
* About to connect() to 10.2.3.102 port 9292 (#0)
* Trying 10.2.3.102... connected
> DELETE /v1/images/e05f88fb-9729-4f06-b6dd-90e600444212 HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: 10.2.3.102:9292
> Accept: */*
> X-Auth-Token:e546b5340e3041448beeee37323d5120
> Content-type: application/json
>
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Content-Length: 4
< X-Openstack-Request-Id: req-30fd2d3e-97f8-484b-8d4f-11f682852875
< Date: Wed, 03 Oct 2012 13:09:48 GMT
<
* Connection #0 to host 10.2.3.102 left intact
* Closing connection #0

### This should have returned 404 NotFound or an appropriate error.

Check image details again:
--------------------------------------
$ glance image-show e05f88fb-9729-4f06-b6dd-90e600444212
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| container_format | ovf |
| created_at | 2012-10-03T13:05:12 |
| deleted | True |
| deleted_at | 2012-10-03T13:09:48 |
| disk_format | raw |
| id | e05f88fb-9729-4f06-b6dd-90e600444212 |
| is_public | False |
| min_disk | 0 |
| min_ram | 0 |
| name | demos_image |
| owner | b1519b1ea6b8439fb7d88b1ec79ceec2 |
| protected | False |
| size | 0 |
| status | deleted |
| updated_at | 2012-10-03T13:09:48 |
+------------------+--------------------------------------+

Note that the "deleted_at" timestamp gets updated after the second delete attempt.
This works fine for an non-admin context, but the behavior should for this scenario should be fixed for an admin context too.

Unmesh Gurjar (unmesh-gurjar)
Changed in glance:
assignee: nobody → Unmesh Gurjar (unmesh-gurjar)
Revision history for this message
Unmesh Gurjar (unmesh-gurjar) wrote :

IMO, the API should return a 403 Forbidden error similar to the scenario where an admin updates a deleted image (https://bugs.launchpad.net/glance/+bug/1060930).

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/14668

Changed in glance:
status: New → In Progress
Iccha Sethi (iccha-sethi)
Changed in glance:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/14668
Committed: http://github.com/openstack/glance/commit/ca0e6c09ab81f8941f7657f28682a74d5154bcba
Submitter: Jenkins
Branch: master

commit ca0e6c09ab81f8941f7657f28682a74d5154bcba
Author: Unmesh Gurjar <email address hidden>
Date: Tue Oct 23 03:34:31 2012 -0700

    Return 403 when admin deletes a deleted image

    1. Returned a 403 Forbidden error when an admin user tries to delete a deleted
    image.
    2. Added unit test coverage.

    Fixes LP: #1060944

    Change-Id: I1a5c4ca18e2e70d8a614b3132bfcea1f56c5f59c

Changed in glance:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (stable/folsom)

Fix proposed to branch: stable/folsom
Review: https://review.openstack.org/15150

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (stable/folsom)

Reviewed: https://review.openstack.org/15150
Committed: http://github.com/openstack/glance/commit/a296a5b3686aeb9c337b46a5a066888e6863e7a4
Submitter: Jenkins
Branch: stable/folsom

commit a296a5b3686aeb9c337b46a5a066888e6863e7a4
Author: Unmesh Gurjar <email address hidden>
Date: Tue Oct 23 03:34:31 2012 -0700

    Return 403 when admin deletes a deleted image

    1. Returned a 403 Forbidden error when an admin user tries to delete a deleted
    image.
    2. Added unit test coverage.

    Fixes LP: #1060944

    Change-Id: I1a5c4ca18e2e70d8a614b3132bfcea1f56c5f59c

Thierry Carrez (ttx)
Changed in glance:
milestone: none → grizzly-1
status: Fix Committed → Fix Released
Adam Gandelman (gandelman-a)
Changed in glance (Ubuntu):
status: New → Fix Released
Changed in glance (Ubuntu Quantal):
status: New → Confirmed
Revision history for this message
Clint Byrum (clint-fewbar) wrote : Please test proposed package

Hello Rohit, or anyone else affected,

Accepted glance into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/glance/2012.2.1-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in glance (Ubuntu Quantal):
status: Confirmed → Fix Committed
tags: added: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glance - 2012.2.1-0ubuntu1

---------------
glance (2012.2.1-0ubuntu1) quantal-proposed; urgency=low

  * Dropped patches, applied upstream:
    - debian/patches/CVE-2012-4573.patch
    - debian/patches/CVE-2012-4573b.patch
  * Resynchronize with stable/folsom (199783ce) (LP: #1085255):
    - [49408e9] Glance image-delete HTTPInternalServerError HTTP 500
      (LP: #1075580)
    - [91aaa48] Image fails to upload to swift: TypeError: object of type
      'CooperativeReader' has no len( (LP: #1057322)
    - [a296a5b] Return 403 when admin deletes a deleted image (LP: #1060944)
    - [3e58a6a] Disallow updating deleted images. (LP: #1060930)
    - [26c8085] admins can see deleted images in v2 api (LP: #1071446)
    - [8321ca6] No exclude option to skip tests in run_tests.sh (LP: #1065758)
    - [c3bea11] Badly named stable/folsom Glance tarballs (LP: #1059634)
    - [fc0ee76] Non-admin users can cause public glance images to be deleted
      from the backend storage repository in the v2 api (LP: #1076506)
    - [90bcdc5] Non-admin users can cause public glance images to be deleted
      from the backend storage repository (LP: #1065187)
    - [7841cc9] FakeAuth not always admin
    - [ddad275] Jenkins jobs fail because of incompatibility between sqlalchemy-
      migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
    - [1d5c651] nosetest options cause no such option errors (LP: #1056420)
    - [ac223e2] Set defaultbranch in .gitreview to stable/folsom
 -- Adam Gandelman <email address hidden> Tue, 04 Dec 2012 09:19:35 -0800

Changed in glance (Ubuntu Quantal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.