Cleaning image data when image signature verification fails

While creating an image, image data stays in backend if image
signature verification fails.

After raising SignatureVerificationError exception, image status is
being set to 'killed' in DB but the image data remains as it is in
the backend.

Adding delete_from_backend() call to cleanup the data from backend when
Singature Verification fails.

Closes-Bug: #1736336
Change-Id: I2a1a7addd33050cc8845aec24479aa4d1bc26ca0

glance/location.py

@@ -445,6 +445,8 @@ class ImageProxy(glance.domain.proxy.Image):
                 LOG.info(_LI("Successfully verified signature for image %s"),
                          self.image.image_id)
             except crypto_exception.InvalidSignature:
+                self.store_api.delete_from_backend(location,
+                                                   context=self.context)
                 raise cursive_exception.SignatureVerificationError(
                     _('Signature verification failed')
                 )

glance/tests/unit/test_store_image.py

@@ -224,9 +224,12 @@ class TestStoreImage(utils.BaseTestCase):
                        unit_test_utils.fake_get_verifier)
         image = glance.location.ImageProxy(image_stub, context,
                                            self.store_api, self.store_utils)
-        self.assertRaises(cursive_exception.SignatureVerificationError,
-                          image.set_data,
-                          'YYYY', 4)
+        with mock.patch.object(self.store_api,
+                               'delete_from_backend') as mock_delete:
+            self.assertRaises(cursive_exception.SignatureVerificationError,
+                              image.set_data,
+                              'YYYY', 4)
+            mock_delete.assert_called()
 
     def test_image_set_data_invalid_signature_missing_metadata(self):
         context = glance.context.RequestContext(user=USER1)