CFN API policy denial returns 500 response
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Heat |
Fix Released
|
Medium
|
Steven Hardy |
Bug Description
E.g testing via heat-boto:
/usr/bin/heat-boto -d list
results in:
2014-03-11 22:22:56.568 DEBUG routes.middleware [-] Match dict: {'action': u'list', 'controller': <heat.common.
2014-03-11 22:22:56.568 DEBUG heat.openstack.
2014-03-11 22:22:56.569 DEBUG root [-] XML response : <ErrorResponse>
in the api-cfn log, but boto sees a 500:
DEBUG:Received 500 response. Retrying in 1.0 seconds
Traceback (most recent call last):
File "/usr/bin/
main()
File "/usr/bin/
result = cmd(opts, args)
File "/usr/lib/
ret = func(*arguments, **kwargs)
File "/usr/bin/
result = c.list_stacks()
File "/usr/lib/
return super(BotoClient, self).list_stacks()
File "/usr/lib/
[('member', StackSummary)])
File "/usr/lib/
response = self.make_
File "/usr/lib/
return self._mexe(
File "/usr/lib/
raise BotoServerError
boto.exception.
None
Changed in heat: | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in heat: | |
milestone: | none → juno-1 |
status: | Fix Committed → Fix Released |
Changed in heat: | |
milestone: | juno-1 → 2014.2 |
To clarify, the above happens when heat-boto is provided a keypair associated with a user who has the heat_stack_user role (which is denied ListStacks access in the policy.json)