Difficult to understand message when using incorrect role against object in Neutron

Bug #1290895 reported by Sudipta Biswas
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Invalid
Undecided
Sudipta Biswas

Bug Description

When a user runs an action against an object in neutron for which they
don't have authority to (perhaps their role allows read of the object,
but not update), they get the message "The resource could not be found".
For example: User doesn't have the privilege to edit a network and
attempts doing that but ends up getting the resource not found message.

This is a bad message because the object they just read in is now
stating that it does not exist. This is not true, the root issue is that they
do not have authority to it.

 One can argue that for security reasons, we should state that the object
 does not exist. However, it creates a odd scenario where you have
 certain roles that can read an object, but then not write to it.

 I'm proposing that we change the message to "The resource could not be
 found or user's role does not have sufficient privileges to run the
 operation."

Two identified test cases applicable to this would be the remove/edit
networks.

Changed in neutron:
assignee: nobody → Sudipta Biswas (sbiswas7)
Revision history for this message
Eugene Nikanorov (enikanorov) wrote :

That's an intended behavior. User that doesn't have access to a resource should not know whether it exists or not

Changed in neutron:
status: New → Invalid
Revision history for this message
Drew Thorstensen (thorst) wrote :

Eugene,

I believe Neutron has four different authorization levels. Create, Read, Update and Delete.

Lets say a role of 'deployer' has Read auth to Networks and Subnets, and then CRUD operations to Ports. If they try to run an operation against a Network such as Update, Neutron states the resource is not found.

I would agree with your assessment if the users had no access to the object. However, what about the scenarios where they have some degree of access (typically read) to the object, but the action they are running against that object is not allowed?

Maybe something where, if the user running the action does has Read auth, but not Create/Update/Delete auth, we provide a different message rather than Resource Not Found when the user tries to run those un-authorized operations?

Thoughts?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers