Application credential role validation has inconsistent error handling

Bug #1818085 reported by Colleen Murphy on 2019-02-28
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Wishlist
Unassigned

Bug Description

If a role is provided by ID, keystone validates it in the app cred manager and a NotFound is properly masked as a validation error by the controller. If a role is provided by name, keystone searches for it in _normalize_role_list in the controller and will raise a NotFound there, which is returned directly to the user. The problem is demonstrated by this test:

https://review.openstack.org/640035

Not sure if we can actually do anything about this without technically breaking the v3 API.

Colleen Murphy (krinkle) on 2019-03-01
Changed in keystone:
status: New → Confirmed
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers