yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #21794
[Bug 1371568] [NEW] Protected image properties prevent from creating a snapshot
Public bug reported:
When trying to create a snapshot from an instance based on an image with
protected properties, it fails with:
# nova image-create 391beed6-1408-4b50-b343-2b26d6947c4a server-snap
ERROR: 403 Forbidden
Property 'foo_bar' is protected
(HTTP 403) (HTTP 403) (Request-ID: req-973aeef4-312f-4c19-a1b3-0b3a09ec06e7)
The image used has the property 'foo_bar' defined:
# glance image-show 53ff0d74-074b-4ee5-a9a2-4e47552821d8
+-------------------------------------+------------------------------------------------------------------------------+
| Property | Value |
+-------------------------------------+------------------------------------------------------------------------------+
| Property 'foo_bar' | baz |
(..)
and it is actually protected:
# cat /etc/glance/policy-properties.conf
[foo_.*]
create = admin
read = @
update = admin
delete = admin
The image property is protected to avoid users being able to modify this value. However after instanciating the image it would be nice to create snapshots out of it.
** Affects: nova
Importance: Undecided
Status: Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1371568
Title:
Protected image properties prevent from creating a snapshot
Status in OpenStack Compute (Nova):
Invalid
Bug description:
When trying to create a snapshot from an instance based on an image
with protected properties, it fails with:
# nova image-create 391beed6-1408-4b50-b343-2b26d6947c4a server-snap
ERROR: 403 Forbidden
Property 'foo_bar' is protected
(HTTP 403) (HTTP 403) (Request-ID: req-973aeef4-312f-4c19-a1b3-0b3a09ec06e7)
The image used has the property 'foo_bar' defined:
# glance image-show 53ff0d74-074b-4ee5-a9a2-4e47552821d8
+-------------------------------------+------------------------------------------------------------------------------+
| Property | Value |
+-------------------------------------+------------------------------------------------------------------------------+
| Property 'foo_bar' | baz |
(..)
and it is actually protected:
# cat /etc/glance/policy-properties.conf
[foo_.*]
create = admin
read = @
update = admin
delete = admin
The image property is protected to avoid users being able to modify this value. However after instanciating the image it would be nice to create snapshots out of it.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1371568/+subscriptions
Follow ups
References