yahoo-eng-team team mailing list archive

[Dolph Mathews <1266892@xxxxxxxxxxxxxxxxxx>]

As of icehouse, this is now by design. We're working to increase the
separation between the assignments and identity backends, and as a
result, have opted to not validate entities from the identity backend
(users, groups) in the assignment backend, and vice versa.

This issue described here is an unfortunate side effect for the sake of
user experience / feedback, but known and accepted.

** Changed in: keystone
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1266892

Title:
  Keystone v3 doesn't handle incorrect user ID on request to list its
  roles

Status in OpenStack Identity (Keystone):
  Won't Fix

Bug description:
  When an invalid user ID is given on issuing the API request to list roles for a user in a project, no appropriate handling is performed.  
  It is expected to receive back the 404 'resource not found' status code (and it is correctly returned for other cases such as requesting the list of roles for a user on a project and supplying an invalid project ID, assigning a role to a user on a project and suppling an invalid project or user ID; etc.). At the moment the request is processed and the regular response body is returned with empty roles list.

  Steps to reproduce:
  - Issue the API request to list roles assigned to a user on a project, use invalid user ID (service token can be used):
    curl -i -X GET http://KEYSTONE_ENDPOINT_IP:35357/v3/projects/PROJECT_IDusers/AN_INVALID_USER_ID/roles -H "X-Auth- Token:  KEYSTONE_SERVICE_TOKEN"
   
  Expected result: 404 status code is returned with error message saying that resource hasn't been found.
  Actual result: 200 'success' status code is retuned with response body containing empty roles list.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1266892/+subscriptions