** Changed in: nova/kilo Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1447084
Title: view hypervisor details should be controlled by policy.json Status in OpenStack Compute (nova): Fix Released Status in OpenStack Compute (nova) kilo series: Fix Released Bug description: When a user with non-admin permissions attempts to view the hypervisor details (/v2/2f8728e1c3214d8bb59903ba654ed6c1/os-hypervisors/1) , we see the following error : 2015-04-19 21:34:22.194 23179 ERROR nova.api.openstack.compute.contrib.hypervisors [req-5caab0db-31aa-4a24-9263-750af6555ef5 605c378ebded02d6a2deebe138c0ef9d6a0ddf39447297105dcc4eb18c7cc062 9b0d73e660af434481a0a9b6d6a3bab7 - - -] User does not have admin privileges 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors Traceback (most recent call last): 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors File "/usr/lib/python2.7/site-packages/nova/api/openstack/compute/contrib/hypervisors.py", line 147, in show 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors service = self.host_api.service_get_by_compute_host(context, hyp.host) 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors File "/usr/lib/python2.7/site-packages/nova/compute/api.py", line 3451, in service_get_by_compute_host 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors return objects.Service.get_by_compute_host(context, host_name) 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors File "/usr/lib/python2.7/site-packages/nova/objects/base.py", line 163, in wrapper 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors result = fn(cls, context, *args, **kwargs) 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors File "/usr/lib/python2.7/site-packages/nova/objects/service.py", line 151, in get_by_compute_host 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors db_service = db.service_get_by_compute_host(context, host) 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors File "/usr/lib/python2.7/site-packages/nova/db/api.py", line 139, in service_get_by_compute_host 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors use_slave=use_slave) 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors File "/usr/lib/python2.7/site-packages/nova/db/sqlalchemy/api.py", line 214, in wrapper 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors nova.context.require_admin_context(args[0]) 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors File "/usr/lib/python2.7/site-packages/nova/context.py", line 235, in require_admin_context 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors raise exception.AdminRequired() 2015-04-19 21:34:22.194 23179 TRACE nova.api.openstack.compute.contrib.hypervisors AdminRequired: User does not have admin privileges This is caused because the /usr/lib/python2.7/site-packages/nova/db/sqlalchemy/api layer mandates that only an admin can perform this operation. This should not be the case. Instead the permissions should be controlled as per the rules defined in the nova policy.json. This used to work for non-admins till few days/weeks back To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1447084/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp