OpenStack Bundles

User can't see images on dashboard

Bug #1821440 reported by yen
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Bundles
Expired
Undecided
Unassigned

Bug Description

Hi,

I create a new domain, project and user. the user has admin role. However, when user try to access images under project --> compute --> images. user get kick out of dashboard.

Trace error from browser I can see this error.
```
the request is Request URL: https://openstack.sparkcognition.com/horizon/api/keystone/projects/2228995a82ed4b99b5f49df2143b9a31
the response is Status Code: 403 Forbidden
```

From Keystone log
```
(keystone.common.wsgi): 2019-03-22 15:37:57,203 WARNING You are not authorized to perform the requested action: identity:get_project.
```

from /etc/keystone/policy.json
```
 "identity:get_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id or project_id:%(target.project.id)s",
```

If I use cli as this user it seem fine though.
```
$openstack --os-auth-url=http://172.29.100.160:5000/v3 --os-user-domain-name=da_domain --os-username=XXXXXX --os-project-domain-name=da_domain --os-project-name=da_dev --os-password=XXXXXXXXXXXX image list
+--------------------------------------+-----------------------------+--------+
| ID | Name | Status |
+--------------------------------------+-----------------------------+--------+
| dd8f4a3b-aa65-46d2-a4db-734839778123 | CentOS-7-x86_64 | active |
| d0f9910b-3f35-4bb3-af87-12cf4648a3ad | Rhel-7.2-x86_64 | active |
| 746cf634-a525-4488-bae1-28cf0d9c4f34 | Ubuntu1604 | active |
| a3c4e0f9-9812-42d6-8c17-0812755856c9 | Ubuntu1804 | active |
| e43f12b4-1c09-419f-b624-8e74130bfc42 | Win 10 Pro 1809 x64 | active |
| 78270605-f3e5-4758-969c-25129c305198 | Win10-Pro-1809-x64-20190318 | active |
| 22f255ef-e02c-4fb5-a133-fea417f5344e | Windows_Server_2012_r2 | active |
+--------------------------------------+-----------------------------+--------+
```

But at the same time I can't curl the API even I have a token
```
$curl -s -H "X-Auth-Token: $OS_TOKEN" http://172.29.100.160:5000/v3/domains
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.4.29 (Ubuntu) Server at 172.29.100.160 Port 4990</address>
</body></html>
```

Can some one point me a way to troubleshoot next?

Revision history for this message
yen (antigenius0910) wrote :

extra info.

I can use this user's credential to create a instance through CLI with no problem.
```
#openstack --os-auth-url=http://172.29.100.160:5000/v3 --os-user-domain-name=da_domain --os-username=XXXXXX--os-project-domain-name=da_domain --os-project-name=da_dev --os-password=XXXXXXXXXXXXX vailability-zone nova --image 'CentOS-7-x86_64' --flavor m1.small --key-name YenKeypair --security-group 5128811f-188b-4b84-ad27-f5435a20a15e --nic net-id=fd8bfac5-d0a3-46d3-9f94-8bde53f450f5
```

The problem seem to be happen only on horizon when user click on project --> compute --> images

Revision history for this message
Alex Kavanagh (ajkavanagh) wrote :

Please could you provide:

The Ubuntu/OpenStack versions (e.g. xenial-pike, bionic-queens, etc)

The charm version and the bundle used to deploy (juju status will give you the charm versions)

Thank you.

Changed in openstack-bundles:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for OpenStack Bundles because there has been no activity for 60 days.]

Changed in openstack-bundles:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.