yahoo-eng-team team mailing list archive

[Dolph Mathews <1379952@xxxxxxxxxxxxxxxxxx>]

The UX issue is that the error message *implies* that both the
referenced user ID and the referenced tenant ID are valid, and that it
is the relationship between the two that is invalid.

  "User 83af9fd423b94b53bf3ed36a3823236d is unauthorized for tenant
demo"

In this case, "demo" is not a tenant ID at all, so while technically
true, I'd argue that the error message is completely misleading. A more
useful error message in this scenario would be something along the lines
of:

  "Tenant ID not found: demo"

This *could* still be caught and suppressed as a generic 401 when debug
is disabled.

** Changed in: keystone
   Importance: Undecided => Low

** Changed in: keystone
       Status: Won't Fix => Confirmed

** Tags added: user-experience

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1379952

Title:
  API accepts tenant name for "TenantId", fails, and provides not
  helpful message

Status in OpenStack Identity (Keystone):
  Confirmed

Bug description:
  When authenticating with Keystone's REST API, if I happen to provide
  my tenant name in the TenantId field, the resulting error tells me
  that I am not authorized for that tenant, even though all the
  information (user, pass, tenant) are correct. It *should* tell me that
  I just passed invalid data into a field that expects a UUID, which, as
  a user, would tell me exactly what was wrong.

  For what it's worth, in debugging my auth problem, I ended up
  tcpdump'ing keystone which led to this gem of a demonstration of the
  problem:

  http://paste.openstack.org/show/4v5JtwbGNu6QhQ3K5oQ1/

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1379952/+subscriptions