From ba45d3597ef3a709d32a8b793a02ac599764c40e Mon Sep 17 00:00:00 2001 From: Brian Waldon Date: Wed, 11 Jul 2012 19:10:42 -0700 Subject: Remove deprecated auth from GlanceImageService * Drop the code block specific to deprecated auth in image deletion code * Remove reference to deprecated auth in the auth_strategy config option help text * Related to bp remove-deprecated-auth Change-Id: Id0f4f287d33d01d54642fbc544ada9b7ef1b83ec --- nova/flags.py | 3 +-- nova/image/glance.py | 17 ----------------- nova/tests/image/test_glance.py | 26 -------------------------- 3 files changed, 1 insertion(+), 45 deletions(-) diff --git a/nova/flags.py b/nova/flags.py index d62a9f67e..5291f08f1 100644 --- a/nova/flags.py +++ b/nova/flags.py @@ -413,8 +413,7 @@ global_opts = [ help='Name of network to use to set access ips for instances'), cfg.StrOpt('auth_strategy', default='noauth', - help='The strategy to use for auth. Supports noauth, keystone, ' - 'and deprecated.'), + help='The strategy to use for auth: noauth or keystone.'), ] FLAGS.register_opts(global_opts) diff --git a/nova/image/glance.py b/nova/image/glance.py index 2da91c9b6..0422d2083 100644 --- a/nova/image/glance.py +++ b/nova/image/glance.py @@ -290,23 +290,6 @@ class GlanceImageService(object): """ # NOTE(vish): show is to check if image is available image_meta = self.show(context, image_id) - - if FLAGS.auth_strategy == 'deprecated': - # NOTE(parthi): only allow image deletions if the user - # is a member of the project owning the image, in case of - # setup without keystone - # TODO(parthi): Currently this access control breaks if - # 1. Image is not owned by a project - # 2. Deleting user is not bound a project - properties = image_meta['properties'] - if (context.project_id and ('project_id' in properties) - and (context.project_id != properties['project_id'])): - raise exception.NotAuthorized(_("Not the image owner")) - - if (context.project_id and ('owner_id' in properties) - and (context.project_id != properties['owner_id'])): - raise exception.NotAuthorized(_("Not the image owner")) - try: result = self._get_client(context).delete_image(image_id) except glance_exception.NotFound: diff --git a/nova/tests/image/test_glance.py b/nova/tests/image/test_glance.py index 0518007c9..d6c9f8606 100644 --- a/nova/tests/image/test_glance.py +++ b/nova/tests/image/test_glance.py @@ -340,32 +340,6 @@ class TestGlanceImageService(test.TestCase): num_images = len(self.service.detail(self.context)) self.assertEquals(1, num_images) - def test_delete_not_by_owner(self): - # this test is only relevant for deprecated auth mode - self.flags(auth_strategy='deprecated') - - fixture = self._make_fixture(name='test image') - properties = {'project_id': 'proj1'} - fixture['properties'] = properties - - num_images = len(self.service.detail(self.context)) - self.assertEquals(0, num_images) - - image_id = self.service.create(self.context, fixture)['id'] - num_images = len(self.service.detail(self.context)) - self.assertEquals(1, num_images) - - proj_id = self.context.project_id - self.context.project_id = 'proj2' - - self.assertRaises(exception.NotAuthorized, self.service.delete, - self.context, image_id) - - self.context.project_id = proj_id - - num_images = len(self.service.detail(self.context)) - self.assertEquals(1, num_images) - def test_show_passes_through_to_client(self): fixture = self._make_fixture(name='image1', is_public=True) image_id = self.service.create(self.context, fixture)['id'] -- cgit