From e2e88d8aad7b9f7f2700bbb160058131f7e6d4ef Mon Sep 17 00:00:00 2001 From: Brian Waldon Date: Thu, 15 Mar 2012 12:55:39 -0700 Subject: [PATCH] Return 403 when policy engine denies action * Fixes bug 956206 Change-Id: I0447a1a86fed2456c912395a0ab7d6e0aba03f66 --- glance/api/v1/images.py | 3 +-- glance/tests/unit/test_api.py | 12 ++++++------ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/glance/api/v1/images.py b/glance/api/v1/images.py index 82a8d3ed77..f0bdd8b12f 100644 --- a/glance/api/v1/images.py +++ b/glance/api/v1/images.py @@ -29,7 +29,6 @@ from webob.exc import (HTTPError, HTTPConflict, HTTPBadRequest, HTTPForbidden, - HTTPUnauthorized, HTTPRequestEntityTooLarge, HTTPServiceUnavailable, ) @@ -104,7 +103,7 @@ class Controller(controller.BaseController): try: self.policy.enforce(req.context, action, {}) except exception.NotAuthorized: - raise HTTPUnauthorized() + raise HTTPForbidden() def index(self, req): """ diff --git a/glance/tests/unit/test_api.py b/glance/tests/unit/test_api.py index 9db6b36d09..99c4f1f65a 100644 --- a/glance/tests/unit/test_api.py +++ b/glance/tests/unit/test_api.py @@ -2194,7 +2194,7 @@ class TestGlanceAPI(base.IsolatedUnitTest): req.headers['Content-Type'] = 'application/octet-stream' req.body = "chunk00000remainder" res = req.get_response(self.api) - self.assertEquals(res.status_int, 401) + self.assertEquals(res.status_int, 403) def _do_test_post_image_content_missing_format(self, missing): """Tests creation of an image with missing format""" @@ -2563,14 +2563,14 @@ class TestGlanceAPI(base.IsolatedUnitTest): self.set_policy_rules(rules) req = webob.Request.blank('/images/detail') res = req.get_response(self.api) - self.assertEquals(res.status_int, 401) + self.assertEquals(res.status_int, 403) def test_get_images_unauthorized(self): rules = {"get_images": [["false:false"]]} self.set_policy_rules(rules) req = webob.Request.blank('/images/detail') res = req.get_response(self.api) - self.assertEquals(res.status_int, 401) + self.assertEquals(res.status_int, 403) def test_store_location_not_revealed(self): """ @@ -2732,7 +2732,7 @@ class TestGlanceAPI(base.IsolatedUnitTest): req = webob.Request.blank("/images/%s" % UUID2) req.method = 'HEAD' res = req.get_response(self.api) - self.assertEquals(res.status_int, 401) + self.assertEquals(res.status_int, 403) def test_show_image_basic(self): req = webob.Request.blank("/images/%s" % UUID2) @@ -2751,7 +2751,7 @@ class TestGlanceAPI(base.IsolatedUnitTest): self.set_policy_rules(rules) req = webob.Request.blank("/images/%s" % UUID2) res = req.get_response(self.api) - self.assertEqual(res.status_int, 401) + self.assertEqual(res.status_int, 403) def test_delete_image(self): req = webob.Request.blank("/images/%s" % UUID2) @@ -2833,7 +2833,7 @@ class TestGlanceAPI(base.IsolatedUnitTest): req = webob.Request.blank("/images/%s" % UUID2) req.method = 'DELETE' res = req.get_response(self.api) - self.assertEquals(res.status_int, 401) + self.assertEquals(res.status_int, 403) def test_get_details_invalid_marker(self): """