2ae14cc9ad
When a user is not authorized to see a given resource, we need to convert HTTP 403s into HTTP 404s to avoid giving away information that the resource exists. However, the previous code was being overaggressive and doing this conversion even in some cases where the user is allowed to see the resource and really needs to know that what they were trying to do is forbidden, not be told that the resource doesn't exist. This fixes that logic to only do the 403 to 404 conversion when truly appropriate. Change-Id: I7a5b0a9e89c8a71490dd74497794a52489f46cd2 Closes-Bug: 1682621 |
||
---|---|---|
.. | ||
api | ||
common | ||
scenario | ||
services | ||
README.rst | ||
__init__.py | ||
config.py | ||
exceptions.py | ||
plugin.py |
README.rst
WARNING
The files under this path were copied from tempest as part of the move of the api tests, and they will be removed as required over time to minimize the dependency on the tempest testing framework. While it exists, only neutron.tests.tempest.api and neutron.tests.retargetable should be importing files from this path. neutron.tests.tempest.config uses the global cfg.CONF instance and importing it outside of the api tests has the potential to break Neutron's use of cfg.CONF.