[image] upload_images recipe fails with 403 forbidden

Bug #1441292 reported by Mark Vanderwiel on 2015-04-07
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack + Chef
Mark Vanderwiel

Bug Description

This is a result of the role cleanup in https://bugs.launchpad.net/openstack-chef/+bug/1436050

There was a change in glance to only allow the "admin" role to create public images. See https://wiki.openstack.org/wiki/ReleaseNotes/Juno#Upgrade_Notes_3

Therefore, we have a couple choices here for the upload_images recipe

- change the recipe to use admin to create these images
- add a new public flag to the image lwrp to make this more flexible

I think both of these are reasonable to do here.

Fix proposed to branch: master
Review: https://review.openstack.org/171330

Changed in openstack-chef:
status: New → In Progress
Ma Wen Cheng (mars914) wrote :

The ability to upload a public image is now admin-only by default. To continue to use the previous behaviour, edit the publicize_image flag in policy.json to remove the role restriction.
In one deployed node, found that "publicize_image": [["rule:user"]] in policy.json file.
is it right config? no need to update policy?

Ma Wen Cheng (mars914) wrote :

"publicize_image": "role:admin"
I think this is a right config.

Reviewed: https://review.openstack.org/171330
Committed: https://git.openstack.org/cgit/stackforge/cookbook-openstack-image/commit/?id=1600d6a14d1b628d19e7494019d50e01488acd5d
Submitter: Jenkins
Branch: master

commit 1600d6a14d1b628d19e7494019d50e01488acd5d
Author: Mark Vanderwiel <email address hidden>
Date: Tue Apr 7 13:51:22 2015 -0500

    Only admin can create public glance images

    With change to use the correct "service" role for service users,
    they can no longer create public images.
    For this recipe, need to use admin for public images.

    Added a public flag to the lwrp such that other non-admin
    accounts can create images. Made a note in the client cookbook
    patch that this support needs to be merged in there.

    Change-Id: I99e2febfdbf6f4bab260d897216f4ae768cf3315
    Related-Bug: #1436050
    Closes-Bug: #1441292

Changed in openstack-chef:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers