OpenStack Identity (keystone)

Application credential role validation has inconsistent error handling

Bug #1818085 reported by Colleen Murphy on 2019-02-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Confirmed	Wishlist	Unassigned

Bug Description

If a role is provided by ID, keystone validates it in the app cred manager and a NotFound is properly masked as a validation error by the controller. If a role is provided by name, keystone searches for it in _normalize_role_list in the controller and will raise a NotFound there, which is returned directly to the user. The problem is demonstrated by this test:

https://review.openstack.org/640035

Not sure if we can actually do anything about this without technically breaking the v3 API.

Colleen Murphy (krinkle) on 2019-03-01

Changed in keystone:
status:	New → Confirmed
importance:	Undecided → Wishlist

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.