Status code of addSecurityGroup is wrong
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Opinion
|
Undecided
|
Unassigned |
Bug Description
Description
===========
Use action API to add security group. If the provided security group is not found, nova returns 404. This looks inconsistent with OpenStack API guideline [1]:
"""If a request contains a reference to a nonexistent resource in the body (not URI), the code should be 400 Bad Request. Do not use 404 NotFound because RFC 7231 (section 6.5.4) mentions the origin server did not find a current representation for the target resource for 404 and representation for the target resource means a URI"""
[1] http://
Steps to reproduce
==================
$ nova --debug add-secgroup test non-existing-sg
...
DEBUG (session:372) REQ: curl -g -i -X POST http://
DEBUG (connectionpool
DEBUG (connectionpool
DEBUG (session:419) RESP: [404] Date: Fri, 08 Dec 2017 20:05:29 GMT Server: Apache/2.4.18 (Ubuntu) OpenStack-
RESP BODY: {"itemNotFound": {"message": "Security group non-existing-sg is not found for project 83671dbeeb40419
...
Expected result
===============
Nova return 400
Actual result
=============
Nova returned 404
This API is deprecated and per following we need a micorversion which is not worthy
103 - changing a status code on a particular response
104
105 Example: changing the return code of an API from 501 to 400.
106
107 .. note:: Fixing a bug so that a 400+ code is returned rather than a 500 or
108 503 does not require a microversion change. It's assumed that clients are
109 not expected to handle a 500 or 503 response and therefore should not
110 need to opt-in to microversion changes that fixes a 500 or 503 response
111 from happening.
112 According to the OpenStack API Working Group, a
113 **500 Internal Server Error** should **not** be returned to the user for
114 failures due to user error that can be fixed by changing the request on
115 the client side. See [#f1]_.