OpenStack Image Registry and Delivery Service (Glance)

401 and 403 errors treated indistinguishably by client

Reported by Gabriel Hurley on 2012-03-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
High
Gabriel Hurley

Bug Description

Glance's client code treats status codes 401 (Not Authorized) and 403 (Forbidden) as the same error, and consequently raises the same exception for each: https://github.com/openstack/glance/blob/master/glance/common/client.py#L533

This is inappropriate, as the two are distinct errors with different meanings, and different actions need to be taken for each. The key distinction being that with a 401 you might be able to complete the request with proper authorization, whereas with 403 "Authorization will not help and the request SHOULD NOT be repeated." (from the W3C spec).

Without distinct exceptions in the client this can't be respected by any handler.

Changed in glance:
assignee: nobody → Gabriel Hurley (gabriel-hurley)
status: New → Confirmed

Fix proposed to branch: master
Review: https://review.openstack.org/5435

Changed in glance:
status: Confirmed → In Progress
Brian Waldon (bcwaldon) on 2012-03-16
Changed in glance:
milestone: none → essex-rc1
Jay Pipes (jaypipes) on 2012-03-16
Changed in glance:
importance: Undecided → High

Reviewed: https://review.openstack.org/5435
Committed: http://github.com/openstack/glance/commit/2e94076ca43ee3f31b1fc7f46b4c137d36bcd7db
Submitter: Jenkins
Branch: master

commit 2e94076ca43ee3f31b1fc7f46b4c137d36bcd7db
Author: Gabriel Hurley <email address hidden>
Date: Thu Mar 15 16:09:08 2012 -0700

    Disambiguates HTTP 401 and HTTP 403 in Glance. Fixes bug 956513.

    Change-Id: I82865293f60eabaf3bc40b40dc9c8612b12a6d1b

Changed in glance:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2012-03-21
Changed in glance:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2012-04-05
Changed in glance:
milestone: essex-rc1 → 2012.1
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers