yahoo-eng-team team mailing list archive

[Erno Kuvaja <jokke@xxxxxx>]

Also (mainly because of the reasons Brian pointed out) this seems to be
the consistent behavior on similar situations across OpenStack. Stamping
as opinion for now.

** Changed in: glance
       Status: New => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1450370

Title:
  When one image member looks up the details of another image member,
  404 is returned instead of 403.

Status in OpenStack Image Registry and Delivery Service (Glance):
  Opinion

Bug description:
  Suppose project1 and project2 are members of a non-public image. When
  user1, who belongs to project1, tries to get details of project2, we
  get 404 Not Found. 403 Forbidden would be more appropriate.

  This bug is for the v2 api.

  REPRO STEPS:
  ---------------------
  $ export OS_USERNAME=user1
  $ export OS_TENANT_NAME=project1
  $ openstack token issue // returns 8eb78ce1d12e462fb619b5036dee4086
  // project2 id: 6f2aec926def49bebc4c8b71844abc55
  // image id: e2846b31-3bb3-4e2f-92da-612804b2ebad
  $ curl -g -i -X GET -H 'Content-Type: application/octet-stream' -H 'Accept-Encoding: gzip, deflate, compress' -H 'Accept: */*' -H 'X-Auth-Token: 8eb78ce1d12e462fb619b5036dee4086' http://localhost:9292/v2/images/e2846b31-3bb3-4e2f-92da-612804b2ebad/members/6f2aec926def49bebc4c8b71844abc55

  EXPECTED HTTP RESPONSE CODE: 403 Forbidden

  ACTUAL HTTP RESPONSE CODE: 404 Not Found

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1450370/+subscriptions