v2 api returns 200 with blank response (no image data) for download_image policy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
Undecided
|
Juan Manuel Ollé |
Bug Description
v2 api returns 200 with blank response (no image data) for download_image policy
If you have enabled download_image policy in policy.json to "role:admin" then it should return 403 error if user other admin role is calling image-download api.
Presently it is returning 200 with blank response (no image data). If you enable cache filter, then it returns 403 error correctly.
Steps to reproduce:
1. Ensure following flavor is set in glance-api.conf
[paste-deploy]
flavor = keystone+
2. Disable cache
a. Open /etc/glance/
b. Remove cahce from following sections.
[pipeline:
[pipeline:
[pipeline:
[pipeline:
[pipeline:
c. Save and exit from file.
d. Restart the g-api (glance-api) service.
3. Ensure that 'download_image' policy is set in policy.json
"download_
4. Download image using v2 api for role other than admin
a. source openrc normal_user normal_user
b. glance --os-image-
Output:
-------
''
glance-api screen log:
----
2014-06-05 12:45:00.711 24883 INFO glance.wsgi.server [-] Traceback (most recent call last):
File "/usr/lib/
for data in result:
File "/mnt/stack/
for chunk in self.image.
File "/mnt/stack/
self.
File "/mnt/stack/
exception.
File "/mnt/stack/
return policy.check(rule, target, credentials, *args, **kwargs)
File "/mnt/stack/
raise exc(*args, **kwargs)
Forbidden: You are not authorized to complete this action.
2014-06-05 12:45:00.711 24883 INFO glance.wsgi.server [-] 10.146.146.4 - - [05/Jun/2014 12:45:00] "GET /v2/images/
Changed in glance: | |
status: | New → Confirmed |
assignee: | nobody → Juan Manuel Ollé (juan-m-olle) |
Changed in glance: | |
milestone: | none → juno-2 |
status: | Fix Committed → Fix Released |
Changed in glance: | |
milestone: | juno-2 → 2014.2 |
Fix proposed to branch: master /review. openstack. org/99193
Review: https:/