OpenStack Dashboard (Horizon)

Regular users cannot disassociate or delete Floating IP address

Bug #1394035 reported by Daniel Speichert
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Fix Released
Medium
Unassigned
OpenStack Dashboard (Horizon) 2015.1.0 "kilo"

Bug Description

In the Access & Security view, regular users (Member, not admin role) do not see the buttons to disassociate or delete Floating IP addresses.

This can be temporarily fixed by changing policy.json files for neutron that are fed to Horizon:
< "update_floatingip": "rule:admin_or_owner",
< "delete_floatingip": "rule:admin_or_owner",
---
> "update_floatingip": "rule:admin_or_owner or rule:regular_user",
> "delete_floatingip": "rule:admin_or_owner or rule:regular_user",

Adding "rule:regular_user" forces Horizon to display those buttons. This is a bad workaround and I believe the real problem lies somewhere in the way Horizon is determining admin_or_owner rule's value.

Reproduced for stable/juno.

See original description
Revision history for this message
Timur Sufiev (tsufiev-x) wrote :

Daniel, I cannot reproduce the issue on Horizon 2014.2 + devstack from stable/juno for default demo user who has _member_, Member roles in tenant demo: I see both Allocate Floating IP an Associate/Release buttons. Could you provide more info about the OpenStack version where you've encountered the issue?

Changed in horizon:
status: New → Incomplete
Revision history for this message
Daniel Speichert (dasp) wrote :

The issue exists on Horizon 2014.2 from RDO (all version - there are 3 packages in RDO for this Horizon version).
I think it's necessary to use Neutron for it to happen, so if you test with DevStack with nova-network, you probably wouldn't have this problem.

Revision history for this message
Timur Sufiev (tsufiev-x) wrote :

I've reinstalled Devstack stable/juno branch, with neutron service instead of nova-networks, but still cannot reproduce the described bug for standard regular 'demo' user. Neither I could reproduce the issue using Mirantis OpenStack distribution (with all other options same as for Devstack). Could you please try your scenario with Devstack (instructions on deploying Neutron-powered Devstack are here https://wiki.openstack.org/wiki/NeutronDevstack)? I suspect that it's some RDO-related issue.

Revision history for this message
Timur Sufiev (tsufiev-x) wrote :

Ah, sorry, I looked in the wrong place - the Instances table (Associate/Disassociate works there). As for the Access&Security->Floating IPs tab, there aren't any actions here for regular user indeed. Verified on Devstack stable/juno.

Changed in horizon:
status: Incomplete → Confirmed
importance: Undecided → Medium
Timur Sufiev (tsufiev-x)
description: updated
Timur Sufiev (tsufiev-x)
Changed in horizon:
assignee: nobody → Timur Sufiev (tsufiev-x)
Revision history for this message
Daniel Speichert (dasp) wrote :

It might have something to do with the fact that Horizon throws this when going to the Access & Security tab:

  The attribute status doesn't exist on <FloatingIp:...

Timur Sufiev (tsufiev-x)
Changed in horizon:
status: Confirmed → In Progress
Revision history for this message
Timur Sufiev (tsufiev-x) wrote :

The issue is fixed in https://bugs.launchpad.net/horizon/+bug/1396544

Changed in horizon:
status: In Progress → Fix Committed
milestone: none → kilo-1
Thierry Carrez (ttx)
Changed in horizon:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in horizon:
milestone: kilo-1 → 2015.1.0
manoj6030 (manoj2002)
Changed in horizon:
assignee: Timur Sufiev (tsufiev-x) → manoj6030 (manoj2002)
assignee: manoj6030 (manoj2002) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.