Glance

Forbidden update to image member says 'image' instead of 'image member' in error message

Bug #1250228 reported by Alex Meade on 2013-11-11

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Glance	Fix Released	Wishlist	Arnaud Legendre	Glance 2014.1 "icehouse"

Bug Description

Incorrectly says 'image' instead of 'image member'

curl -i -X PUT -H "Content-Type: application/json" -H "X-Auth-Token: $AUTH_TOKEN" https://localhost/v2/images/ef4570bf-2e26-4921-810a-5f8499e9822f/members/5855250 -d '{"status": "accepted"}'

HTTP/1.1 403 Forbidden
Content-Type: text/html;charset=UTF-8
Via: 1.1 Repose (Repose/2.12)
Content-Length: 177
Date: Fri, 08 Nov 2013 19:13:37 GMT
x-openstack-request-id: req-11c02e0c-d5bd-4f17-ab03-b474b071b3f0
Server: Jetty(8.0.y.z-SNAPSHOT)
<html>
<head>
<title>403 Forbidden</title>
</head>
<body>
<h1>403 Forbidden</h1>
You are not permitted to modify 'status' on this image.<br /><br /> <------------------this should say 'image member'

The issue is in ImmutableMemberProxy in glance/api/authorization.py where it uses the _immutable_attr function.

Tags:

Revision history for this message

Feilong Wang (flwang) wrote on 2013-11-12:

Good catch, i think the root cause is image and image member is sharing the same code to implement the immutable attributes. See https://github.com/openstack/glance/blob/master/glance/api/authorization.py#L185

Changed in glance:
status:	New → Confirmed

Arnaud Legendre (arnaudleg) on 2013-11-13

Changed in glance:
assignee:	nobody → Arnaud Legendre (arnaudleg)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-12-06: Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/60397

Changed in glance:
status:	Confirmed → In Progress

Revision history for this message

Arnaud Legendre (arnaudleg) wrote on 2013-12-06:

There is the issue for ImmutableImageProxy, ImmutableMemberProxy and ImmutableTaskProxy.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-12-17: Fix merged to glance (master)

Reviewed: https://review.openstack.org/60397
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=53d055d5b0924f1233ca370d94542e918eda095e
Submitter: Jenkins
Branch: master

commit 53d055d5b0924f1233ca370d94542e918eda095e
Author: Arnaud Legendre <email address hidden>
Date: Thu Dec 5 17:31:51 2013 -0800

Forbidden update message diffs images/tasks/member

    On an forbidden update, the message returned to the user
    is not tied to the type of object modified by the operation.
    For example: a forbidden image member update will return
    `You are not permitted to modify 'status' on this image.`
    instead of image_member.

This patch fixes the issue for images, image members and tasks.

Change-Id: Ie9774807f0190a517a619aeb56c1398741ac4407
Closes-Bug: #1250228

Changed in glance:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2014-01-22

Changed in glance:
milestone:	none → icehouse-2
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-04-17

Changed in glance:
milestone:	icehouse-2 → 2014.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.