yahoo-eng-team team mailing list archive

[Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>]

** Changed in: glance
       Status: Fix Committed => Fix Released

** Changed in: glance
    Milestone: None => liberty-rc1

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1439666

Title:
  Glance scrubber doesn't work when registry operates in trusted-auth
  mode

Status in Glance:
  Fix Released

Bug description:
  When glance regisry is deployed in trusted-auth mode, it doesn't
  authenticate[0] but populates the context based on the identity
  headers sent[1]. When the context is populated it is elevated to admin
  context, required for scrubber[2], based on the roles sent in identity
  headers[3].

  When Glance scrubber attempts to talk to registry, it needs to send
  the appropriate admin role to gain admin context especially when the
  registry is deployed in trusted-auth mode. Without this, scrubber will
  fail with 401 every time it runs.

  [0]https://github.com/openstack/glance/blob/master/etc/glance-registry-paste.ini#L13
  [1]https://github.com/openstack/glance/blob/bb59c33ffcc6e1cde23c93bb25d38846e84c2cb9/glance/api/middleware/context.py#L77
  [2]https://github.com/openstack/glance/blob/bb59c33ffcc6e1cde23c93bb25d38846e84c2cb9/glance/scrubber.py#L326-L328
  [3]https://github.com/openstack/glance/blob/bb59c33ffcc6e1cde23c93bb25d38846e84c2cb9/glance/api/middleware/context.py#L117

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1439666/+subscriptions