c6a4005049
Some of the endpoints are *highly* restricted in ironic's newer more stringently enforced RBAC world. Some of these endpoints would emit 500s by default, when realistically it was the policy definition saying "only system scope could be used" for the endpoint, but the reality is that 403 is what should have been returned for a client to properly understand what is going on. Change-Id: If5e13764dad886ba3ee1a848f3ff9f3279f4d7f6
9 lines
426 B
YAML
9 lines
426 B
YAML
---
|
|
fixes:
|
|
- |
|
|
Some of Ironic's API endpoints, when the new RBAC policy is being enforced,
|
|
were previously emitting *500* error codes when insufficent access rights were
|
|
being used, specifically because the policy required ``system`` scope. This
|
|
has been corrected, and the endpoints should now properly signal a *403* error
|
|
code if insufficient access rights are present for an authenticated requestor.
|