Public bug reported: While writing a functional test I stumbled on the following inconsistency:
When glance-api is launched with default flavor (no authentication) and glance-registry with fakeauth flavor (or any other requiring user token) any CRUD operation via api without a valid token should return 401, as long as the user receives 401 from glance registry. But the expected behaviour is not observed with glance v2 api. The user can still perform any operation without supplying a token in headers. I covered the issue in a test: https://review.openstack.org/#/c/180615/ ** Affects: glance Importance: Undecided Status: New ** Description changed: While writing a functional test I stumbled on the following - inconsistency with no authorization/authorization flavors: + inconsistency: When glance-api is launched with default flavor (no authentication) and glance-registry with fakeauth flavor (or any other requiring user token) any CRUD operation via api without a valid token should return 401, as long as the user receives 401 from glance registry. But the expected behaviour is not observed with glance v2 api. The user can still perform any operation without supplying a token in headers. I covered the issue in a test: https://review.openstack.org/#/c/180615/ -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1454792 Title: Inconsistency with authorization in functional test environment Status in OpenStack Image Registry and Delivery Service (Glance): New Bug description: While writing a functional test I stumbled on the following inconsistency: When glance-api is launched with default flavor (no authentication) and glance-registry with fakeauth flavor (or any other requiring user token) any CRUD operation via api without a valid token should return 401, as long as the user receives 401 from glance registry. But the expected behaviour is not observed with glance v2 api. The user can still perform any operation without supplying a token in headers. I covered the issue in a test: https://review.openstack.org/#/c/180615/ To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1454792/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
