Stop raising 403 when image is not found

Glance has a vestigial policy override knob that allows an operator to force a 403 response when attempting to get an image from the DB that is not found. This runs contrary to the API documentation, and creates a (potential) interoperability concern across clouds with differing policies on this topic. This removes that override and changes the test from validating this override to validating that it can no longer happen. APIImpact Change-Id: Ie24e3eb2f31d10d2ab9af62a0b645e8bdd0c2ff2 Closes-Bug: #1915543
2021-02-12 11:57:01 -08:00 · 2021-02-12 11:57:01 -08:00 · 2bfdc87a8c
commit 2bfdc87a8c
parent ed930ec512
4 changed files with 17 additions and 10 deletions
--- a/glance/api/policy.py
+++ b/glance/api/policy.py
@ -114,14 +114,9 @@ class ImageRepoProxy(glance.domain.proxy.Repo):
                                             item_proxy_kwargs=proxy_kwargs)

    def get(self, image_id):
-        try:
-            image = super(ImageRepoProxy, self).get(image_id)
-        except exception.NotFound:
-            self.policy.enforce(self.context, 'get_image', {})
-            raise
-        else:
-            self.policy.enforce(self.context, 'get_image',
-                                dict(ImageTarget(image)))
+        image = super(ImageRepoProxy, self).get(image_id)
+        self.policy.enforce(self.context, 'get_image',
+                            dict(ImageTarget(image)))
        return image

    def list(self, *args, **kwargs):
--- a/glance/tests/functional/v2/test_images.py
+++ b/glance/tests/functional/v2/test_images.py
@ -1940,7 +1940,7 @@ class TestImages(functional.FunctionalTest):

        headers['X-Tenant-Id'] = TENANT2
        response = requests.get(path, headers=headers)
-        self.assertEqual(http.FORBIDDEN, response.status_code)
+        self.assertEqual(http.NOT_FOUND, response.status_code)

        self.stop_servers()

--- a/glance/tests/unit/v2/test_images_resource.py
+++ b/glance/tests/unit/v2/test_images_resource.py
@ -3478,10 +3478,12 @@ class TestImagesControllerPolicies(base.IsolatedUnitTest):
                          request)

    def test_show_unauthorized(self):
+        # Make sure that if policy says we can't see the image that we get a
+        # NotFound result instead of a Forbidden one.
        rules = {"get_image": False}
        self.policy.set_rules(rules)
        request = unit_test_utils.get_fake_request()
-        self.assertRaises(webob.exc.HTTPForbidden, self.controller.show,
+        self.assertRaises(webob.exc.HTTPNotFound, self.controller.show,
                          request, image_id=UUID2)

    def test_create_image_unauthorized(self):
--- a/releasenotes/notes/image-not-found-policy-override-removed-52616c483a270bcf.yaml
+++ b/releasenotes/notes/image-not-found-policy-override-removed-52616c483a270bcf.yaml
@ -0,0 +1,10 @@
+---
+deprecations:
+  - |
+    The policy check that we ran when an image is not found is
+    removed. This previously allowed an operator to override the
+    behavior of a 404 to be a 403, in contrast to the API
+    documentation and design goals of defaulting to 404 for
+    information-hiding reasons. This check is no longer run in the
+    case of a NotFound result from the database, so any policy
+    attempting to control that behavior will be ignored from now on.