yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1200933] Re: agent-list responses with 200 instead 403

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 05 Sep 2013 15:48:12 -0000
Reply-to: Bug 1200933 <1200933@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1200933

Title:
  agent-list responses with 200 instead 403

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  The GET /v2.0/agents  (quantum agent-list) responses with HTTP 200 status code, when I try to list the agents as (demo)user.
  The response body is {"agents": []}. 

  The agent listing defined as a single item, in the policy.json.
  Now, there is no way to specify just show the L3 agents based on policy.

  According to the related policy.json, the whole get_agents is disabled
  for non_admin users, even If a way could exist for role based list
  filtering, the agent listing for the regular user  is forbidden in
  general!

  policy.json:
  "get_agents": "rule:admin_only"

  It is very confusing on the client side.
  The interpretation of the current response is  zero agent running, however the real situation the client does not have enough permission to see the  running agents. 

  The neutron must response with 403 in the above case.
  http://en.wikipedia.org/wiki/HTTP_403.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1200933/+subscriptions