Pecan is missing the logic to hide authorization failures as 404s
Bug #1714388 reported by
Kevin Benton
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Kevin Benton |
Bug Description
The pecan code is missing the logic to translate some of the authorization failures into 404s instead of 403's.
Changed in neutron: | |
importance: | Undecided → High |
Changed in neutron: | |
assignee: | nobody → Kevin Benton (kevinbenton) |
status: | New → In Progress |
tags: | added: neutron-proactive-backport-potential |
tags: | removed: neutron-proactive-backport-potential |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/499433 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=fe8107a8179 deca093463bbc95 b6ba8b54915bf7
Committed: https:/
Submitter: Jenkins
Branch: master
commit fe8107a8179deca 093463bbc95b6ba 8b54915bf7
Author: Kevin Benton <email address hidden>
Date: Wed Aug 30 20:15:49 2017 -0700
Pecan: fix logic of hiding authZ failures as 404s
Change [1] altered the behavior of the legacy API controller
to do the sane thing and return an HTTP 403 instead of a 404
whenever a user got a policy authorization failure when trying
to mutate a resource they have the permission to view.
This carries the same logic over to the pecan API.
This also adjusts the logic for GET requests to return 404s
instead of 403s to match the resource hiding behavior of the
old controller.
1. I7a5b0a9e89c8a7 1490dd74497794a 52489f46cd2
Closes-Bug: #1714388 c2927bebe9c581b 83e6fbe010b
Change-Id: I9e0d288a42bc63