Glance may return 403 instead of 404 when images are not found if policy says to
Bug #1915543 reported by
Dan Smith
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Glance |
Fix Released
|
High
|
Dan Smith | ||
Bug Description
Glance is translating "Not Found" errors from the DB layer into "Not Authorized" errors in policy, which it should not be doing. In general, we should always return 404 when something either does not exist, or when permissions do not allow you to know if that thing exists.
Glance is actually translating both cases into "not authorized", which is confusing and runs counter to the goal.
Revision history for this message
| Dan Smith (danms) wrote | #1 |
| summary: |
- Glance returns 403 instead of 404 when images are not found + Glance may return 403 instead of 404 when images are not found if policy + says to |
| Changed in glance: | |
| status: | New → In Progress |
| assignee: | nobody → Dan Smith (danms) |
| importance: | Undecided → High |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/glance 21.0.0.0b3 | #2 |
| Changed in glance: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
This looks to be an explicitly-added policy override ability to allow operators to return 403 for any image that does not exist. Allowing this is an interop problem because one cloud may behave differently for a delete..get than another.