** Changed in: nova
Status: Fix Committed => Fix Released
** Changed in: nova
Milestone: None => liberty-1
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1447084
Title:
view hypervisor details should be controlled by policy.json
Status in OpenStack Compute (Nova):
Fix Released
Bug description:
When a user with non-admin permissions attempts to view the hypervisor
details (/v2/2f8728e1c3214d8bb59903ba654ed6c1/os-hypervisors/1) , we
see the following error :
2015-04-19 21:34:22.194 23179 ERROR
nova.api.openstack.compute.contrib.hypervisors
[req-5caab0db-31aa-4a24-9263-750af6555ef5
605c378ebded02d6a2deebe138c0ef9d6a0ddf39447297105dcc4eb18c7cc062
9b0d73e660af434481a0a9b6d6a3bab7 - - -] User does not have admin privileges
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors Traceback (most recent call
last):
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors File
"/usr/lib/python2.7/site-packages/nova/api/openstack/compute/contrib/hypervisors.py",
line 147, in show
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors service =
self.host_api.service_get_by_compute_host(context, hyp.host)
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors File
"/usr/lib/python2.7/site-packages/nova/compute/api.py", line 3451, in
service_get_by_compute_host
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors return
objects.Service.get_by_compute_host(context, host_name)
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors File
"/usr/lib/python2.7/site-packages/nova/objects/base.py", line 163, in wrapper
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors result = fn(cls, context,
*args, **kwargs)
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors File
"/usr/lib/python2.7/site-packages/nova/objects/service.py", line 151, in
get_by_compute_host
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors db_service =
db.service_get_by_compute_host(context, host)
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors File
"/usr/lib/python2.7/site-packages/nova/db/api.py", line 139, in
service_get_by_compute_host
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors use_slave=use_slave)
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors File
"/usr/lib/python2.7/site-packages/nova/db/sqlalchemy/api.py", line 214, in
wrapper
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors
nova.context.require_admin_context(args[0])
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors File
"/usr/lib/python2.7/site-packages/nova/context.py", line 235, in
require_admin_context
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors raise
exception.AdminRequired()
2015-04-19 21:34:22.194 23179 TRACE
nova.api.openstack.compute.contrib.hypervisors AdminRequired: User does not
have admin privileges
This is caused because the
/usr/lib/python2.7/site-packages/nova/db/sqlalchemy/api layer mandates that
only an admin can perform this operation. This should not be the case. Instead
the permissions should be controlled as per the rules defined in the nova
policy.json. This used to work for non-admins till few days/weeks back
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1447084/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
