Nova does not correctly handle glance not-authorized errors, so nova image-list gives a 500 under these conditions.
Step to reproduce:
> run devstack
> modify glance/etc/policy.json so that all calls will be unauthorized: "default": [["role:asd"]]
> nova image-list
Expected:
An Unauthorized message
Actual:
{"computeFault": {"message": "The server has either erred or is incapable of performing the requested operation.", "code": 500}}
ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500)
n-api:
nova.api.openstack): TRACE: File "/opt/stack/nova/nova/api/openstack/compute/images.py", line 201, in detail
(nova.api.openstack): TRACE: **page_params)
(nova.api.openstack): TRACE: File "/opt/stack/nova/nova/image/glance.py", line 176, in detail
(nova.api.openstack): TRACE: for image_meta in image_metas:
(nova.api.openstack): TRACE: File "/opt/stack/nova/nova/image/glance.py", line 208, in _fetch_images
(nova.api.openstack): TRACE: _reraise_translated_exception()
(nova.api.openstack): TRACE: File "/opt/stack/nova/nova/image/glance.py", line 206, in _fetch_images
(nova.api.openstack): TRACE: images = fetch_func(**kwargs)
(nova.api.openstack): TRACE: File "/opt/stack/glance/glance/client.py", line 76, in get_images_detailed
(nova.api.openstack): TRACE: res = self.do_request("GET", "/images/detail", params=params)
(nova.api.openstack): TRACE: File "/opt/stack/glance/glance/common/client.py", line 58, in wrapped
(nova.api.openstack): TRACE: return func(self, *args, **kwargs)
(nova.api.openstack): TRACE: File "/opt/stack/glance/glance/common/client.py", line 420, in do_request
(nova.api.openstack): TRACE: headers=headers)
(nova.api.openstack): TRACE: File "/opt/stack/glance/glance/common/client.py", line 75, in wrapped
(nova.api.openstack): TRACE: return func(self, method, url, body, headers)
(nova.api.openstack): TRACE: File "/opt/stack/glance/glance/common/client.py", line 538, in _do_request
(nova.api.openstack): TRACE: raise exception.Forbidden(res.read())
(nova.api.openstack): TRACE: Forbidden: You are not authorized to complete this action.
(nova.api.openstack): TRACE: Details: 403 Forbidden
(nova.api.openstack): TRACE:
(nova.api.openstack): TRACE: Access was denied to this resource.
(nova.api.openstack): TRACE:
(nova.api.openstack): TRACE:
(nova.api.openstack): TRACE:
Ugh, this is because we are working around the issue. The client used to raise:
488 if exc_type in (glance_
489 glance_
Seems like an additional line in nova/image/
Vish
On Mar 26, 2012, at 10:58 AM, Anthony Young wrote:
> Public bug reported:
>
> Nova does not correctly handle glance not-authorized errors, so nova
> image-list gives a 500 under these conditions.
>
> Step to reproduce:
>
>> run devstack
>> modify glance/
>> nova image-list
>
> Expected:
>
> An Unauthorized message
>
> Actual:
>
> {"computeFault": {"message": "The server has either erred or is incapable of performing the requested operation.", "code": 500}}
> ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500)
>
>
> n-api:
>
>
> nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
> (nova.api.
>
> ** Affects: nova
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are subscribed to
> OpenStack Compute (nova).
> https:/
>
> Title:
> nova does not handle glance_
>
> Status in...