[RFE] 403 Forbidden improper usages cleanup
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ironic |
Confirmed
|
Wishlist
|
Joanna Taryma |
Bug Description
403 Forbidden error code is authorization related header, which is described in RFC 7231: https:/
403 Forbidden is returned by following exception classes:
* NotAuthorized
* OperationNotPer
* ExclusiveLockRe
* ImageNotAuthorized (inherits from NotAuthorized, raised when glance service returns Forbidden or Unauthorized)
* HTTPForbidden (inherits from NotAuthorized)
It is returned by ironic API in following cases (all of them by OperationNotPer
* retrieve single node using chassis parent resource: GET /chassis/
* create a node using chassis parent resource: POST /chassis/<>/nodes
* update a node using chassis parent resource: PATCH /chassis/
* delete a node using chassis parent resource: DELETE /chassis/
* get port list filtered by both node and port group using parent resource path and/or query parameters
* get one port using node or port group parent resource path: GET /nodes/<>/ports/<> or GET /portgroups/
* create a port using node or port group parent resource path: POST /nodes/<>/ports or POST /portgroups/
* update a port using node or port group parent resource path: PATCH /nodes/<>/ports/<> or PATCH /portgroups/
* delete a port using node or port group parent resource path: DELETE /nodes/<>/ports/<> or DELETE /portgroups/
* get one port group using node parent resource: GET /nodes/
* create a port group using node parent resource: POST /nodes/
* update a port group using node parent resource: PATCH /nodes/
* delete a port group using node parent resource: DELETE /nodes/
All of these cases unrelated to reasons described in RFC, and should result in 400 Bad Request due to malformed (not handled by the server) URI. In this way, error response in listed cases will be more meaningful and intuitive.
Additionally, NotAuthorized exception should be renamed to Forbidden, because currently is misleading and can lead to the assumption that it returns 401 Unauthorized. NotAuthorized is a legacy name, that was copied from nova at the beginning of ironic project, however nova has it renamed to Forbidden already.
Changed in ironic: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in ironic: | |
importance: | Low → Wishlist |
Changed in ironic: | |
assignee: | nobody → Joanna Taryma (jtaryma) |
tags: | added: needs-spec |
Related fix proposed to branch: master /review. openstack. org/453926
Review: https:/