nova does not handle glance_exception.Forbidden
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Anthony Young |
Bug Description
Nova does not correctly handle glance not-authorized errors, so nova image-list gives a 500 under these conditions.
Step to reproduce:
> run devstack
> modify glance/
> nova image-list
Expected:
An Unauthorized message
Actual:
{"computeFault": {"message": "The server has either erred or is incapable of performing the requested operation.", "code": 500}}
ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500)
n-api:
nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
(nova.api.
Changed in nova: | |
assignee: | nobody → Anthony Young (sleepsonthefloor) |
Changed in nova: | |
importance: | Undecided → Medium |
milestone: | none → essex-rc2 |
tags: | added: essex-rc-potential |
tags: | removed: essex-rc-potential |
Changed in nova: | |
milestone: | essex-rc2 → 2012.1 |
Ugh, this is because we are working around the issue. The client used to raise: exception. NotAuthorized, exception. MissingCredenti alError) :
488 if exc_type in (glance_
489 glance_
Seems like an additional line in nova/image/ glance. py above adding in glance_ exception. Forbidden should fix that.
Vish
On Mar 26, 2012, at 10:58 AM, Anthony Young wrote:
> Public bug reported: etc/policy. json so that all calls will be unauthorized: "default": [["role:asd"]] openstack) : TRACE: File "/opt/stack/ nova/nova/ api/openstack/ compute/ images. py", line 201, in detail openstack) : TRACE: **page_params) openstack) : TRACE: File "/opt/stack/ nova/nova/ image/glance. py", line 176, in detail openstack) : TRACE: for image_meta in image_metas: openstack) : TRACE: File "/opt/stack/ nova/nova/ image/glance. py", line 208, in _fetch_images openstack) : TRACE: _reraise_ translated_ exception( ) openstack) : TRACE: File "/opt/stack/ nova/nova/ image/glance. py", line 206, in _fetch_images openstack) : TRACE: images = fetch_func( **kwargs) openstack) : TRACE: File "/opt/stack/ glance/ glance/ client. py", line 76, in get_images_detailed openstack) : TRACE: res = self.do_ request( "GET", "/images/detail", params=params) openstack) : TRACE: File "/opt/stack/ glance/ glance/ common/ client. py", line 58, in wrapped openstack) : TRACE: return func(self, *args, **kwargs) openstack) : TRACE: File "/opt/stack/ glance/ glance/ common/ client. py", line 420, in do_request openstack) : TRACE: headers=headers) openstack) : TRACE: File "/opt/stack/ glance/ glance/ common/ client. py", line 75, in wrapped openstack) : TRACE: return func(self, method, url, body, headers) openstack) : TRACE: File "/opt/stack/ glance/ glance/ common/ client. py", line 538, in _do_request openstack) : TRACE: raise exception. Forbidden( res.read( )) openstack) : TRACE: Forbidden: You are not authorized to complete this action. openstack) : TRACE: Details: 403 Forbidden openstack) : TRACE: openstack) : TRACE: Access was denied to this resource. openstack) : TRACE: openstack) : TRACE: openstack) : TRACE: /bugs.launchpad .net/bugs/ 965540 exception. Forbidden
>
> Nova does not correctly handle glance not-authorized errors, so nova
> image-list gives a 500 under these conditions.
>
> Step to reproduce:
>
>> run devstack
>> modify glance/
>> nova image-list
>
> Expected:
>
> An Unauthorized message
>
> Actual:
>
> {"computeFault": {"message": "The server has either erred or is incapable of performing the requested operation.", "code": 500}}
> ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500)
>
>
> n-api:
>
>
> nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
>
> ** Affects: nova
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are subscribed to
> OpenStack Compute (nova).
> https:/
>
> Title:
> nova does not handle glance_
>
> Status in...