yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #63594
[Bug 1686255] [NEW] glance member-create throws 403 but creates member anyway
Public bug reported:
Hi,
Trying to share my image on a glance mitaka box, it throws a 403 error
but still creates the member anyway.
$ glance member-list --image-id 07c02208-4524-438e-9d9c-fa3898cdb4a1
+----------+-----------+--------+
| Image ID | Member ID | Status |
+----------+-----------+--------+
+----------+-----------+--------+
$ glance member-create 07c02208-4524-438e-9d9c-fa3898cdb4a1 f603a0eb08d74693ba207b29f621f047
403 Forbidden: Not allowed to create members for image 07c02208-4524-438e-9d9c-fa3898cdb4a1. (HTTP 403)
$ glance member-list --image-id 07c02208-4524-438e-9d9c-fa3898cdb4a1
+--------------------------------------+----------------------------------+---------+
| Image ID | Member ID | Status |
+--------------------------------------+----------------------------------+---------+
| 07c02208-4524-438e-9d9c-fa3898cdb4a1 | f603a0eb08d74693ba207b29f621f047 | pending |
+--------------------------------------+----------------------------------+---------+
I think the affected code is around:
https://github.com/openstack/glance/blob/stable/mitaka/glance/location.py#L507-L509
The member gets created fine but the Forbidden exception is thrown when
set ACLs. Setting ACL needs access to image locations at
https://github.com/openstack/glance/blob/stable/mitaka/glance/location.py#L500,
which I think a normal user doesn't have?
Please let me know if this is a bug / misconfiguration? Not being able
to set the ACL doesn't seem to affect sharing, I can still booted an
image shared this way.
** Affects: glance
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1686255
Title:
glance member-create throws 403 but creates member anyway
Status in Glance:
New
Bug description:
Hi,
Trying to share my image on a glance mitaka box, it throws a 403 error
but still creates the member anyway.
$ glance member-list --image-id 07c02208-4524-438e-9d9c-fa3898cdb4a1
+----------+-----------+--------+
| Image ID | Member ID | Status |
+----------+-----------+--------+
+----------+-----------+--------+
$ glance member-create 07c02208-4524-438e-9d9c-fa3898cdb4a1 f603a0eb08d74693ba207b29f621f047
403 Forbidden: Not allowed to create members for image 07c02208-4524-438e-9d9c-fa3898cdb4a1. (HTTP 403)
$ glance member-list --image-id 07c02208-4524-438e-9d9c-fa3898cdb4a1
+--------------------------------------+----------------------------------+---------+
| Image ID | Member ID | Status |
+--------------------------------------+----------------------------------+---------+
| 07c02208-4524-438e-9d9c-fa3898cdb4a1 | f603a0eb08d74693ba207b29f621f047 | pending |
+--------------------------------------+----------------------------------+---------+
I think the affected code is around:
https://github.com/openstack/glance/blob/stable/mitaka/glance/location.py#L507-L509
The member gets created fine but the Forbidden exception is thrown
when set ACLs. Setting ACL needs access to image locations at
https://github.com/openstack/glance/blob/stable/mitaka/glance/location.py#L500,
which I think a normal user doesn't have?
Please let me know if this is a bug / misconfiguration? Not being able
to set the ACL doesn't seem to affect sharing, I can still booted an
image shared this way.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1686255/+subscriptions
