Project

Profile

Help

Issue #1313

Issue #692: 400 should be returned if any of the parameters are invalid in permissions

Wrong error message after granting/revoking permission of unexisting user/role permission

Added by placko about 6 years ago. Updated over 1 year ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
1. Low
Version:
2.7.0 Beta
Platform Release:
2.7.0
OS:
RHEL 7
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Documentation, Easy Fix, Pulp 2
Sprint:
Quarter:

Description

After granting permission to nonexistent user wrong error message and code are returned from server:

$ curl -X POST -d '{"operations": ["EXECUTE"], "login": "UnexistantLogin", "resource": "/"}'
headers={'content-type': 'application/json'} https://server/pulp/api/v2/permissions/actions/grant_to_user/
--cacert myca.crt -u admin:admin

{"http_request_method": "POST", "exception": null, "error_message": "Invalid properties: ['login']",
"property_names": ["login"], "_href": "/pulp/api/v2/permissions/actions/grant_to_user/", "http_status": 400,
"error": {"code": "PLP0015", "data": {"property_names": ["login"], "properties": "['login']"},
"description": "Invalid properties: ['login']", "sub_errors": []}, "traceback": null}

while expected response is

{"http_request_method": "POST", "exception": null, "error_message": "Missing resource(s): user=UnexistantLogin", 
"_href": "/pulp/api/v2/permissions/actions/grant_to_user/", "http_status": 404, "error": {"code": "PLP0009",
"data": {"resources": {"user": "UnexistantLogin"}}, "description": "Missing resource(s): user=UnexistantLogin", "sub_errors": []},
"traceback": null, "resources": {"user": "UnexistantLogin"}}

Similarly for revoking nonexistent user permission:

$ curl -X POST -d '{"operations": ["EXECUTE"], "login": "UnexistantLogin", "resource": "/"}'
headers={'content-type': 'application/json'} https://server/pulp/api/v2/permissions/actions/revoke_from_user/
--cacert myca.crt -u admin:admin

{"http_request_method": "POST", "exception": null, "error_message": "Invalid properties: ['login']",
"property_names": ["login"], "_href": "/pulp/api/v2/permissions/actions/revoke_from_user/", "http_status": 400,
"error": {"code": "PLP0015", "data": {"property_names": ["login"], "properties": "['login']"},
"description": "Invalid properties: ['login']", "sub_errors": []}, "traceback": null}

granting permissions to nonexistent role:

$ curl -X POST -d '{"operations": ["EXECUTE"], "role_id": "UnexistantRole", "resource": "/"}'
headers={'content-type': 'application/json'} https://server/pulp/api/v2/permissions/actions/grant_to_role/
--cacert myca.crt -u admin:admin

{"http_request_method": "POST", "exception": null, "error_message": "Invalid properties: ['role_id']",
"property_names": ["role_id"], "_href": "/pulp/api/v2/permissions/actions/grant_to_role/", "http_status": 400,
"error": {"code": "PLP0015", "data": {"property_names": ["role_id"], "properties": "['role_id']"},
"description": "Invalid properties: ['role_id']", "sub_errors": []}, "traceback": null}

and revoking permissions from nonexistent role:

$ curl -X POST -d '{"operations": ["EXECUTE"] "role_id": "UnexistantRole", "resource": "/"}'
headers={'content-type': 'application/json'} https://server/pulp/api/v2/permissions/actions/revoke_from_role/
--cacert myca.crt -u admin:admin

{"http_request_method": "POST", "exception": null, "error_message": "Invalid properties: ['role_id']",
"property_names": ["role_id"], "_href": "/pulp/api/v2/permissions/actions/revoke_from_role/", "http_status": 400,
"error": {"code": "PLP0015", "data": {"property_names": ["role_id"], "properties": "['role_id']"},
"description": "Invalid properties: ['role_id']", "sub_errors": []}, "traceback": null}

History

#1 Updated by dkliban@redhat.com almost 6 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to amacdona@redhat.com
  • Platform Release set to 2.7.0
  • Triaged changed from No to Yes

#2 Updated by amacdona@redhat.com almost 6 years ago

  • Tags Documentation, Easy Fix added

The docs state that if the parameters are invalid that a 404 is returned, which is consistent with the expected behavior above, but this is actually incorrect. Since the parameters are not in the url, a 400 is correct, and the docs should be changed.

http://pulp.readthedocs.org/en/latest/dev-guide/integration/rest-api/permission/actions.html

#3 Updated by amacdona@redhat.com almost 6 years ago

  • Status changed from ASSIGNED to CLOSED - DUPLICATE
  • Parent task set to #692

#4 Updated by amacdona@redhat.com almost 6 years ago

Despite having been fixed, the docs just needed a new build.

#5 Updated by bmbouter over 2 years ago

  • Tags Pulp 2 added

#6 Updated by bmbouter over 1 year ago

  • Category deleted (14)

We are removing the 'API' category per open floor discussion June 16, 2020.

Please register to edit this issue

Also available in: Atom PDF