Versioned discovery endpoint should not require authentication
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Eric Fried |
Bug Description
stack@nucle:
+------
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+------
<snip>
| 9d483c8a6162422
<snip>
+------
stack@nucle:
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
Discovery endpoints should not require authentication.
(I'm still looking for the doc that contains this edict; but ask mordred or anyone on the api-sig.)
Changed in nova: | |
assignee: | Eric Fried (efried) → melanie witt (melwitt) |
Changed in nova: | |
assignee: | melanie witt (melwitt) → Eric Fried (efried) |
tags: | added: api |
Changed in nova: | |
importance: | Undecided → Medium |
> (I'm still looking for the doc that contains this edict; but ask mordred or anyone on the api-sig.)
this document has not been published but has been discussed for quite awhile now. you can see the review here:
https:/ /review. opendev. org/#/c/ 459710/ 17/guidelines/ discoverability .rst
see line 93
we (the api-sig), are working to get these backlogged guidelines published but this point about un-authenticated access to the version discovery is not in dispute.