← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1371568] [NEW] Protected image properties prevent from creating a snapshot

 

Public bug reported:

When trying to create a snapshot from an instance based on an image with
protected properties, it fails with:

# nova image-create 391beed6-1408-4b50-b343-2b26d6947c4a server-snap
ERROR: 403 Forbidden
Property 'foo_bar' is protected
    (HTTP 403) (HTTP 403) (Request-ID: req-973aeef4-312f-4c19-a1b3-0b3a09ec06e7)


The image used has the property 'foo_bar' defined:

# glance image-show 53ff0d74-074b-4ee5-a9a2-4e47552821d8 
+-------------------------------------+------------------------------------------------------------------------------+
| Property                            | Value                                                                        |
+-------------------------------------+------------------------------------------------------------------------------+
| Property 'foo_bar'         | baz                                                                             |
(..)


and it is actually protected:

# cat /etc/glance/policy-properties.conf 
[foo_.*]
create = admin
read = @
update = admin
delete = admin


The image property is protected to avoid users being able to modify this value. However after instanciating the image it would be nice to create snapshots out of it.

** Affects: nova
     Importance: Undecided
         Status: Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1371568

Title:
  Protected image properties prevent from creating a snapshot

Status in OpenStack Compute (Nova):
  Invalid

Bug description:
  When trying to create a snapshot from an instance based on an image
  with protected properties, it fails with:

  # nova image-create 391beed6-1408-4b50-b343-2b26d6947c4a server-snap
  ERROR: 403 Forbidden
  Property 'foo_bar' is protected
      (HTTP 403) (HTTP 403) (Request-ID: req-973aeef4-312f-4c19-a1b3-0b3a09ec06e7)

  
  The image used has the property 'foo_bar' defined:

  # glance image-show 53ff0d74-074b-4ee5-a9a2-4e47552821d8 
  +-------------------------------------+------------------------------------------------------------------------------+
  | Property                            | Value                                                                        |
  +-------------------------------------+------------------------------------------------------------------------------+
  | Property 'foo_bar'         | baz                                                                             |
  (..)

  
  and it is actually protected:

  # cat /etc/glance/policy-properties.conf 
  [foo_.*]
  create = admin
  read = @
  update = admin
  delete = admin

  
  The image property is protected to avoid users being able to modify this value. However after instanciating the image it would be nice to create snapshots out of it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1371568/+subscriptions


Follow ups

References