Fixed registry invalid token exception handling

When the registry has an error validating the token that the api has sent it a 500 is returned rather than 401. This fix catches the NotAuthenticated exception and throws an HTTPUnauthorized instead. Change-Id: I405cd98346e2df06c02e37bfdf903a54a29f7b19 Closes-bug:1504184 (cherry picked from 5734d7c16f)
2015-10-16 10:28:01 +00:00 · 2015-10-16 10:28:01 +00:00 · 25ead6a4da
commit 25ead6a4da
parent 5434297125
2 changed files with 16 additions and 1 deletions
--- a/glance/api/v1/images.py
+++ b/glance/api/v1/images.py
@ -33,6 +33,7 @@ from webob.exc import HTTPMethodNotAllowed
 from webob.exc import HTTPNotFound
 from webob.exc import HTTPRequestEntityTooLarge
 from webob.exc import HTTPServiceUnavailable
+from webob.exc import HTTPUnauthorized
 from webob import Response

 from glance.api import common
@ -374,6 +375,8 @@ class Controller(controller.BaseController):
                self._enforce_read_protected_props(image, req)
        except exception.Invalid as e:
            raise HTTPBadRequest(explanation=e.msg, request=req)
+        except exception.NotAuthenticated as e:
+            raise HTTPUnauthorized(explanation=e.msg, request=req)
        return dict(images=images)

    def _get_query_params(self, req):
--- a/glance/tests/unit/v1/test_registry_client.py
+++ b/glance/tests/unit/v1/test_registry_client.py
@ -22,6 +22,7 @@ from mock import patch
 from oslo_utils import timeutils
 import testtools

+from glance.api.v1.images import Controller as acontroller
 from glance.common import client as test_client
 from glance.common import config
 from glance.common import exception
@ -32,7 +33,7 @@ import glance.registry.client.v1.api as rapi
 from glance.registry.client.v1.api import client as rclient
 from glance.tests.unit import base
 from glance.tests import utils as test_utils
-
+import webob

 _gen_uuid = lambda: str(uuid.uuid4())

@ -944,3 +945,14 @@ class TestRegistryV1ClientRequests(base.IsolatedUnitTest):
            self.client.do_request("GET", "/images")
            mock_do_request.assert_called_once_with("GET", "/images",
                                                    headers={})
+
+    def test_registry_invalid_token_exception_handling(self):
+        self.image_controller = acontroller()
+        request = webob.Request.blank('/images')
+        request.method = 'GET'
+        request.context = context.RequestContext()
+
+        with patch.object(rapi, 'get_images_detail') as mock_detail:
+            mock_detail.side_effect = exception.NotAuthenticated()
+            self.assertRaises(webob.exc.HTTPUnauthorized,
+                              self.image_controller.detail, request)