yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #62796
[Bug 1677724] [NEW] Nova Flavor List - Proper Error Codes for Permission Denied
Public bug reported:
Issues/Steps to Reproduce on DevStack:
1) Create a private flavor using admin user
stack@devstack:~$ openstack flavor create --id 101 --ram 512 --disk 1 --vcpus 1 --private test-flavor-1
+----------------------------+---------------+
| Field | Value |
+----------------------------+---------------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 101 |
| name | test-flavor-1 |
| os-flavor-access:is_public | False |
| properties | |
| ram | 512 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------------+
stack@devstack:~$
2) Switch User to become demo user
stack@devstack:~$ export OS_PROJECT_NAME=demo
stack@devstack:~$ export OS_USERNAME=demo
stack@devstack:~$ export OS_TENANT_NAME=demo
3) Query for the flavor as demo user
stack@devstack:~$ openstack flavor show 101
No flavor with a name or ID of '101' exists.
stack@devstack:~$
- We get a 404 Error Code indicating that resource is not found. Patrole
expects 403 Error Code to be returned instead to indicate "Permission
Denied" since the flavor exists (demo user does not has the rights to
view/access it).
- We would like to have the error code corrected to 403 for such
scenarios
2017-03-30 14:34:37.896 INFO nova.api.openstack.wsgi
[req-02194015-5e53-4ef7-8a10-01c5810dc38c demo demo] HTTP exception
thrown: Flavor 101 could not be found.
2017-03-30 14:34:37.896 DEBUG nova.api.openstack.wsgi
[req-02194015-5e53-4ef7-8a10-01c5810dc38c demo demo] Returning 404 to
user: Flavor 101 could not be found. from (pid=19521) __call__
/opt/stack/nova/nova/api/openstack/wsgi.py:1039
** Affects: nova
Importance: Undecided
Status: New
** Description changed:
Issues/Steps to Reproduce on DevStack:
1) Create a private flavor using admin user
stack@devstack:~$ openstack flavor create --id 101 --ram 512 --disk 1 --vcpus 1 --private test-flavor-1
+----------------------------+---------------+
| Field | Value |
+----------------------------+---------------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 101 |
| name | test-flavor-1 |
| os-flavor-access:is_public | False |
| properties | |
| ram | 512 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------------+
stack@devstack:~$
-
2) Switch User to become demo user
stack@devstack:~$ export OS_PROJECT_NAME=demo
stack@devstack:~$ export OS_USERNAME=demo
stack@devstack:~$ export OS_TENANT_NAME=demo
-
3) Query for the flavor as demo user
stack@devstack:~$ openstack flavor show 101
No flavor with a name or ID of '101' exists.
stack@devstack:~$
+ - We get a 404 Error Code indicating that resource is not found. Patrole
+ expects 403 Error Code to be returned instead to indicate "Permission
+ Denied" since the flavor exists (demo user does not has the rights to
+ view/access it).
- We get a 404 Error Code indicating that resource is not found. Patrole expects 403 Error Code to be returned instead to indicate "Permission Denied" since the flavor exists (demo user does not has the rights to view/access it).
+ - We would like to have the error code corrected to 403 for such
+ scenarios
- We would like to have the error code corrected to 403 for such scenarios
-
-
- 2017-03-30 14:34:37.896 INFO nova.api.openstack.wsgi [req-02194015-5e53-4ef7-8a10-01c5810dc38c demo demo] HTTP exception thrown: Flavor 101 could not be found.
+ 2017-03-30 14:34:37.896 INFO nova.api.openstack.wsgi
+ [req-02194015-5e53-4ef7-8a10-01c5810dc38c demo demo] HTTP exception
+ thrown: Flavor 101 could not be found.
2017-03-30 14:34:37.896 DEBUG nova.api.openstack.wsgi
[req-02194015-5e53-4ef7-8a10-01c5810dc38c demo demo] Returning 404 to
user: Flavor 101 could not be found. from (pid=19521) __call__
/opt/stack/nova/nova/api/openstack/wsgi.py:1039
** Description changed:
Issues/Steps to Reproduce on DevStack:
1) Create a private flavor using admin user
stack@devstack:~$ openstack flavor create --id 101 --ram 512 --disk 1 --vcpus 1 --private test-flavor-1
+----------------------------+---------------+
| Field | Value |
+----------------------------+---------------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 101 |
| name | test-flavor-1 |
| os-flavor-access:is_public | False |
| properties | |
| ram | 512 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------------+
stack@devstack:~$
2) Switch User to become demo user
stack@devstack:~$ export OS_PROJECT_NAME=demo
stack@devstack:~$ export OS_USERNAME=demo
stack@devstack:~$ export OS_TENANT_NAME=demo
3) Query for the flavor as demo user
stack@devstack:~$ openstack flavor show 101
No flavor with a name or ID of '101' exists.
stack@devstack:~$
+
- We get a 404 Error Code indicating that resource is not found. Patrole
expects 403 Error Code to be returned instead to indicate "Permission
Denied" since the flavor exists (demo user does not has the rights to
view/access it).
- We would like to have the error code corrected to 403 for such
scenarios
2017-03-30 14:34:37.896 INFO nova.api.openstack.wsgi
[req-02194015-5e53-4ef7-8a10-01c5810dc38c demo demo] HTTP exception
thrown: Flavor 101 could not be found.
2017-03-30 14:34:37.896 DEBUG nova.api.openstack.wsgi
[req-02194015-5e53-4ef7-8a10-01c5810dc38c demo demo] Returning 404 to
user: Flavor 101 could not be found. from (pid=19521) __call__
/opt/stack/nova/nova/api/openstack/wsgi.py:1039
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1677724
Title:
Nova Flavor List - Proper Error Codes for Permission Denied
Status in OpenStack Compute (nova):
New
Bug description:
Issues/Steps to Reproduce on DevStack:
1) Create a private flavor using admin user
stack@devstack:~$ openstack flavor create --id 101 --ram 512 --disk 1 --vcpus 1 --private test-flavor-1
+----------------------------+---------------+
| Field | Value |
+----------------------------+---------------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 101 |
| name | test-flavor-1 |
| os-flavor-access:is_public | False |
| properties | |
| ram | 512 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------------+
stack@devstack:~$
2) Switch User to become demo user
stack@devstack:~$ export OS_PROJECT_NAME=demo
stack@devstack:~$ export OS_USERNAME=demo
stack@devstack:~$ export OS_TENANT_NAME=demo
3) Query for the flavor as demo user
stack@devstack:~$ openstack flavor show 101
No flavor with a name or ID of '101' exists.
stack@devstack:~$
- We get a 404 Error Code indicating that resource is not found.
Patrole expects 403 Error Code to be returned instead to indicate
"Permission Denied" since the flavor exists (demo user does not has
the rights to view/access it).
- We would like to have the error code corrected to 403 for such
scenarios
2017-03-30 14:34:37.896 INFO nova.api.openstack.wsgi
[req-02194015-5e53-4ef7-8a10-01c5810dc38c demo demo] HTTP exception
thrown: Flavor 101 could not be found.
2017-03-30 14:34:37.896 DEBUG nova.api.openstack.wsgi
[req-02194015-5e53-4ef7-8a10-01c5810dc38c demo demo] Returning 404 to
user: Flavor 101 could not be found. from (pid=19521) __call__
/opt/stack/nova/nova/api/openstack/wsgi.py:1039
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1677724/+subscriptions
Follow ups
