OpenStack Compute (nova)

Status code of addSecurityGroup is wrong

Bug #1737241 reported by hongbin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Opinion
Undecided
Unassigned

Bug Description

Description
===========
Use action API to add security group. If the provided security group is not found, nova returns 404. This looks inconsistent with OpenStack API guideline [1]:

"""If a request contains a reference to a nonexistent resource in the body (not URI), the code should be 400 Bad Request. Do not use 404 NotFound because RFC 7231 (section 6.5.4) mentions the origin server did not find a current representation for the target resource for 404 and representation for the target resource means a URI"""

[1] http://specs.openstack.org/openstack/api-wg/guidelines/http.html#failure-code-clarifications

Steps to reproduce
==================
$ nova --debug add-secgroup test non-existing-sg
...
DEBUG (session:372) REQ: curl -g -i -X POST http://10.0.0.3/compute/v2.1/servers/4f3b3e80-9fc4-4cc0-88cf-4bd5ad5e32d4/action -H "Accept: application/json" -H "User-Agent: python-novaclient" -H "OpenStack-API-Version: compute 2.53" -H "X-OpenStack-Nova-API-Version: 2.53" -H "X-Auth-Token: {SHA1}b130c61edb329e757ec574b6bb3c98b1a5aa4c87" -H "Content-Type: application/json" -d '{"addSecurityGroup": {"name": "non-existing-sg"}}'
DEBUG (connectionpool:243) Resetting dropped connection: 10.0.0.3
DEBUG (connectionpool:396) http://10.0.0.3:80 "POST /compute/v2.1/servers/4f3b3e80-9fc4-4cc0-88cf-4bd5ad5e32d4/action HTTP/1.1" 404 134
DEBUG (session:419) RESP: [404] Date: Fri, 08 Dec 2017 20:05:29 GMT Server: Apache/2.4.18 (Ubuntu) OpenStack-API-Version: compute 2.53 X-OpenStack-Nova-API-Version: 2.53 Vary: OpenStack-API-Version,X-OpenStack-Nova-API-Version Content-Type: application/json; charset=UTF-8 Content-Length: 134 x-openstack-request-id: req-f64bd0fa-87e0-4de6-a21c-05646a63e83c x-compute-request-id: req-f64bd0fa-87e0-4de6-a21c-05646a63e83c Connection: close
RESP BODY: {"itemNotFound": {"message": "Security group non-existing-sg is not found for project 83671dbeeb40419585aa608be674bda4", "code": 404}}
...

Expected result
===============
Nova return 400

Actual result
=============
Nova returned 404

See original description
Tags: api
hongbin (hongbin034)
description: updated
description: updated
Takashi Natsume (natsume-takashi)
tags: added: api
Revision history for this message
jichenjc (jichenjc) wrote :

This API is deprecated and per following we need a micorversion which is not worthy

103 - changing a status code on a particular response
104
105 Example: changing the return code of an API from 501 to 400.
106
107 .. note:: Fixing a bug so that a 400+ code is returned rather than a 500 or
108 503 does not require a microversion change. It's assumed that clients are
109 not expected to handle a 500 or 503 response and therefore should not
110 need to opt-in to microversion changes that fixes a 500 or 503 response
111 from happening.
112 According to the OpenStack API Working Group, a
113 **500 Internal Server Error** should **not** be returned to the user for
114 failures due to user error that can be fixed by changing the request on
115 the client side. See [#f1]_.

Changed in nova:
status: New → Opinion
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.