yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1221889] Re: Invalid X-Subject-Token results in HTTP 401 rather than 404

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1221889@xxxxxxxxxxxxxxxxxx>
Date: Thu, 03 Oct 2013 07:42:09 -0000
Reply-to: Bug 1221889 <1221889@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/49035
Committed: http://github.com/openstack/tempest/commit/69a69eafd0cb56d9ea46ff100cb43919a5b3567c
Submitter: Jenkins
Branch:    master

commit 69a69eafd0cb56d9ea46ff100cb43919a5b3567c
Author: Morgan Fainberg <m@xxxxxxxxxxxxx>
Date:   Mon Sep 30 12:11:05 2013 -0700

    Unskip test_tokens and update expected status to 404 from 401
    
    Now that the API results in a 404 for an invalid x-subject-token
    and a 401 for an invalid x-auth-token, we need to update the expected
    resulting HTTP Status from 401 to 404 in the test_tokens test.
    
    closes-bug: 1221889
    Change-Id: I158c968c1948ee658305e9ec484425d98f187cba


** Changed in: tempest
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1221889

Title:
  Invalid X-Subject-Token results in HTTP 401 rather than 404

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Tempest:
  Fix Released

Bug description:
  While fixing https://bugs.launchpad.net/keystone/+bug/1186059 I observed that lots of unit tests related to V3 head test is not correct.
  e.g. all the below unit test try to make a head call after deleting/revoking x-subject-token and assumes that it will be unauthorized.
  self.head('/auth/tokens', headers={'X-Subject-Token': token2}, expected_status=401)
  In reality the above call creates another scoped token and auth passed with the new token, in that case 401 is not a correct test it should be 404 which is also aligned with docs https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3.md#403-forbidden. 

  test_deleting_group_grant_revokes_tokens (keystone.tests.test_v3_auth.TestTokenRevoking)
  test_deleting_project_revokes_token (keystone.tests.test_v3_auth.TestTokenRevoking)
  test_deleting_user_grant_revokes_token (keystone.tests.test_v3_auth.TestTokenRevoking)
  test_disabling_project_revokes_token (keystone.tests.test_v3_auth.TestTokenRevoking)
  test_group_membership_changes_revokes_token (keystone.tests.test_v3_auth.TestTokenRevoking)
  test_removing_role_assignment_does_not_affect_other_users (keystone.tests.test_v3_auth.TestTokenRevoking)

  I found this issue with lots of V3 token related tests but as per
  Morgan Fainberg (morganfainberg) this also affecting V2 auth unit
  tests.

  I am trying to fix V3 auth unit test issue as part of
  https://bugs.launchpad.net/keystone/+bug/1186059

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1221889/+subscriptions