yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1818085] [NEW] Application credential role validation has inconsistent error handling

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Colleen Murphy <colleen@xxxxxxxxxxx>
Date: Thu, 28 Feb 2019 14:53:42 -0000
Reply-to: Bug 1818085 <1818085@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

If a role is provided by ID, keystone validates it in the app cred
manager and a NotFound is properly masked as a validation error by the
controller. If a role is provided by name, keystone searches for it in
_normalize_role_list in the controller and will raise a NotFound there,
which is returned directly to the user. The problem is demonstrated by
this test:

https://review.openstack.org/640035

Not sure if we can actually do anything about this without technically
breaking the v3 API.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1818085

Title:
  Application credential role validation has inconsistent error handling

Status in OpenStack Identity (keystone):
  New

Bug description:
  If a role is provided by ID, keystone validates it in the app cred
  manager and a NotFound is properly masked as a validation error by the
  controller. If a role is provided by name, keystone searches for it in
  _normalize_role_list in the controller and will raise a NotFound
  there, which is returned directly to the user. The problem is
  demonstrated by this test:

  https://review.openstack.org/640035

  Not sure if we can actually do anything about this without technically
  breaking the v3 API.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1818085/+subscriptions