Storage reset failure leaves storage status active
Summary
When reset_storage() fails, the exception path records the error but still sets the storage status to active. This can make a failed reset look successful and allow old data to continue being treated as healthy storage state.
Proof of concept
- Log in as a team admin or owner.
- Trigger a storage reset:
POST /<team_slug>/storage/<storage_name>?fragment=danger HTTP/1.1
Cookie: session=<team-admin-session>
Content-Type: application/x-www-form-urlencoded
reset_storage=Reset&csrf_token=<valid>
- Cause the underlying reset operation to fail, for example by making the volume/database reset path raise a permissions or deletion error.
- The worker enters the exception path and persists:
status = "active"
error.stage = "reset_database" or "reset_volume"
error.message = <exception>
Evidence
app/workers/tasks/storage.py:96 implements reset_storage().app/workers/tasks/storage.py:127-135 handles failure and still sets storage.status = "active".app/routers/team.py:339-354 triggers the reset job for team admins.
Expected behavior
If reset fails, storage should be marked failed or restored to its previous state. The UI and business logic should not treat the storage as successfully reset.
Actual behavior
The failure path stores an error but leaves the storage status as active.
Impact
Users may believe the storage was cleared even though old data remains. Later operations can continue using a storage resource whose reset failed.
Suggested fix
Set status = "failed" or restore the previous state in the exception path. Consider blocking normal use while error is populated after a reset failure.
Storage reset failure leaves storage status active
Summary
When
reset_storage()fails, the exception path records the error but still sets the storage status toactive. This can make a failed reset look successful and allow old data to continue being treated as healthy storage state.Proof of concept
Evidence
app/workers/tasks/storage.py:96implementsreset_storage().app/workers/tasks/storage.py:127-135handles failure and still setsstorage.status = "active".app/routers/team.py:339-354triggers the reset job for team admins.Expected behavior
If reset fails, storage should be marked failed or restored to its previous state. The UI and business logic should not treat the storage as successfully reset.
Actual behavior
The failure path stores an error but leaves the storage status as
active.Impact
Users may believe the storage was cleared even though old data remains. Later operations can continue using a storage resource whose reset failed.
Suggested fix
Set
status = "failed"or restore the previous state in the exception path. Consider blocking normal use whileerroris populated after a reset failure.