yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #08002
[Bug 1266892] [NEW] Keystone v3 doesn't handle incorrect user ID on request to list its roles
Public bug reported:
When an invalid user ID is given on issuing the API request to list roles for a user in a project, no appropriate handling is performed.
It is expected to receive back the 404 'resource not found' status code (and it is correctly returned for other cases such as requesting the list of roles for a user on a project and supplying an invalid project ID, assigning a role to a user on a project and suppling an invalid project or user ID; etc.). At the moment the request is processed and the regular response body is returned with empty roles list.
Steps to reproduce:
- Issue the API request to list roles assigned to a user on a project, use invalid user ID (service token can be used):
curl -i -X GET http://KEYSTONE_ENDPOINT_IP:35357/v3/projects/PROJECT_IDusers/AN_INVALID_USER_ID/roles -H "X-Auth- Token: KEYSTONE_SERVICE_TOKEN"
Expected result: 404 status code is returned with error message saying that resource hasn't been found.
Actual result: 200 'success' status code is retuned with response body containing empty roles list.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1266892
Title:
Keystone v3 doesn't handle incorrect user ID on request to list its
roles
Status in OpenStack Identity (Keystone):
New
Bug description:
When an invalid user ID is given on issuing the API request to list roles for a user in a project, no appropriate handling is performed.
It is expected to receive back the 404 'resource not found' status code (and it is correctly returned for other cases such as requesting the list of roles for a user on a project and supplying an invalid project ID, assigning a role to a user on a project and suppling an invalid project or user ID; etc.). At the moment the request is processed and the regular response body is returned with empty roles list.
Steps to reproduce:
- Issue the API request to list roles assigned to a user on a project, use invalid user ID (service token can be used):
curl -i -X GET http://KEYSTONE_ENDPOINT_IP:35357/v3/projects/PROJECT_IDusers/AN_INVALID_USER_ID/roles -H "X-Auth- Token: KEYSTONE_SERVICE_TOKEN"
Expected result: 404 status code is returned with error message saying that resource hasn't been found.
Actual result: 200 'success' status code is retuned with response body containing empty roles list.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1266892/+subscriptions
Follow ups
References