Provide more details about image visibility updates and creation errors

Bug #1770181 reported by Elijah on 2018-05-09
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Undecided
Unassigned

Bug Description

Using both the glance CLI or the OpenStack web UI, I cannot create an image with public visibility nor can I update an image to have public visibility.

Why am I provided with this option if I can never do it?
Why is it not allowed?
Why does the UI allow me to attempt the action and then provide an error message with no information about what the problem is?

If I attempt to do the action with glance `glance image-create --name foo --visibility public ...` or `glance image-update --visibility public ...` it at least gives me a 403 forbidden.

The web UI just gives a generic "Error: Unable to update the image." message with no information.

From searching around on the web, it looks like this feature has not been available for maybe even 4 years! See: https://www.sebastien-han.fr/blog/2014/10/30/openstack-glance-allow-user-to-create-public-images/

This user seems to have run into this problem two years ago: https://ask.openstack.org/en/question/96438/glance-public-image-create-403-forbidden-you-are-not-authorized-to-complete-this-action-http-403-error-in-openstack-mitaka/

I can only think this has never been tested as a non admin user, and that perhaps something different happens when you have more permissions than I have. Really, I want to be able to do this. But if I am not allowed, I at least want to know why!

Elijah (kdelee) on 2018-05-09
summary: - Cannot create public image or update image to public
+ Provide more details about image visibility updates and creation errors
Elijah (kdelee) wrote :

Just to clarify, I think the UI should access the 403 response provided by the glance API and let the user know they are being denied with a 403 and given the error message from glance which is "403 Forbidden You are not authorized to complete publicize_image action. (HTTP 403)" because otherwise the UI user would have no idea whats going on.

Perhaps it could even include information that it was talking to glance, because the user may not have any insight on the fact that this action uses glance, so they could indicate to their administrator that the glance configuration is blocking them from this action.

description: updated
Akihiro Motoki (amotoki) on 2018-05-09
tags: added: error-reporting
Ivan Kolodyazhny (e0ne) on 2018-05-13
Changed in horizon:
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers