yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1677724] Re: Nova Flavor List - Proper Error Codes for Permission Denied

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Ritesh <rsritesh@xxxxxxxxxx>
Date: Thu, 13 Apr 2017 06:17:36 -0000
Reply-to: Bug 1677724 <1677724@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: nova
       Status: Confirmed => Opinion

** Changed in: nova
     Assignee: Ritesh (rsritesh) => (unassigned)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1677724

Title:
   Nova Flavor List - Proper Error Codes for Permission Denied

Status in OpenStack Compute (nova):
  Opinion

Bug description:
  Issues/Steps to Reproduce on DevStack:

  1) Create a private flavor using admin user

  stack@devstack:~$ openstack flavor create --id 101 --ram 512 --disk 1 --vcpus 1 --private test-flavor-1
  +----------------------------+---------------+
  | Field                      | Value         |
  +----------------------------+---------------+
  | OS-FLV-DISABLED:disabled   | False         |
  | OS-FLV-EXT-DATA:ephemeral  | 0             |
  | disk                       | 1             |
  | id                         | 101           |
  | name                       | test-flavor-1 |
  | os-flavor-access:is_public | False         |
  | properties                 |               |
  | ram                        | 512           |
  | rxtx_factor                | 1.0           |
  | swap                       |               |
  | vcpus                      | 1             |
  +----------------------------+---------------+
  stack@devstack:~$

  2) Switch User to become demo user

  stack@devstack:~$ export OS_PROJECT_NAME=demo
  stack@devstack:~$ export OS_USERNAME=demo
  stack@devstack:~$ export OS_TENANT_NAME=demo

  3) Query for the flavor as demo user

  stack@devstack:~$ openstack flavor show 101
  No flavor with a name or ID of '101' exists.
  stack@devstack:~$


  - We get a 404 Error Code indicating that resource is not found.
  Patrole expects 403 Error Code to be returned instead to indicate
  "Permission Denied" since the flavor exists (demo user does not has
  the rights to view/access it).

  - We would like to have the error code corrected to 403 for such
  scenarios

  2017-03-30 14:34:37.896 INFO nova.api.openstack.wsgi
  [req-02194015-5e53-4ef7-8a10-01c5810dc38c demo demo] HTTP exception
  thrown: Flavor 101 could not be found.

  2017-03-30 14:34:37.896 DEBUG nova.api.openstack.wsgi
  [req-02194015-5e53-4ef7-8a10-01c5810dc38c demo demo] Returning 404 to
  user: Flavor 101 could not be found. from (pid=19521) __call__
  /opt/stack/nova/nova/api/openstack/wsgi.py:1039

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1677724/+subscriptions

References

[Bug 1677724] [NEW] Nova Flavor List - Proper Error Codes for Permission Denied
From: Anthony, 2017-03-30