diff options
| -rw-r--r-- | nova/flags.py | 3 | ||||
| -rw-r--r-- | nova/image/glance.py | 17 | ||||
| -rw-r--r-- | nova/tests/image/test_glance.py | 26 |
3 files changed, 1 insertions, 45 deletions
diff --git a/nova/flags.py b/nova/flags.py index d62a9f67e..5291f08f1 100644 --- a/nova/flags.py +++ b/nova/flags.py @@ -413,8 +413,7 @@ global_opts = [ help='Name of network to use to set access ips for instances'), cfg.StrOpt('auth_strategy', default='noauth', - help='The strategy to use for auth. Supports noauth, keystone, ' - 'and deprecated.'), + help='The strategy to use for auth: noauth or keystone.'), ] FLAGS.register_opts(global_opts) diff --git a/nova/image/glance.py b/nova/image/glance.py index 2da91c9b6..0422d2083 100644 --- a/nova/image/glance.py +++ b/nova/image/glance.py @@ -290,23 +290,6 @@ class GlanceImageService(object): """ # NOTE(vish): show is to check if image is available image_meta = self.show(context, image_id) - - if FLAGS.auth_strategy == 'deprecated': - # NOTE(parthi): only allow image deletions if the user - # is a member of the project owning the image, in case of - # setup without keystone - # TODO(parthi): Currently this access control breaks if - # 1. Image is not owned by a project - # 2. Deleting user is not bound a project - properties = image_meta['properties'] - if (context.project_id and ('project_id' in properties) - and (context.project_id != properties['project_id'])): - raise exception.NotAuthorized(_("Not the image owner")) - - if (context.project_id and ('owner_id' in properties) - and (context.project_id != properties['owner_id'])): - raise exception.NotAuthorized(_("Not the image owner")) - try: result = self._get_client(context).delete_image(image_id) except glance_exception.NotFound: diff --git a/nova/tests/image/test_glance.py b/nova/tests/image/test_glance.py index 0518007c9..d6c9f8606 100644 --- a/nova/tests/image/test_glance.py +++ b/nova/tests/image/test_glance.py @@ -340,32 +340,6 @@ class TestGlanceImageService(test.TestCase): num_images = len(self.service.detail(self.context)) self.assertEquals(1, num_images) - def test_delete_not_by_owner(self): - # this test is only relevant for deprecated auth mode - self.flags(auth_strategy='deprecated') - - fixture = self._make_fixture(name='test image') - properties = {'project_id': 'proj1'} - fixture['properties'] = properties - - num_images = len(self.service.detail(self.context)) - self.assertEquals(0, num_images) - - image_id = self.service.create(self.context, fixture)['id'] - num_images = len(self.service.detail(self.context)) - self.assertEquals(1, num_images) - - proj_id = self.context.project_id - self.context.project_id = 'proj2' - - self.assertRaises(exception.NotAuthorized, self.service.delete, - self.context, image_id) - - self.context.project_id = proj_id - - num_images = len(self.service.detail(self.context)) - self.assertEquals(1, num_images) - def test_show_passes_through_to_client(self): fixture = self._make_fixture(name='image1', is_public=True) image_id = self.service.create(self.context, fixture)['id'] |