Raise PermissionDenied on access control violations

This change changes the error the server uses when access control violations occur, specifically swapping from the more agnostic ItemNotFound to the more explicit PermissionDenied. This change better conforms with the expected behavior of a KMIP server.
2025-04-08 19:25:06 +02:00 · 2018-05-17 14:23:07 -04:00 · 2018-05-17 14:23:07 -04:00 · 8b99c74d0b
commit 8b99c74d0b
parent c3319afd67
2 changed files with 8 additions and 8 deletions
--- a/kmip/services/server/engine.py
+++ b/kmip/services/server/engine.py
@ -938,7 +938,7 @@ class KmipEngine(object):
            operation
        )
        if not is_allowed:
-            raise exceptions.ItemNotFound(
+            raise exceptions.PermissionDenied(
                "Could not locate object: {0}".format(uid)
            )

--- a/kmip/tests/unit/services/server/test_engine.py
+++ b/kmip/tests/unit/services/server/test_engine.py
@ -2376,7 +2376,7 @@ class TestKmipEngine(testtools.TestCase):
        args = [id_a, enums.Operation.GET]
        six.assertRaisesRegex(
            self,
-            exceptions.ItemNotFound,
+            exceptions.PermissionDenied,
            "Could not locate object: {0}".format(id_a),
            e._get_object_with_access_controls,
            *args
@ -4659,7 +4659,7 @@ class TestKmipEngine(testtools.TestCase):
        args = [payload]
        six.assertRaisesRegex(
            self,
-            exceptions.ItemNotFound,
+            exceptions.PermissionDenied,
            "Could not locate object: {0}".format(id_a),
            e._process_get,
            *args
@ -5505,7 +5505,7 @@ class TestKmipEngine(testtools.TestCase):
        # be retrieved.
        args = [payload]
        self.assertRaisesRegex(
-            exceptions.ItemNotFound,
+            exceptions.PermissionDenied,
            "Could not locate object: {0}".format(id_a),
            e._process_get_attributes,
            *args
@ -5694,7 +5694,7 @@ class TestKmipEngine(testtools.TestCase):
        # be retrieved.
        args = [payload]
        self.assertRaisesRegex(
-            exceptions.ItemNotFound,
+            exceptions.PermissionDenied,
            "Could not locate object: {0}".format(id_a),
            e._process_get_attribute_list,
            *args
@ -5876,7 +5876,7 @@ class TestKmipEngine(testtools.TestCase):
        # Test by specifying the ID of the object to activate.
        args = [payload]
        self.assertRaisesRegex(
-            exceptions.ItemNotFound,
+            exceptions.PermissionDenied,
            "Could not locate object: {0}".format(id_a),
            e._process_activate,
            *args
@ -6197,7 +6197,7 @@ class TestKmipEngine(testtools.TestCase):

        args = [payload]
        self.assertRaisesRegex(
-            exceptions.ItemNotFound,
+            exceptions.PermissionDenied,
            "Could not locate object: {0}".format(id_a),
            e._process_revoke,
            *args
@ -6340,7 +6340,7 @@ class TestKmipEngine(testtools.TestCase):
        args = [payload]
        six.assertRaisesRegex(
            self,
-            exceptions.ItemNotFound,
+            exceptions.PermissionDenied,
            "Could not locate object: {0}".format(id_a),
            e._process_destroy,
            *args