Poppy

HTTP 403 should only be used for Identity/Authentication issues

Bug #1580171 reported by Brian Metzler on 2016-05-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Poppy	Invalid	Undecided	Brian Metzler

Bug Description

HTTP 403 is being returned if the project_id Quota Limits have been reached. HTTP 403 and 401 should be used for Authentication level issues. By using it in Quota Limits it causes unforeseen issues with client applications/websites if the project_id's quota has been reached.

https://github.com/openstack/poppy/blob/master/poppy/transport/pecan/controllers/v1/services.py#L238

Brian Metzler (brian-metzler) on 2016-05-10

Changed in poppy:
assignee:	nobody → Brian Metzler (brian-metzler)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-05-10: Fix proposed to poppy (master)

Fix proposed to branch: master
Review: https://review.openstack.org/314589

Changed in poppy:
status:	New → In Progress

Revision history for this message

Brian Metzler (brian-metzler) wrote on 2016-05-10:

Based on the HTTP Guidelines on OpenStack, HTTP 403 is valid for this response.

Marking this bug as Invalid.

https://github.com/openstack/api-wg/blob/384803a489af7ccdab59a2b52f6fa2c3e5db76c2/guidelines/http.rst

Failure Code Clarifications
If the request results in the OpenStack user exceeding his or her quota, the return code should be 403 Forbidden. Do not use 413 Request Entity Too Large.

Changed in poppy:
status:	In Progress → Invalid

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-09: Change abandoned on poppy (master)

Change abandoned by Amit Gandhi (<email address hidden>) on branch: master
Review: https://review.openstack.org/314589

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.