[openstack-dev] [glance] Permissions differences for glance image-create between Icehouse and Juno

Tom Fifield tom at openstack.org
Tue Oct 28 01:04:30 UTC 2014


This was covered in the release notes for glance, under "Upgrade notes":

https://wiki.openstack.org/wiki/ReleaseNotes/Juno#Upgrade_Notes_3

* The ability to upload a public image is now admin-only by default. To
continue to use the previous behaviour, edit the publicize_image flag in
etc/policy.json to remove the role restriction.

Regards,


Tom

On 28/10/14 01:22, Jay Pipes wrote:
> Hello Glancers,
> 
> Peter and I are having issues working with a Juno Glance endpoint.
> Specifically, a glance image-create ... --is_public=True CLI command
> that *was* working in our Icehouse cloud is now failing in our Juno
> cloud with a 403 Forbidden.
> 
> The specific command in question is:
> 
> glance image-create --name "cirros-0.3.2-x86_64" --file
> /var/tmp/cirros-0.3.2-x86_64-disk.img --disk-format qcow2
> --container-format bare --is_public=True
> 
> If we take off the is_public=True, everything works just fine. We are
> executing the above command as a user with a user called "admin" having
> the role "admin" in a project called "admin".
> 
> We have enabled debug=True conf option in both glance-api.conf and
> glance-registry.conf, and unfortunately, there is no log output at all,
> other than spitting out the configuration option settings on daemon
> startup and a few messages like "Loaded policy rules: ..." which don't
> actually provide any useful information about policy *decisions* that
> are made... :(
> 
> Any help is most appreciated. Our policy.json file is the stock one that
> comes in the Ubuntu Cloud Archive glance packages, i.e.:
> 
> http://paste.openstack.org/show/125420/
> 
> Best,
> -jay
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




More information about the OpenStack-dev mailing list