user with admin role gets logged out when trying to list images
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Undecided
|
Gloria Gu | ||
Ubuntu Cloud Archive |
Fix Released
|
Undecided
|
Unassigned | ||
Queens |
Fix Released
|
Undecided
|
Unassigned | ||
horizon (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Bionic |
Fix Released
|
High
|
Unassigned | ||
Eoan |
Fix Released
|
High
|
Unassigned | ||
Focal |
Fix Released
|
High
|
Unassigned | ||
Groovy |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
When admin user tries to access project-> compute -> images, if the user failed on the identity: get_project policy, user will get logged out.
code that failed is in
openstack_
.tableColumns
.append(
{ id: 'owner', priority: 1, filters: [$memoize(
{rules: [['identity', 'identity:
]
})
it didn't happen in default Horizon. In our production cloud environment, keystone policy is "identity:
The problem here is the admin user should not get logged out.
It is probably caused by horizon/
if (error.status === 403) {
var msg2 = gettext('Forbidden. Redirecting to login');
handleRedi
}
some log info from keystone
19389 (oslo_policy.
19389 (oslo_policy.
19389 (keystone.
[Upstream fix description]
Before this change when a 403 error was encountered, such as failure to have the permission to perform an operation, the user would get logged out from UI pages written in the AngularJS framework. For example, if an admin user lacks the get_project permission and tries to access the
images page, project-
This change keeps the user logged in when a 403 error is encountered and displays an error message. The change only affects AngularJS pages.
[Test Case]
* Create a new user without the get_project permission
* In the dashboard, access project-
* The user will get logged out
[Regression Potential]
* The patch changes the behavior of the Horizon code in response to a 403 error. The 403 in the original bug report was caused by a missing get_project permission. While unlikely it is possible that this change is incorrect under different error scenarios.
Changed in horizon: | |
assignee: | nobody → Gloria Gu (gloria-gu) |
description: | updated |
Changed in horizon: | |
status: | New → In Progress |
summary: |
- user with admin role get's logged out when trying to list images + user with admin role gets logged out when trying to list images |
Changed in horizon: | |
assignee: | Gloria Gu (gloria-gu) → Ivan Kolodyazhny (e0ne) |
Changed in horizon (Ubuntu Groovy): | |
status: | New → Fix Released |
Changed in horizon (Ubuntu Eoan): | |
status: | New → Fix Released |
Changed in horizon (Ubuntu Bionic): | |
status: | New → Triaged |
Changed in horizon (Ubuntu Focal): | |
status: | New → Fix Released |
Changed in cloud-archive: | |
status: | New → Fix Released |
tags: | added: sts-sponsor |
tags: | added: sts-sru-needed |
Changed in horizon (Ubuntu Bionic): | |
importance: | Undecided → High |
Changed in horizon (Ubuntu Eoan): | |
importance: | Undecided → High |
Changed in horizon (Ubuntu Focal): | |
importance: | Undecided → High |
Changed in horizon (Ubuntu Groovy): | |
importance: | Undecided → High |
tags: |
added: verification-done removed: verification-needed |
Fix proposed to branch: master /review. opendev. org/677580
Review: https:/