OpenStack Image Registry and Delivery Service (Glance)

API reports unauthorized when policy rejects action

Reported by Brian Waldon on 2012-03-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
High
Brian Waldon

Bug Description

The API should report forbidden (403), not unauthorized (401). All we have to do is modify the exception raised in glance/api/v1/images.py in the _enforce function.

Brian Waldon (bcwaldon) on 2012-03-15
Changed in glance:
milestone: none → essex-rc1
Brian Waldon (bcwaldon) on 2012-03-15
Changed in glance:
status: New → In Progress
importance: Undecided → Low
assignee: nobody → Brian Waldon (bcwaldon)

Reviewed: https://review.openstack.org/5410
Committed: http://github.com/openstack/glance/commit/e2e88d8aad7b9f7f2700bbb160058131f7e6d4ef
Submitter: Jenkins
Branch: master

commit e2e88d8aad7b9f7f2700bbb160058131f7e6d4ef
Author: Brian Waldon <email address hidden>
Date: Thu Mar 15 12:55:39 2012 -0700

    Return 403 when policy engine denies action

    * Fixes bug 956206

    Change-Id: I0447a1a86fed2456c912395a0ab7d6e0aba03f66

Changed in glance:
status: In Progress → Fix Committed
Brian Waldon (bcwaldon) wrote :

This fix was undone by commit 2e94076ca43ee3f31b1fc7f46b4c137d36bcd7db. Need to reapply the fix.

Changed in glance:
status: Fix Committed → In Progress
Brian Waldon (bcwaldon) on 2012-03-20
Changed in glance:
importance: Low → High

Reviewed: https://review.openstack.org/5572
Committed: http://github.com/openstack/glance/commit/b0a608c09f0cd83b8ab3cccc8a3851bc3c98733c
Submitter: Jenkins
Branch: master

commit b0a608c09f0cd83b8ab3cccc8a3851bc3c98733c
Author: Brian Waldon <email address hidden>
Date: Tue Mar 20 09:17:52 2012 -0700

    Ensure all unauthorized reponses return 403

    * Clean up authorization vs authentication failures internally
    * Remove ambiguous exception.NotAuthorized in favour of exception.Forbidden for authorization failures
    * Add exception.NotAuthenticated to make authentication failures more clear
    * Fixes bug 956206

    Change-Id: I39ce0fcd77d4f06273040a2aa4913a9be911ceab

Changed in glance:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2012-03-21
Changed in glance:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2012-04-05
Changed in glance:
milestone: essex-rc1 → 2012.1
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers