yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1266921] [NEW] Log entry when a regular user does "keystone user-list" is not helpfu

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Adam Young <1266921@xxxxxxxxxxxxxxxxxx>
Date: Tue, 07 Jan 2014 21:34:36 -0000
Reply-to: Bug 1266921 <1266921@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

"keystone user-list" is an admin only command.  When a regular user
tries to execute it, you get a helpful response at the command line:

[root@rhel ~(keystone_username)]# keystone user-list
You are not authorized to perform the requested action: admin_required (HTTP 403)

However, this same message is in /var/log/keystone/keystone.log:

2012-12-17 17:27:29  WARNING [keystone.common.wsgi] You are not
authorized to perform the requested action: admin_required

This log entry is not helpful.  As an administrator, all this tells you
is that *someone* tried to execute *something* that they weren't allowed
to.  Without any information about who or what, the log entry isn't
useful.

Originalluy reported:

https://bugzilla.redhat.com/show_bug.cgi?id=888066

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1266921

Title:
   Log entry when a regular user does "keystone user-list" is not helpfu

Status in OpenStack Identity (Keystone):
  New

Bug description:
  "keystone user-list" is an admin only command.  When a regular user
  tries to execute it, you get a helpful response at the command line:

  [root@rhel ~(keystone_username)]# keystone user-list
  You are not authorized to perform the requested action: admin_required (HTTP 403)

  However, this same message is in /var/log/keystone/keystone.log:

  2012-12-17 17:27:29  WARNING [keystone.common.wsgi] You are not
  authorized to perform the requested action: admin_required

  This log entry is not helpful.  As an administrator, all this tells
  you is that *someone* tried to execute *something* that they weren't
  allowed to.  Without any information about who or what, the log entry
  isn't useful.

  Originalluy reported:

  https://bugzilla.redhat.com/show_bug.cgi?id=888066

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1266921/+subscriptions

Follow ups

[Bug 1266921] Re: Log entry when a regular user does "keystone user-list" is not helpfu
From: Dolph Mathews, 2014-01-27
[Bug 1266921] [NEW] Log entry when a regular user does "keystone user-list" is not helpfu
From: Adam Young, 2014-01-07

References

[Bug 1266921] [NEW] Log entry when a regular user does "keystone user-list" is not helpfu
From: Adam Young, 2014-01-07