Issue #1313
closedIssue #692: 400 should be returned if any of the parameters are invalid in permissions
Wrong error message after granting/revoking permission of unexisting user/role permission
Description
After granting permission to nonexistent user wrong error message and code are returned from server:
$ curl -X POST -d '{"operations": ["EXECUTE"], "login": "UnexistantLogin", "resource": "/"}'
headers={'content-type': 'application/json'} https://server/pulp/api/v2/permissions/actions/grant_to_user/
--cacert myca.crt -u admin:admin
{"http_request_method": "POST", "exception": null, "error_message": "Invalid properties: ['login']",
"property_names": ["login"], "_href": "/pulp/api/v2/permissions/actions/grant_to_user/", "http_status": 400,
"error": {"code": "PLP0015", "data": {"property_names": ["login"], "properties": "['login']"},
"description": "Invalid properties: ['login']", "sub_errors": []}, "traceback": null}
while expected response is
{"http_request_method": "POST", "exception": null, "error_message": "Missing resource(s): user=UnexistantLogin",
"_href": "/pulp/api/v2/permissions/actions/grant_to_user/", "http_status": 404, "error": {"code": "PLP0009",
"data": {"resources": {"user": "UnexistantLogin"}}, "description": "Missing resource(s): user=UnexistantLogin", "sub_errors": []},
"traceback": null, "resources": {"user": "UnexistantLogin"}}
Similarly for revoking nonexistent user permission:
$ curl -X POST -d '{"operations": ["EXECUTE"], "login": "UnexistantLogin", "resource": "/"}'
headers={'content-type': 'application/json'} https://server/pulp/api/v2/permissions/actions/revoke_from_user/
--cacert myca.crt -u admin:admin
{"http_request_method": "POST", "exception": null, "error_message": "Invalid properties: ['login']",
"property_names": ["login"], "_href": "/pulp/api/v2/permissions/actions/revoke_from_user/", "http_status": 400,
"error": {"code": "PLP0015", "data": {"property_names": ["login"], "properties": "['login']"},
"description": "Invalid properties: ['login']", "sub_errors": []}, "traceback": null}
granting permissions to nonexistent role:
$ curl -X POST -d '{"operations": ["EXECUTE"], "role_id": "UnexistantRole", "resource": "/"}'
headers={'content-type': 'application/json'} https://server/pulp/api/v2/permissions/actions/grant_to_role/
--cacert myca.crt -u admin:admin
{"http_request_method": "POST", "exception": null, "error_message": "Invalid properties: ['role_id']",
"property_names": ["role_id"], "_href": "/pulp/api/v2/permissions/actions/grant_to_role/", "http_status": 400,
"error": {"code": "PLP0015", "data": {"property_names": ["role_id"], "properties": "['role_id']"},
"description": "Invalid properties: ['role_id']", "sub_errors": []}, "traceback": null}
and revoking permissions from nonexistent role:
$ curl -X POST -d '{"operations": ["EXECUTE"] "role_id": "UnexistantRole", "resource": "/"}'
headers={'content-type': 'application/json'} https://server/pulp/api/v2/permissions/actions/revoke_from_role/
--cacert myca.crt -u admin:admin
{"http_request_method": "POST", "exception": null, "error_message": "Invalid properties: ['role_id']",
"property_names": ["role_id"], "_href": "/pulp/api/v2/permissions/actions/revoke_from_role/", "http_status": 400,
"error": {"code": "PLP0015", "data": {"property_names": ["role_id"], "properties": "['role_id']"},
"description": "Invalid properties: ['role_id']", "sub_errors": []}, "traceback": null}
Updated by dkliban@redhat.com over 8 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to amacdona@redhat.com
- Platform Release set to 2.7.0
- Triaged changed from No to Yes
Updated by amacdona@redhat.com over 8 years ago
- Tags Documentation, Easy Fix added
The docs state that if the parameters are invalid that a 404 is returned, which is consistent with the expected behavior above, but this is actually incorrect. Since the parameters are not in the url, a 400 is correct, and the docs should be changed.
http://pulp.readthedocs.org/en/latest/dev-guide/integration/rest-api/permission/actions.html
Updated by amacdona@redhat.com over 8 years ago
- Status changed from ASSIGNED to CLOSED - DUPLICATE
- Parent issue set to #692
Updated by amacdona@redhat.com over 8 years ago
Despite having been fixed, the docs just needed a new build.
Updated by bmbouter almost 4 years ago
- Category deleted (
14)
We are removing the 'API' category per open floor discussion June 16, 2020.