Regarding Policy.json entries for glance image update not working for a user
Hi Team,
I have a use case where I have to give a user restriction on updating the image properties as a member.
I have created a policy Json file and give the modify_image rule to the particular role, but still it is not working
"modify_image": "role:user", This role is created in OpenStack.
but still it is failing while updating properties with a particular user assigned to a role as "access denied" and unauthorized access
Regards Adivya Singh
hi Team,
Any thoughts on this
Regards Adivya Singh
On Sat, Jun 11, 2022 at 12:40 AM Adivya Singh adivya1.singh@gmail.com wrote:
Hi Team,
I have a use case where I have to give a user restriction on updating the image properties as a member.
I have created a policy Json file and give the modify_image rule to the particular role, but still it is not working
"modify_image": "role:user", This role is created in OpenStack.
but still it is failing while updating properties with a particular user assigned to a role as "access denied" and unauthorized access
Regards Adivya Singh
On 6/13/22 8:29 AM, Adivya Singh wrote:
hi Team,
Any thoughts on this
H Adivya,
Please supply some more information, for example:
- which openstack release you are using - the full API request you are making to modify the image - the full API response you receive - whether the user with "role:user" is in the same project that owns the image - debug level log extract for this call if you have it - anything else that could be relevant, for example, have you modified any other policies, and if so, what values are you using now?
cheers, brian
Regards Adivya Singh
On Sat, Jun 11, 2022 at 12:40 AM Adivya Singh <adivya1.singh@gmail.com mailto:adivya1.singh@gmail.com> wrote:
Hi Team, I have a use case where I have to give a user restriction on updating the image properties as a member. I have created a policy Json file and give the modify_image rule to the particular role, but still it is not working "modify_image": "role:user", This role is created in OpenStack. but still it is failing while updating properties with a particular user assigned to a role as "access denied" and unauthorized access Regards Adivya Singh
On Mon, Jun 13, 2022 at 6:00 AM Brian Rosmaita rosmaita.fossdev@gmail.com wrote:
On 6/13/22 8:29 AM, Adivya Singh wrote:
hi Team,
Any thoughts on this
H Adivya,
Please supply some more information, for example:
- which openstack release you are using
- the full API request you are making to modify the image
- the full API response you receive
- whether the user with "role:user" is in the same project that owns the
image
- debug level log extract for this call if you have it
- anything else that could be relevant, for example, have you modified
any other policies, and if so, what values are you using now?
Also bear in mind that the default policy_file name is "policy.yaml" (not .json). You either need to provide a policy.yaml file, or override the policy_file setting if you really want to use policy.json.
Alan
cheers,
brian
Regards Adivya Singh
On Sat, Jun 11, 2022 at 12:40 AM Adivya Singh <adivya1.singh@gmail.com mailto:adivya1.singh@gmail.com> wrote:
Hi Team, I have a use case where I have to give a user restriction on updating the image properties as a member. I have created a policy Json file and give the modify_image rule to the particular role, but still it is not working "modify_image": "role:user", This role is created in OpenStack. but still it is failing while updating properties with a particular user assigned to a role as "access denied" and unauthorized access Regards Adivya Singh
participants (3)
-
Adivya Singh
-
Alan Bishop
-
Brian Rosmaita