← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #52679

[Bug 1595335] [NEW] Add image location fails when show_multiple_locations = false

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Background:
I'm working on getting full glance v2 support into Horizon with this patch: https://review.openstack.org/#/c/320039/

I provided the curl calls below for clarity to reproduce this, but
Horizon uses python-glanceclient to send the REST api calls.

I reproduced this issue with the latest devstack as of 6/22/16 on ubuntu
14.04.

Steps to reproduce:

1. Create an image via the glance v2 api (seems to work fine):
curl -g -i -X POST -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: python-glanceclient' -H 'Connection: keep-alive' -H 'X-Auth-Token: [token]' -H 'Content-Type: application/json' -d '{"name": "testimage", "container_format": "bare", "min_ram": 0, "disk_format": "iso", "visibility": "private", "protected": false, "min_disk": 0}' http://192.168.43.128:9292/v2/images

{"status": "queued", "name": "bradtest", "tags": [], "container_format":
"bare", "created_at": "2016-06-22T13:29:03Z", "size": null,
"disk_format": "iso", "updated_at": "2016-06-22T13:29:03Z",
"visibility": "private", "self":
"/v2/images/a507654f-9315-4677-ba68-417eedc49810", "min_disk": 0,
"protected": false, "id": "a507654f-9315-4677-ba68-417eedc49810",
"file": "/v2/images/a507654f-9315-4677-ba68-417eedc49810/file",
"checksum": null, "owner": "21856121680744f9b8da04a3f9290c03",
"virtual_size": null, "min_ram": 0, "schema": "/v2/schemas/image"}


2. Update the image with a location:
curl -g -i -X PATCH -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: python-glanceclient' -H 'Connection: keep-alive' -H 'X-Auth-Token: [token]' -H 'Content-Type: application/openstack-images-v2.1-json-patch' -d '[{"path": "/locations/-", "value": {"url": "http://mirrors.liquidweb.com/CentOS/7/isos/x86_64/CentOS-7-x86_64-Minimal-1511.iso";, "metadata": {}}, "op": "add"}]' http://192.168.43.128:9292/v2/images/a507654f-9315-4677-ba68-417eedc49810

The update call fails with this error:

403 Forbidden
It's not allowed to add locations if locations are invisible.


I see this in the glance-api log:

2016-06-22 07:17:35.083 29566 INFO eventlet.wsgi.server [req-ec3f939f-
fa7c-4c79-804a-09a3b5904b8d 94c7ed5c69984ce39ea89bc1337807d7
21856121680744f9b8da04a3f9290c03 - - -] 192.168.43.128 - - [22/Jun/2016
07:17:35] "PATCH /v2/images/06afff49-8658-4e58-a28a-fd6e02a379c0
HTTP/1.1" 403 295 0.045951


If I set show_multiple_locations = true, the error doesn't occur. So
that's a workaround, but there are security implications to setting that
value.

It's entirely possible we're doing something wrong in Horizon when using
the v2 api, but I'm wondering if this behavior from the v2 api is
expected.

** Affects: glance
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1595335

Title:
  Add image location fails when show_multiple_locations = false

Status in Glance:
  New

Bug description:
  Background:
  I'm working on getting full glance v2 support into Horizon with this patch: https://review.openstack.org/#/c/320039/

  I provided the curl calls below for clarity to reproduce this, but
  Horizon uses python-glanceclient to send the REST api calls.

  I reproduced this issue with the latest devstack as of 6/22/16 on
  ubuntu 14.04.

  Steps to reproduce:

  1. Create an image via the glance v2 api (seems to work fine):
  curl -g -i -X POST -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: python-glanceclient' -H 'Connection: keep-alive' -H 'X-Auth-Token: [token]' -H 'Content-Type: application/json' -d '{"name": "testimage", "container_format": "bare", "min_ram": 0, "disk_format": "iso", "visibility": "private", "protected": false, "min_disk": 0}' http://192.168.43.128:9292/v2/images

  {"status": "queued", "name": "bradtest", "tags": [],
  "container_format": "bare", "created_at": "2016-06-22T13:29:03Z",
  "size": null, "disk_format": "iso", "updated_at":
  "2016-06-22T13:29:03Z", "visibility": "private", "self":
  "/v2/images/a507654f-9315-4677-ba68-417eedc49810", "min_disk": 0,
  "protected": false, "id": "a507654f-9315-4677-ba68-417eedc49810",
  "file": "/v2/images/a507654f-9315-4677-ba68-417eedc49810/file",
  "checksum": null, "owner": "21856121680744f9b8da04a3f9290c03",
  "virtual_size": null, "min_ram": 0, "schema": "/v2/schemas/image"}

  
  2. Update the image with a location:
  curl -g -i -X PATCH -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: python-glanceclient' -H 'Connection: keep-alive' -H 'X-Auth-Token: [token]' -H 'Content-Type: application/openstack-images-v2.1-json-patch' -d '[{"path": "/locations/-", "value": {"url": "http://mirrors.liquidweb.com/CentOS/7/isos/x86_64/CentOS-7-x86_64-Minimal-1511.iso";, "metadata": {}}, "op": "add"}]' http://192.168.43.128:9292/v2/images/a507654f-9315-4677-ba68-417eedc49810

  The update call fails with this error:

  403 Forbidden
  It's not allowed to add locations if locations are invisible.

  
  I see this in the glance-api log:

  2016-06-22 07:17:35.083 29566 INFO eventlet.wsgi.server [req-ec3f939f-
  fa7c-4c79-804a-09a3b5904b8d 94c7ed5c69984ce39ea89bc1337807d7
  21856121680744f9b8da04a3f9290c03 - - -] 192.168.43.128 - -
  [22/Jun/2016 07:17:35] "PATCH /v2/images/06afff49-8658-4e58-a28a-
  fd6e02a379c0 HTTP/1.1" 403 295 0.045951


  If I set show_multiple_locations = true, the error doesn't occur. So
  that's a workaround, but there are security implications to setting
  that value.

  It's entirely possible we're doing something wrong in Horizon when
  using the v2 api, but I'm wondering if this behavior from the v2 api
  is expected.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1595335/+subscriptions
  Thread PreviousDate PreviousThread Next