No movement on this issue and I've explained my reasoning in comment #4.
We won't be re-writing response codes now since that's backwards
compatible.
** Changed in: keystone
Status: Triaged => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1524515
Title:
get sql-based Domain-specific driver configuration with incorrect
group in URL, expected response 404, actual 403
Status in OpenStack Identity (keystone):
Invalid
Bug description:
get sql-based Domain-specific driver configuration with incorrect
group in URL, expected response 404, actual 403:
With sql-based Domain-specific driver configuration set up connection to a
openldap or ad backend for a domain,
if an invalid/typo group name (e.g. [identity2], instead of [identity]) in
the request url for this domain is provided, we expect the response code 404
(not found), but actual is 403 (forbidden). The user actually has the
permission to access the configuration. 403 forbidden seems misleading.
Example:
~$ curl -k -H "X-Auth-Token:ADMIN" -XDELETE
http://localhost:35357/v3/domains/6a006689702640ba92d5e536b238e893/config/invalidgroup
Actual:
{"error": {"message": "Invalid domain specific configuration: Group identity2
is not supported for domain specific configurations", "code": 403, "title":
"Forbidden"}}
Expected:
~$ curl -k -H "X-Auth-Token:ADMIN" -XDELETE
http://localhost:35357/v3/domains/6a006689702640ba92d5e536b238e893/config/identity2
{"error": {"message": "Invalid domain specific configuration: Group identity2
is not supported for domain specific configurations", "code": 404, "title":
"Not Found"}}
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1524515/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
