yahoo-eng-team team mailing list archive

Thread
Date

[Bug 870528] Re: User cannot see an image within its own project, created with 'nova image-create' command.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Nathanael Burton <nathanael.i.burton.work@xxxxxxxxx>
Date: Sat, 16 Mar 2013 23:35:42 -0000
Reply-to: Bug 870528 <870528@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a duplicate of bug 863305 ***
    https://bugs.launchpad.net/bugs/863305

@Thierry, I believe @Yaguang is correct.  This should already be fixed
here:
https://github.com/openstack/nova/blob/master/nova/image/glance.py#L362.
This is actually a duplicate of bug 863305.

** This bug has been marked a duplicate of bug 863305
   Image access control is available

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/870528

Title:
  User cannot see an image within its own project, created with 'nova
  image-create'  command.

Status in OpenStack Compute (Nova):
  Incomplete

Bug description:
  Environment:

  Ubuntu Server 11.04
  OpenStack Diablo release (single server deployment)
  Glance as an image storage

  Nova config:
  --libvirt_type=kvm
  --image_service=nova.image.glance.GlanceImageService
  --sql_connection=mysql://$dbuser:$dbpass@127.0.0.1/nova

  --ec2_url=http://172.16.100.1:8773/services/Cloud
  --s3_host=172.16.128.10
  --cc_host=172.16.100.1
  --glance_host=172.16.100.1
  --rabbit_host=172.16.100.1

  --network_manager=nova.network.manager.FlatDHCPManager
  --dhcpbridge_flagfile=/etc/nova/nova.conf
  --dhcpbridge=/usr/bin/nova-dhcpbridge
  --fixed_range=172.16.100.0/24
  --network_size=8
  --routing_source_ip=172.16.128.10

  --iscsi_ip_prefix=172.16.
  --FAKE_subdomain=ec2
  --logdir=/var/log/nova
  --lock_path=/var/lock/nova
  --state_path=/var/lib/nova
  --verbose
  --allow_admin_api=true
  --use_deprecated_auth=true

  Steps to reproduce:
  1. create Nova user: 
  sudo nova-manage user create --name=test
  sudo nova-manage project create --project=test-project --user=test
  sudo nova-manage role add --user=test --role=netadmin
  sudo nova-manage role add --user=test --role=netadmin --project=test-project
  sudo nova-manage project zipfile --project=test-project --user=test --file=test.zip

  2. start an instance with 'test' user credentials: nova boot test-vm  --image ... --flavor ...
  3. make a new image: nova image-create <test-vm-id> mysnap
  4. check that the new image is available: nova image-list

  Problem: user cannot see its own snapshot with nova image-list, and
  cannot start it with 'nova boot'.

  Workaround: 
  File '/usr/share/pyshared/nova/image/service.py' (change 'project_id' to 'owner_id'):

      @staticmethod
      def _is_image_available(context, image_meta):
          """Check image availability.

          if context.project_id and ('project_id' in properties):
              return str(properties['project_id']) == str(context.project_id)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/870528/+subscriptions