Glance

glance member-create throws 403 but creates member anyway

Bug #1686255 reported by Jake Yip
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Glance
New
Undecided
Unassigned

Bug Description

Hi,

Trying to share my image on a glance mitaka box, it throws a 403 error but still creates the member anyway.

$ glance member-list --image-id 07c02208-4524-438e-9d9c-fa3898cdb4a1
+----------+-----------+--------+
| Image ID | Member ID | Status |
+----------+-----------+--------+
+----------+-----------+--------+
$ glance member-create 07c02208-4524-438e-9d9c-fa3898cdb4a1 f603a0eb08d74693ba207b29f621f047
403 Forbidden: Not allowed to create members for image 07c02208-4524-438e-9d9c-fa3898cdb4a1. (HTTP 403)
$ glance member-list --image-id 07c02208-4524-438e-9d9c-fa3898cdb4a1
+--------------------------------------+----------------------------------+---------+
| Image ID | Member ID | Status |
+--------------------------------------+----------------------------------+---------+
| 07c02208-4524-438e-9d9c-fa3898cdb4a1 | f603a0eb08d74693ba207b29f621f047 | pending |
+--------------------------------------+----------------------------------+---------+

I think the affected code is around:

https://github.com/openstack/glance/blob/stable/mitaka/glance/location.py#L507-L509

The member gets created fine but the Forbidden exception is thrown when set ACLs. Setting ACL needs access to image locations at https://github.com/openstack/glance/blob/stable/mitaka/glance/location.py#L500, which I think a normal user doesn't have?

Please let me know if this is a bug / misconfiguration? Not being able to set the ACL doesn't seem to affect sharing, I can still booted an image shared this way.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.