** Also affects: cloud-archive/kilo Importance: Undecided Status: New
** Changed in: cloud-archive Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1502136 Title: Everything returns 403 if show_multiple_locations is true and get_image_location policy is set Status in Ubuntu Cloud Archive: Fix Released Status in Ubuntu Cloud Archive kilo series: Triaged Status in Glance: Fix Released Status in glance package in Ubuntu: Fix Released Status in glance source package in Trusty: Triaged Status in glance source package in Xenial: Fix Released Bug description: If, in glance-api.conf you set: show_multiple_locations = true Things work as expected: $ glance --os-image-api-version 2 image-show 13ae74f0-74bf-4792-a8bb-7c622abc5410 +------------------+----------------------------------------------------------------------------------+ | Property | Value | +------------------+----------------------------------------------------------------------------------+ | checksum | 9cb02fe7fcac26f8a25d6db3109063ae | | container_format | bare | | created_at | 2015-10-02T12:43:33Z | | disk_format | raw | | id | 13ae74f0-74bf-4792-a8bb-7c622abc5410 | | locations | [{"url": "swift+config://ref1/glance/13ae74f0-74bf-4792-a8bb-7c622abc5410", | | | "metadata": {}}] | | min_disk | 0 | | min_ram | 0 | | name | good-image | | owner | 88cffb9c8aee457788066c97b359585b | | protected | False | | size | 145 | | status | active | | tags | [] | | updated_at | 2015-10-02T12:43:34Z | | virtual_size | None | | visibility | private | +------------------+----------------------------------------------------------------------------------+ but if you then set the get_image_location policy to role:admin, most calls return 403: $ glance --os-image-api-version 2 image-list 403 Forbidden: You are not authorized to complete this action. (HTTP 403) $ glance --os-image-api-version 2 image-show 13ae74f0-74bf-4792-a8bb-7c622abc5410 403 Forbidden: You are not authorized to complete this action. (HTTP 403) $ glance --os-image-api-version 2 image-delete 13ae74f0-74bf-4792-a8bb-7c622abc5410 403 Forbidden: You are not authorized to complete this action. (HTTP 403) etc. As https://review.openstack.org/#/c/48401/ says: 1. A user should be able to list/show/update/download image without needing permission on get_image_location. 2. A policy failure should result in a 403 return code. We're getting a 500 This is v2 only, v1 works ok. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1502136/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp