Public bug reported: Horizon is making requests to admin-only APIs in the project dashboard:
Error while checking action permissions. Traceback (most recent call last): File "/home/kspear/openstack/horizon/horizon/tables/base.py", line 1260, in _filter_action return action._allowed(request, datum) and row_matched File "/home/kspear/openstack/horizon/horizon/tables/actions.py", line 137, in _allowed return self.allowed(request, datum) File "/home/kspear/openstack/horizon/openstack_dashboard/dashboards/project/access_and_security/floating_ips/tables.py", line 52, in allowed usages = quotas.tenant_quota_usages(request) File "/home/kspear/openstack/horizon/horizon/utils/memoized.py", line 90, in wrapped value = cache[key] = func(*args, **kwargs) File "/home/kspear/openstack/horizon/openstack_dashboard/usage/quotas.py", line 353, in tenant_quota_usages _get_tenant_compute_usages(request, usages, disabled_quotas, tenant_id) File "/home/kspear/openstack/horizon/openstack_dashboard/usage/quotas.py", line 258, in _get_tenant_compute_usages request, search_opts={'tenant_id': tenant_id}, all_tenants=True) File "/home/kspear/openstack/horizon/openstack_dashboard/api/nova.py", line 580, in server_list for s in c.servers.list(True, search_opts)] File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/v1_1/servers.py", line 603, in list return self._list("/servers%s%s" % (detail, query_string), "servers") File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/base.py", line 67, in _list _resp, body = self.api.client.get(url) File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/client.py", line 487, in get return self._cs_request(url, 'GET', **kwargs) File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/client.py", line 465, in _cs_request resp, body = self._time_request(url, method, **kwargs) File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/client.py", line 439, in _time_request resp, body = self.request(url, method, **kwargs) File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/client.py", line 433, in request raise exceptions.from_response(resp, body, url, method) Forbidden: Policy doesn't allow compute:get_all_tenants to be performed. (HTTP 403) (Request-ID: req-8c0549aa-4a3e-4c07-8911-a35196be0a13) Looks like this commit is the culprit: commit f5b77f9a145337c22cf29d8017f5df67a6bacb7c Author: eric <eric.peters...@twcable.com> Date: Sun Nov 30 07:03:20 2014 -0700 Quotas for users with admin role do not work The quotas code does not isloate counts to resources within the current tenant/project. So if a user with the admin role makes calls for quota items, the admin role will have counts of a global list of resources. This changes that for the tenant quota call to fallback to the request.user.project_id if no project was otherwise specified for the tenant quota api call. Change-Id: Ib0e6ce7774c4c03686a044f233dbb9aa36dbe1b9 Closes-bug: #1391242 ** Affects: horizon Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1413426 Title: Forbidden: Policy doesn't allow compute:get_all_tenants to be performed. (HTTP 403) Status in OpenStack Dashboard (Horizon): New Bug description: Horizon is making requests to admin-only APIs in the project dashboard: Error while checking action permissions. Traceback (most recent call last): File "/home/kspear/openstack/horizon/horizon/tables/base.py", line 1260, in _filter_action return action._allowed(request, datum) and row_matched File "/home/kspear/openstack/horizon/horizon/tables/actions.py", line 137, in _allowed return self.allowed(request, datum) File "/home/kspear/openstack/horizon/openstack_dashboard/dashboards/project/access_and_security/floating_ips/tables.py", line 52, in allowed usages = quotas.tenant_quota_usages(request) File "/home/kspear/openstack/horizon/horizon/utils/memoized.py", line 90, in wrapped value = cache[key] = func(*args, **kwargs) File "/home/kspear/openstack/horizon/openstack_dashboard/usage/quotas.py", line 353, in tenant_quota_usages _get_tenant_compute_usages(request, usages, disabled_quotas, tenant_id) File "/home/kspear/openstack/horizon/openstack_dashboard/usage/quotas.py", line 258, in _get_tenant_compute_usages request, search_opts={'tenant_id': tenant_id}, all_tenants=True) File "/home/kspear/openstack/horizon/openstack_dashboard/api/nova.py", line 580, in server_list for s in c.servers.list(True, search_opts)] File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/v1_1/servers.py", line 603, in list return self._list("/servers%s%s" % (detail, query_string), "servers") File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/base.py", line 67, in _list _resp, body = self.api.client.get(url) File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/client.py", line 487, in get return self._cs_request(url, 'GET', **kwargs) File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/client.py", line 465, in _cs_request resp, body = self._time_request(url, method, **kwargs) File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/client.py", line 439, in _time_request resp, body = self.request(url, method, **kwargs) File "/home/kspear/openstack/horizon/.venv/local/lib/python2.7/site-packages/novaclient/client.py", line 433, in request raise exceptions.from_response(resp, body, url, method) Forbidden: Policy doesn't allow compute:get_all_tenants to be performed. (HTTP 403) (Request-ID: req-8c0549aa-4a3e-4c07-8911-a35196be0a13) Looks like this commit is the culprit: commit f5b77f9a145337c22cf29d8017f5df67a6bacb7c Author: eric <eric.peters...@twcable.com> Date: Sun Nov 30 07:03:20 2014 -0700 Quotas for users with admin role do not work The quotas code does not isloate counts to resources within the current tenant/project. So if a user with the admin role makes calls for quota items, the admin role will have counts of a global list of resources. This changes that for the tenant quota call to fallback to the request.user.project_id if no project was otherwise specified for the tenant quota api call. Change-Id: Ib0e6ce7774c4c03686a044f233dbb9aa36dbe1b9 Closes-bug: #1391242 To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1413426/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp