[Bug 1840844] [NEW] user with admin role gets logged out when trying to list images

Launchpad Bug Tracker 1840844 at bugs.launchpad.net
Mon Apr 27 20:15:35 UTC 2020 

You have been subscribed to a public bug by Nicolas Bock (nicolasbock):

When admin user tries to access project-> compute -> images, if the user
failed on the identity: get_project policy, user  will get logged out.

code that failed is in
openstack_dashboard/static/app/core/images/images.module.js
.tableColumns
.append(

{ id: 'owner', priority: 1, filters:
[$memoize(keystone.getProjectName)], policies: [

{rules: [['identity', 'identity:get_project']]}
]
})

it didn't happen in default Horizon. In our production cloud
environment, keystone policy is "identity:get_project":
"rule:cloud_admin or rule:admin_and_matching_target_project_domain_id or
project_id:%(target.project.id)s". If user is not a cloud_admin,  the
admin user of a project, need to be member of the domain to satisfies
the rule.

The problem here is the admin user should not get logged out.
It  is probably caused by horizon/static/framework/framework.module.js

  if (error.status === 403) {
     var msg2 = gettext('Forbidden. Redirecting to login');
     handleRedirectMessage(msg2, $rootScope, $window, frameworkEvents, toastService);
  }

some log info from keystone

19389 (oslo_policy._cache_handler): 2019-08-20 02:07:25,856 DEBUG _cache_handler read_cached_file Reloading cached file /etc/keystone/policy.json
19389 (oslo_policy.policy): 2019-08-20 02:07:26,010 DEBUG policy _load_policy_file Reloaded policy file: /etc/keystone/policy.json
19389 (keystone.common.wsgi): 2019-08-20 02:07:26,019 WARNING wsgi _call_ You are not authorized to perform the requested action: identity:get_project.

** Affects: cloud-archive
     Importance: Undecided
         Status: Fix Released

** Affects: cloud-archive/queens
     Importance: Undecided
         Status: Triaged

** Affects: horizon
     Importance: Undecided
     Assignee: Gloria Gu (gloria-gu)
         Status: Fix Released

** Affects: horizon (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: horizon (Ubuntu Bionic)
     Importance: Undecided
         Status: Triaged

** Affects: horizon (Ubuntu Eoan)
     Importance: Undecided
         Status: Fix Released

** Affects: horizon (Ubuntu Focal)
     Importance: Undecided
         Status: Fix Released

** Affects: horizon (Ubuntu Groovy)
     Importance: Undecided
         Status: Fix Released


** Tags: in-stable-queens in-stable-rocky in-stable-stein sts-sponsor
-- 
user with admin role gets logged out when trying to list images
https://bugs.launchpad.net/bugs/1840844
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list