API returns 401 for /v2.1 (when no auth provided)

Bug #1862477 reported by Radosław Piliszek
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Confirmed
Undecided
Unassigned

Bug Description

As the subject goes, nova-api returns 401 for /v2.1 (when no auth provided). This is far from sensitive information as it is revealed on / which does not return 401.

I discovered this debugging js-openstack-lib.

This is not a problem for other tested services (neutron, glance) as they are registered w/o version in catalog.

(please let me know if this is actually desired behavior)

Tags: api
tags: added: api
Revision history for this message
Balazs Gibizer (balazs-gibizer) wrote :

With a valid token:
* GET http://192.168.121.129/compute/v2.1 -> returns 302
* GET http://192.168.121.129/compute/v2.1/ -> returns the version document
* GET http://192.168.121.129/compute -> returns the version document
* GET http://192.168.121.129/compute/ -> returns the version document

Without token
* GET http://192.168.121.129/compute/v2.1 -> 401
* GET http://192.168.121.129/compute/v2.1/ -> 401
* GET http://192.168.121.129/compute -> returns the version document
* GET http://192.168.121.129/compute/ -> returns the version document

So this still seems to be inconsistent

Changed in nova:
status: New → Confirmed
Revision history for this message
Balazs Gibizer (balazs-gibizer) wrote :

Hold on, we have a fairly recent patch https://review.opendev.org/#/c/685181/ I did not have in my devstack for the above test. retesting...

Revision history for this message
Balazs Gibizer (balazs-gibizer) wrote :

OK I confirmed that https://review.opendev.org/#/c/685181/ fixed the reported bug and now with and without the token each query returns the same version document.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.