[openstack-dev] [glance] Permissions differences for glance image-create between Icehouse and Juno

Jay Pipes jaypipes at gmail.com
Tue Oct 28 01:18:26 UTC 2014 

Right, but as you can read below, I'm using an admin to do the operation...

Which is why I'm curious what exactly I'm supposed to do :)

-jay

On 10/27/2014 09:04 PM, Tom Fifield wrote:
> This was covered in the release notes for glance, under "Upgrade notes":
>
> https://wiki.openstack.org/wiki/ReleaseNotes/Juno#Upgrade_Notes_3
>
> * The ability to upload a public image is now admin-only by default. To
> continue to use the previous behaviour, edit the publicize_image flag in
> etc/policy.json to remove the role restriction.
>
> Regards,
>
>
> Tom
>
> On 28/10/14 01:22, Jay Pipes wrote:
>> Hello Glancers,
>>
>> Peter and I are having issues working with a Juno Glance endpoint.
>> Specifically, a glance image-create ... --is_public=True CLI command
>> that *was* working in our Icehouse cloud is now failing in our Juno
>> cloud with a 403 Forbidden.
>>
>> The specific command in question is:
>>
>> glance image-create --name "cirros-0.3.2-x86_64" --file
>> /var/tmp/cirros-0.3.2-x86_64-disk.img --disk-format qcow2
>> --container-format bare --is_public=True
>>
>> If we take off the is_public=True, everything works just fine. We are
>> executing the above command as a user with a user called "admin" having
>> the role "admin" in a project called "admin".
>>
>> We have enabled debug=True conf option in both glance-api.conf and
>> glance-registry.conf, and unfortunately, there is no log output at all,
>> other than spitting out the configuration option settings on daemon
>> startup and a few messages like "Loaded policy rules: ..." which don't
>> actually provide any useful information about policy *decisions* that
>> are made... :(
>>
>> Any help is most appreciated. Our policy.json file is the stock one that
>> comes in the Ubuntu Cloud Archive glance packages, i.e.:
>>
>> http://paste.openstack.org/show/125420/
>>
>> Best,
>> -jay
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

More information about the OpenStack-dev mailing list