yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1454792] Re: Inconsistency with authorization in functional test environment

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Inessa Vasilevskaya <ivasilevskaya@xxxxxxxxxxxx>
Date: Mon, 18 May 2015 13:25:09 -0000
Reply-to: Bug 1454792 <1454792@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Ooops, I completely forgot that by default glance-api v2 requests do not
access registry (as long as data_api is 'glance.db.sqlalchemy.api' and
not 'glance.db.registry.api'). So, as long as there is no interaction
with the registry, there should be no 401.

I propose to close the issue.

** Changed in: glance
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1454792

Title:
  Inconsistency with authorization in functional test environment

Status in OpenStack Image Registry and Delivery Service (Glance):
  Invalid

Bug description:
  While writing a functional test I stumbled on the following
  inconsistency:

  When glance-api is launched with default flavor (no authentication)
  and glance-registry with fakeauth flavor (or any other requiring user
  token) any CRUD operation via api without a valid token should return
  401, as long as the user receives 401 from glance registry.

  But the expected behaviour is not observed with glance v2 api. The
  user can still perform any operation without supplying a token in
  headers.

  I covered the issue in a test:
  https://review.openstack.org/#/c/180615/

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1454792/+subscriptions

References

[Bug 1454792] [NEW] Inconsistency with authorization in functional test environment
From: Inessa Vasilevskaya, 2015-05-13