Notes on verification:
1. Create domain/project/user:
openstack domain create sru openstack project create --domain sru sru openstack user create --domain sru --password pass --project sru --project-domain sru sru openstack role add --project sru --user sru --user-domain sru member
2. Modify the Glance policies
--- /etc/glance/policy.json 2020-06-26 15:38:09.616136115 +0000 +++ /etc/glance/policy.json.original 2020-06-26 15:37:58.176276003 +0000 @@ -5,7 +5,7 @@ "add_image": "", "delete_image": "", "get_image": "", - "get_images": "role:admin", + "get_images": "", "modify_image": "", "publicize_image": "role:admin", "communitize_image": "",
This will lead to a 403 response from Glance for any non-admin user trying to
openstack image list
3. Log into the dashboard as the sru user
4. Got to Project/Compute/Images
The UI will throw an error message but then log the user out. The dashboard will go back to the login screen.
5. Install the SRU in the openstack-dashboard unit
5.a. enable proposed repository 5.b. upgrade python-django-horizon package
6. Repeat steps 3 and 4. This time however, the user will not be logged out and only get an error message.
Notes on verification:
1. Create domain/ project/ user:
openstack domain create sru
openstack project create --domain sru sru
openstack user create --domain sru --password pass --project sru --project-domain sru sru
openstack role add --project sru --user sru --user-domain sru member
2. Modify the Glance policies
--- /etc/glance/ policy. json 2020-06-26 15:38:09.616136115 +0000 policy. json.original 2020-06-26 15:37:58.176276003 +0000
"add_ image": "",
"delete_ image": "",
"get_ image": "",
"modify_ image": "",
"publicize_ image": "role:admin",
"communitize_ image": "",
+++ /etc/glance/
@@ -5,7 +5,7 @@
- "get_images": "role:admin",
+ "get_images": "",
This will lead to a 403 response from Glance for any non-admin user trying to
openstack image list
3. Log into the dashboard as the sru user
4. Got to Project/ Compute/ Images
The UI will throw an error message but then log the user out. The
dashboard will go back to the login screen.
5. Install the SRU in the openstack-dashboard unit
5.a. enable proposed repository django- horizon package
5.b. upgrade python-
6. Repeat steps 3 and 4. This time however, the user will not be
logged out and only get an error message.