Glance

glance v2 404 on POST/DELETE to an image you can GET

Bug #1078520 reported by Mark Washenberger on 2012-11-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Glance	Fix Released	Undecided	Mark Washenberger	Glance grizzly-1 "g1"
	Grizzly	Fix Released	Undecided	Mark Washenberger	Glance 2013.1 "grizzly"

Bug Description

For an image that a user can see (i.e. GET /v2/images/<id> returns 200 OK) but are not allowed to modify, POSTS and DELETES return 404 Not Found. This is confusing because clearly the GET request can find the image. Instead they should return 403 Forbidden. There is no point in trying to hide the existence of the image on POST/DELETE if you don't want to hide it on GET.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-11-14: Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/16032

Changed in glance:
assignee:	nobody → Mark Washenberger (markwash)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-11-14: Fix merged to glance (master)

Reviewed: https://review.openstack.org/16032
Committed: http://github.com/openstack/glance/commit/1758e866602be17f3f96a8621f8496999ca8ac9b
Submitter: Jenkins
Branch: master

commit 1758e866602be17f3f96a8621f8496999ca8ac9b
Author: Mark J. Washenberger <email address hidden>
Date: Tue Nov 13 16:30:37 2012 -0800

Return 403 on images you can see but can't modify

    Visible images return 404 (Not Found) when you try to modify them and
    are not allowed. This patch changes this return to 403 Forbidden which
    more accurately reflects the situation, in light of the fact that we are
    not trying to hide the existence of the image in this case.

Fixes bug 1078520

Change-Id: I70e6e273aeaef51dad40cf001308d3a817bdced5

Changed in glance:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2012-11-21

Changed in glance:
milestone:	none → grizzly-1
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.