yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #67586
[Bug 1413426] Re: Forbidden: Policy doesn't allow compute:get_all_tenants to be performed. (HTTP 403)
This bug was last updated nearly a years ago, and the comments
suggest that this has been addressed, so this is getting marked
as Invalid. If the issue still exists, please feel free to
reopen it.
** Changed in: horizon
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1413426
Title:
Forbidden: Policy doesn't allow compute:get_all_tenants to be
performed. (HTTP 403)
Status in OpenStack Dashboard (Horizon):
Invalid
Bug description:
Horizon is making requests to admin-only APIs in the project
dashboard:
Error while checking action permissions.
Traceback (most recent call last):
File "/home/kspear/openstack/horizon/horizon/tables/base.py", line 1260, in _filter_action
return action._allowed(request, datum) and row_matched
File "/home/kspear/openstack/horizon/horizon/tables/actions.py", line 137, in _allowed
return self.allowed(request, datum)
File "/home/kspear/openstack/horizon/openstack_dashboard/dashboards/project/access_and_security/floating_ips/tables.py", line 52, in allowed
usages = quotas.tenant_quota_usages(request)
File "/home/kspear/openstack/horizon/horizon/utils/memoized.py", line 90, in wrapped
value = cache[key] = func(*args, **kwargs)
File "/home/kspear/openstack/horizon/openstack_dashboard/usage/quotas.py", line 353, in tenant_quota_usages
_get_tenant_compute_usages(request, usages, disabled_quotas, tenant_id)
File "/home/kspear/openstack/horizon/openstack_dashboard/usage/quotas.py", line 258, in _get_tenant_compute_usages
request, search_opts={'tenant_id': tenant_id}, all_tenants=True)
File "/home/kspear/openstack/horizon/openstack_dashboard/api/nova.py", line 580, in server_list
for s in c.servers.list(True, search_opts)]
File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/v1_1/servers.py", line 603, in list
return self._list("/servers%s%s" % (detail, query_string), "servers")
File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/base.py", line 67, in _list
_resp, body = self.api.client.get(url)
File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/client.py", line 487, in get
return self._cs_request(url, 'GET', **kwargs)
File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/client.py", line 465, in _cs_request
resp, body = self._time_request(url, method, **kwargs)
File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/client.py", line 439, in _time_request
resp, body = self.request(url, method, **kwargs)
File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/client.py", line 433, in request
raise exceptions.from_response(resp, body, url, method)
Forbidden: Policy doesn't allow compute:get_all_tenants to be performed. (HTTP 403) (Request-ID: req-8c0549aa-4a3e-4c07-8911-a35196be0a13)
Looks like this commit is the culprit:
commit f5b77f9a145337c22cf29d8017f5df67a6bacb7c
Author: eric <eric.peterson1@xxxxxxxxxxx>
Date: Sun Nov 30 07:03:20 2014 -0700
Quotas for users with admin role do not work
The quotas code does not isloate counts to resources within the
current tenant/project. So if a user with the admin role makes
calls for quota items, the admin role will have counts of a global
list of resources. This changes that for the tenant quota call
to fallback to the request.user.project_id if no project was
otherwise specified for the tenant quota api call.
Change-Id: Ib0e6ce7774c4c03686a044f233dbb9aa36dbe1b9
Closes-bug: #1391242
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1413426/+subscriptions
References
