[openstack-dev] [glance] Permissions differences for glance image-create between Icehouse and Juno
Jay Pipes
jaypipes at gmail.com
Mon Oct 27 16:22:46 UTC 2014
Hello Glancers,
Peter and I are having issues working with a Juno Glance endpoint.
Specifically, a glance image-create ... --is_public=True CLI command
that *was* working in our Icehouse cloud is now failing in our Juno
cloud with a 403 Forbidden.
The specific command in question is:
glance image-create --name "cirros-0.3.2-x86_64" --file
/var/tmp/cirros-0.3.2-x86_64-disk.img --disk-format qcow2
--container-format bare --is_public=True
If we take off the is_public=True, everything works just fine. We are
executing the above command as a user with a user called "admin" having
the role "admin" in a project called "admin".
We have enabled debug=True conf option in both glance-api.conf and
glance-registry.conf, and unfortunately, there is no log output at all,
other than spitting out the configuration option settings on daemon
startup and a few messages like "Loaded policy rules: ..." which don't
actually provide any useful information about policy *decisions* that
are made... :(
Any help is most appreciated. Our policy.json file is the stock one that
comes in the Ubuntu Cloud Archive glance packages, i.e.:
http://paste.openstack.org/show/125420/
Best,
-jay
More information about the OpenStack-dev
mailing list