User can't see images on dashboard

Bug #1821440 reported by yen on 2019-03-23

This bug report will be marked for expiration in 52 days if no further activity occurs. (find out why)

6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Bundles
Undecided
Unassigned

Bug Description

Hi,

I create a new domain, project and user. the user has admin role. However, when user try to access images under project --> compute --> images. user get kick out of dashboard.

Trace error from browser I can see this error.
```
the request is Request URL: https://openstack.sparkcognition.com/horizon/api/keystone/projects/2228995a82ed4b99b5f49df2143b9a31
the response is Status Code: 403 Forbidden
```

From Keystone log
```
(keystone.common.wsgi): 2019-03-22 15:37:57,203 WARNING You are not authorized to perform the requested action: identity:get_project.
```

from /etc/keystone/policy.json
```
 "identity:get_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id or project_id:%(target.project.id)s",
```

If I use cli as this user it seem fine though.
```
$openstack --os-auth-url=http://172.29.100.160:5000/v3 --os-user-domain-name=da_domain --os-username=XXXXXX --os-project-domain-name=da_domain --os-project-name=da_dev --os-password=XXXXXXXXXXXX image list
+--------------------------------------+-----------------------------+--------+
| ID | Name | Status |
+--------------------------------------+-----------------------------+--------+
| dd8f4a3b-aa65-46d2-a4db-734839778123 | CentOS-7-x86_64 | active |
| d0f9910b-3f35-4bb3-af87-12cf4648a3ad | Rhel-7.2-x86_64 | active |
| 746cf634-a525-4488-bae1-28cf0d9c4f34 | Ubuntu1604 | active |
| a3c4e0f9-9812-42d6-8c17-0812755856c9 | Ubuntu1804 | active |
| e43f12b4-1c09-419f-b624-8e74130bfc42 | Win 10 Pro 1809 x64 | active |
| 78270605-f3e5-4758-969c-25129c305198 | Win10-Pro-1809-x64-20190318 | active |
| 22f255ef-e02c-4fb5-a133-fea417f5344e | Windows_Server_2012_r2 | active |
+--------------------------------------+-----------------------------+--------+
```

But at the same time I can't curl the API even I have a token
```
$curl -s -H "X-Auth-Token: $OS_TOKEN" http://172.29.100.160:5000/v3/domains
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.4.29 (Ubuntu) Server at 172.29.100.160 Port 4990</address>
</body></html>
```

Can some one point me a way to troubleshoot next?

yen (antigenius0910) wrote :

extra info.

I can use this user's credential to create a instance through CLI with no problem.
```
#openstack --os-auth-url=http://172.29.100.160:5000/v3 --os-user-domain-name=da_domain --os-username=XXXXXX--os-project-domain-name=da_domain --os-project-name=da_dev --os-password=XXXXXXXXXXXXX vailability-zone nova --image 'CentOS-7-x86_64' --flavor m1.small --key-name YenKeypair --security-group 5128811f-188b-4b84-ad27-f5435a20a15e --nic net-id=fd8bfac5-d0a3-46d3-9f94-8bde53f450f5
```

The problem seem to be happen only on horizon when user click on project --> compute --> images

Alex Kavanagh (ajkavanagh) wrote :

Please could you provide:

The Ubuntu/OpenStack versions (e.g. xenial-pike, bionic-queens, etc)

The charm version and the bundle used to deploy (juju status will give you the charm versions)

Thank you.

Changed in openstack-bundles:
status: New → Incomplete
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers