Dont enforce when HTTP GET on s3tokens and ec2tokens

When calling the s3tokens or ec2tokens API with a HTTP GET we should get a 405 Method Not Allowed but we get a 500 Internal Server Error because we enforce that method. Closes-Bug: #2052916 Change-Id: I5f60d10dc25551175cc73ca8f3f28b0b95ec9f99 Signed-off-by: Tobias Urdin <tobias.urdin@binero.se>
2024-02-12 08:36:53 +00:00 · 2024-02-12 08:36:53 +00:00 · 6096457d74
parent db0ff10476
commit 6096457d74
4 changed files with 21 additions and 0 deletions
--- a/keystone/api/_shared/EC2_S3_Resource.py
+++ b/keystone/api/_shared/EC2_S3_Resource.py
@ -31,6 +31,7 @@ CRED_TYPE_EC2 = 'ec2'


 class ResourceBase(ks_flask.ResourceBase):
+    @ks_flask.unenforced_api
    def get(self):
        # SPECIAL CASE: GET is not allowed, raise METHOD_NOT_ALLOWED
        raise exceptions.MethodNotAllowed(valid_methods=['POST'])
--- a/keystone/tests/unit/test_contrib_ec2_core.py
+++ b/keystone/tests/unit/test_contrib_ec2_core.py
@ -37,6 +37,13 @@ class EC2ContribCoreV3(test_v3.RestfulTestCase):
        PROVIDERS.credential_api.create_credential(
            self.credential['id'], self.credential)

+    def test_http_get_method_not_allowed(self):
+        resp = self.get('/ec2tokens',
+                        expected_status=http.client.METHOD_NOT_ALLOWED,
+                        convert=False)
+        self.assertEqual(http.client.METHOD_NOT_ALLOWED,
+                         resp.status_code)
+
    def test_valid_authentication_response_with_proper_secret(self):
        signer = ec2_utils.Ec2Signer(self.cred_blob['secret'])
        timestamp = utils.isotime(timeutils.utcnow())
--- a/keystone/tests/unit/test_contrib_s3_core.py
+++ b/keystone/tests/unit/test_contrib_s3_core.py
@ -39,6 +39,13 @@ class S3ContribCore(test_v3.RestfulTestCase):
        PROVIDERS.credential_api.create_credential(
            self.credential['id'], self.credential)

+    def test_http_get_method_not_allowed(self):
+        resp = self.get('/s3tokens',
+                        expected_status=http.client.METHOD_NOT_ALLOWED,
+                        convert=False)
+        self.assertEqual(http.client.METHOD_NOT_ALLOWED,
+                         resp.status_code)
+
    def test_good_response(self):
        sts = 'string to sign'  # opaque string from swift3
        sig = hmac.new(self.cred_blob['secret'].encode('ascii'),
--- a/releasenotes/notes/dont-enforce-get-s3tokens-ec2tokens-62b90b199e8075d8.yaml
+++ b/releasenotes/notes/dont-enforce-get-s3tokens-ec2tokens-62b90b199e8075d8.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    [`bug 2052916 <https://bugs.launchpad.net/keystone/+bug/2052916>`_]
+    Fixed a bug where a HTTP GET request against ``/v3/s3tokens`` or
+    ``/v3/ec2tokens`` would return HTTP 500 instead of HTTP 405.