Barbican

Cannot create a secret when working on a unauthenticated context

Bug #1455247 reported by John Vrbanac on 2015-05-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Barbican	Fix Released	Critical	John Vrbanac	Barbican 1.0.0 "liberty"

Bug Description

Steps to Reproduce:
* Pull down trunk or 8b983b1645a05dd7c333ca0cca1cbef30ec1ccde
* Start up a development instance of barbican (No authentication)
* Attempt to create a secret:
curl -X POST -H "Content-Type: application/json" -H "X-Project-Id: bam" -d '{
    "name": "AES key",
    "expiration": "2015-12-28T19:14:44.180394",
    "algorithm": "aes",
    "bit_length": 256,
    "mode": "cbc",
    "payload": "YmVlcg==",
    "payload_content_type": "application/octet-stream",
    "payload_content_encoding": "base64"
}' http://localhost:9311/v1/secrets

Actual Response:
{
    "code": 403,
    "description": "Secret creation attempt not allowed - please review your user/project privileges",
    "title": "Forbidden"
}

Expected Response:
{
"secret_ref": "http://localhost:9311/v1/secrets/486a7ce3-0c46-4d7f-b8b1-c767cb1d7adf"
}

John Vrbanac (john.vrbanac) on 2015-05-14

Changed in barbican:
status:	New → Confirmed
assignee:	nobody → John Vrbanac (john.vrbanac)
importance:	Undecided → Critical

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-15: Fix proposed to barbican (master)

Fix proposed to branch: master
Review: https://review.openstack.org/183391

Changed in barbican:
status:	Confirmed → In Progress

John Vrbanac (john.vrbanac) on 2015-05-15

Changed in barbican:
milestone:	none → liberty-1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-15: Fix merged to barbican (master)

Reviewed: https://review.openstack.org/183391
Committed: https://git.openstack.org/cgit/openstack/barbican/commit/?id=4e9cbe27ce9b22a88ed14da19ceee2cd2d639c96
Submitter: Jenkins
Branch: master

commit 4e9cbe27ce9b22a88ed14da19ceee2cd2d639c96
Author: John Vrbanac <email address hidden>
Date: Thu May 14 23:10:10 2015 -0500

Fixing unauthenticated middleware role bug

    We regressed a few days to where the unauthenticated middleware
    context is completely broken. This patch attempts to resolve the
    regression through two ways. The first is to provides a way to specify
    the roles through the X-Roles header. It is assumed that a deployer
    using their own middleware should be providing this header. The second
    is that if the X-Roles header isn't specified then the admin role is
    assumed; normally this is when using barbican in dev mode.

Change-Id: Ic19270f0381b4aec2e0c8a4ce466900bc91e1597
Closes-Bug: 1455247

Changed in barbican:
status:	In Progress → Fix Committed

Doug Hellmann (doug-hellmann) on 2015-06-24

Changed in barbican:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-10-15

Changed in barbican:
milestone:	liberty-1 → 1.0.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.