Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GET /servers?dsId={{nonexistent DS ID}} returns 403 forbidden #5548

Closed
zrhoffman opened this issue Feb 19, 2021 · 3 comments · Fixed by #5647
Closed

GET /servers?dsId={{nonexistent DS ID}} returns 403 forbidden #5548

zrhoffman opened this issue Feb 19, 2021 · 3 comments · Fixed by #5647
Assignees
@srijeet0406
Labels
low impact affects only a small portion of a CDN, and cannot itself break one regression bug a bug in existing functionality introduced by a new version Traffic Ops related to Traffic Ops

Comments

@zrhoffman
Copy link
Member

zrhoffman commented Feb 19, 2021
edited
Loading

I'm submitting a ...

  • bug report

Traffic Control components affected ...

  • Traffic Ops

Current behavior:

GET /servers?dsId={{dsId}} returns 403 forbidden when the dsId does not correspond to a Delivery Service that exists. Examples: 0, 99999999, etc.

{
	"alerts": [
		{
			"text": "Forbidden",
			"level": "error"
		}
	]
}

Expected behavior:

GET /servers?dsId=0 returns 200 OK with an empty array of servers

Minimal reproduction of the problem with instructions:

  1. Log in
  2. GET /api/4.0/servers?dsId=0 returns 200 OK with an empty array of servers
@zrhoffman zrhoffman added Traffic Ops related to Traffic Ops regression bug a bug in existing functionality introduced by a new version low impact affects only a small portion of a CDN, and cannot itself break one labels Feb 19, 2021
@mitchell852
Copy link
Member

mitchell852 commented Feb 19, 2021
edited
Loading

i guess its just doing the tenancy check huh? and ds=0 is in nobody's tenancy scope...hence the 403 Forbidden

@zrhoffman
Copy link
Member Author

It returns 403 Forbidden for any non-existent dsId like 999999

@zrhoffman zrhoffman changed the title GET /servers?dsId=0 returns 403 forbidden GET /servers?dsId={{nonexistent DS ID}} returns 403 forbidden Feb 19, 2021
@srijeet0406
Copy link
Contributor

@zrhoffman I can take this one

@srijeet0406 srijeet0406 mentioned this issue Mar 16, 2021
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@srijeet0406 srijeet0406

Labels
low impact affects only a small portion of a CDN, and cannot itself break one regression bug a bug in existing functionality introduced by a new version Traffic Ops related to Traffic Ops
Projects
None yet
Milestone
No milestone
3 participants
@mitchell852 @zrhoffman @srijeet0406