Merge "Dont enforce when HTTP GET on s3tokens and ec2tokens"

2024-03-08 17:05:42 +00:00 · 2024-03-08 17:05:42 +00:00 · 8c2d5769a1
parent 57833a2e96 6096457d74
commit 8c2d5769a1
4 changed files with 21 additions and 0 deletions
--- a/keystone/api/_shared/EC2_S3_Resource.py
+++ b/keystone/api/_shared/EC2_S3_Resource.py
@ -31,6 +31,7 @@ CRED_TYPE_EC2 = 'ec2'


 class ResourceBase(ks_flask.ResourceBase):
+    @ks_flask.unenforced_api
    def get(self):
        # SPECIAL CASE: GET is not allowed, raise METHOD_NOT_ALLOWED
        raise exceptions.MethodNotAllowed(valid_methods=['POST'])
--- a/keystone/tests/unit/test_contrib_ec2_core.py
+++ b/keystone/tests/unit/test_contrib_ec2_core.py
@ -37,6 +37,13 @@ class EC2ContribCoreV3(test_v3.RestfulTestCase):
        PROVIDERS.credential_api.create_credential(
            self.credential['id'], self.credential)

+    def test_http_get_method_not_allowed(self):
+        resp = self.get('/ec2tokens',
+                        expected_status=http.client.METHOD_NOT_ALLOWED,
+                        convert=False)
+        self.assertEqual(http.client.METHOD_NOT_ALLOWED,
+                         resp.status_code)
+
    def test_valid_authentication_response_with_proper_secret(self):
        signer = ec2_utils.Ec2Signer(self.cred_blob['secret'])
        timestamp = utils.isotime(timeutils.utcnow())
--- a/keystone/tests/unit/test_contrib_s3_core.py
+++ b/keystone/tests/unit/test_contrib_s3_core.py
@ -39,6 +39,13 @@ class S3ContribCore(test_v3.RestfulTestCase):
        PROVIDERS.credential_api.create_credential(
            self.credential['id'], self.credential)

+    def test_http_get_method_not_allowed(self):
+        resp = self.get('/s3tokens',
+                        expected_status=http.client.METHOD_NOT_ALLOWED,
+                        convert=False)
+        self.assertEqual(http.client.METHOD_NOT_ALLOWED,
+                         resp.status_code)
+
    def test_good_response(self):
        sts = 'string to sign'  # opaque string from swift3
        sig = hmac.new(self.cred_blob['secret'].encode('ascii'),
--- a/releasenotes/notes/dont-enforce-get-s3tokens-ec2tokens-62b90b199e8075d8.yaml
+++ b/releasenotes/notes/dont-enforce-get-s3tokens-ec2tokens-62b90b199e8075d8.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    [`bug 2052916 <https://bugs.launchpad.net/keystone/+bug/2052916>`_]
+    Fixed a bug where a HTTP GET request against ``/v3/s3tokens`` or
+    ``/v3/ec2tokens`` would return HTTP 500 instead of HTTP 405.