Application credential role validation has inconsistent error handling

Bug #1818085 reported by Colleen Murphy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Confirmed
Wishlist
Unassigned

Bug Description

If a role is provided by ID, keystone validates it in the app cred manager and a NotFound is properly masked as a validation error by the controller. If a role is provided by name, keystone searches for it in _normalize_role_list in the controller and will raise a NotFound there, which is returned directly to the user. The problem is demonstrated by this test:

https://review.openstack.org/640035

Not sure if we can actually do anything about this without technically breaking the v3 API.

Colleen Murphy (krinkle)
Changed in keystone:
status: New → Confirmed
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.