OpenStack Identity (keystone)

  1. Series liberty
  2. Bug #1541621
  3. Comment #6

Comment 6 for bug 1541621

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/277436
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=f1792f4089ccf28ec870104d0853e7fba242f24c
Submitter: Jenkins
Branch: master

commit f1792f4089ccf28ec870104d0853e7fba242f24c
Author: Raildo Mascena <email address hidden>
Date: Mon Feb 8 14:58:34 2016 +0000

    Return 404 instead of 401 for tokens w/o roles

    If a scoped-token was validated and the user didn't have any role assignment
    on a project, keystone would return a 401 Unauthorized. This was the
    case when the fernet token provider was enabled because the reference is
    rebuilt on every request. The uuid token provider has a different behavior - if
    the token isn't found in the backend a 404 Not Found is returned. Furthermore,
    for persisted tokens, any validation error will result in 404, such as in the
    case where user no longer have any roles assigned for the given scope.

    These two behaviors should be consistent regardless of the token provider.

    Closes-Bug: 1541621
    Change-Id: If9fd6060ed13a7c03ab8d70ebed1adecafef9160