Juniper Openstack

Analytics RBAC: Need to raise 403 rather than 401 if user doesnt have valid perms

Bug #1735022 reported by Senthilnathan Murugappan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R4.1
Fix Committed
Critical
Jack Jonnalagadda
Juniper Openstack r4.1.1.0
Trunk
Fix Committed
Critical
Jack Jonnalagadda
Juniper Openstack r5.0.0

Bug Description

We need to raise 403 rather than 401 when user doesnt have valid perms to access an object.
Since analytics raises 401 webUI logs out the user.

The member user isnt able to use security dashboard due to the same.

11/28/2017 04:10:03 PM - error: URL [http://10.84.7.18:8081/analytics/query] returned error ["Authentication required"]
11/28/2017 04:10:03 PM - error: Error Run Query: REST Server Error: Authentication required
    at APIServer.retryMakeCall (/usr/src/contrail/contrail-web-core/src/serverroot/common/rest.api.js:202:13)
    at Request.<anonymous> (/usr/src/contrail/contrail-web-core/src/serverroot/common/rest.api.js:333:18)
    at Request.emit (events.js:98:17)
    at Request.mixin._fireSuccess (/usr/lib64/node_modules/restler/lib/restler.js:250:10)
    at /usr/lib64/node_modules/restler/lib/restler.js:181:20
    at IncomingMessage.parsers.auto (/usr/lib64/node_modules/restler/lib/restler.js:414:7)
    at Request.mixin._encode (/usr/lib64/node_modules/restler/lib/restler.js:218:29)
    at /usr/lib64/node_modules/restler/lib/restler.js:177:16
    at Request.mixin._decode (/usr/lib64/node_modules/restler/lib/restler.js:193:7)
    at IncomingMessage.<anonymous> (/usr/lib64/node_modules/restler/lib/restler.js:170:14)

Senthilnathan Murugappan (msenthil)
tags: added: releasenote
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/40249
Submitter: Jack Jonnalagadda (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/40249
Committed: http://github.com/Juniper/contrail-analytics/commit/15f6c197ee4b7b47b770a92a79da5cac7a32781b
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 15f6c197ee4b7b47b770a92a79da5cac7a32781b
Author: Jackjvs <email address hidden>
Date: Mon Mar 12 19:21:03 2018 -0700

Update the HTTP exception raised when the requested resource is not
accessible.
Partial-Bug: #1735022

Change-Id: Iecc0b4f54090a1760aac25114fb550b1df893b15

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.1

Review in progress for https://review.opencontrail.org/41193
Submitter: Jack Jonnalagadda (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/41193
Committed: http://github.com/Juniper/contrail-controller/commit/5a8b86e2cbd3dd6735747fb6e1b5309705950f1b
Submitter: Zuul (<email address hidden>)
Branch: R4.1

commit 5a8b86e2cbd3dd6735747fb6e1b5309705950f1b
Author: Jackjvs <email address hidden>
Date: Thu Mar 29 11:15:56 2018 -0700

Update the HTTP exception raised when the requested resource is not
accessible. (double commit)
Closes-Bug: #1735022

Change-Id: I1ec1904245c2437b9055bd037983e7f39adb9c56

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.