From 0932c81584989691e7fbf8ce1f03fe9ddacadc9b Mon Sep 17 00:00:00 2001
From: David Lyle <david.lyle@intel.com>
Date: Mon, 29 Dec 2014 10:51:21 -0700
Subject: [PATCH] Potential 500 pages on allowed methods removed

The VPN, Firewall and Loadbalancers panels all have checks to see if the
appropriate service is enabled. This call requires a neutron API call
that is not protected in a try/except block. If there is a problem with
the neutron service, on login, the user encounters the 500 page and is
unable to do anything in Horizon.

The same is true of checking enabled extensions in the Aggregates panel.

The desired experience is the user should still be able to log in and
perform actions unrelated to those misconfigured/down services.

Closes-Bug: #1406329
Change-Id: I8b0eae53c1b8c9a8bc9376e6d813dd6d2bea0e9b
---
 .../dashboards/admin/aggregates/panel.py         | 12 +++++++++++-
 .../dashboards/project/firewalls/panel.py        | 16 +++++++++++++---
 .../dashboards/project/loadbalancers/panel.py    | 16 +++++++++++++---
 .../dashboards/project/vpn/panel.py              | 16 +++++++++++++---
 4 files changed, 50 insertions(+), 10 deletions(-)

diff --git a/openstack_dashboard/dashboards/admin/aggregates/panel.py b/openstack_dashboard/dashboards/admin/aggregates/panel.py
index 87d916674a..b153afb116 100644
--- a/openstack_dashboard/dashboards/admin/aggregates/panel.py
+++ b/openstack_dashboard/dashboards/admin/aggregates/panel.py
@@ -10,6 +10,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import logging
+
 from django.utils.translation import ugettext_lazy as _
 
 import horizon
@@ -17,6 +19,8 @@ import horizon
 from openstack_dashboard.api import nova
 from openstack_dashboard.dashboards.admin import dashboard
 
+LOG = logging.getLogger(__name__)
+
 
 class Aggregates(horizon.Panel):
     name = _("Host Aggregates")
@@ -26,7 +30,13 @@ class Aggregates(horizon.Panel):
     def allowed(self, context):
         # extend basic permission-based check with a check to see whether
         # the Aggregates extension is even enabled in nova
-        if not nova.extension_supported('Aggregates', context['request']):
+        try:
+            if not nova.extension_supported('Aggregates', context['request']):
+                return False
+        except Exception:
+            LOG.error("Call to list supported extensions failed. This is "
+                      "likely due to a problem communicating with the Nova "
+                      "endpoint. Host Aggregates panel will not be displayed.")
             return False
         return super(Aggregates, self).allowed(context)
 
diff --git a/openstack_dashboard/dashboards/project/firewalls/panel.py b/openstack_dashboard/dashboards/project/firewalls/panel.py
index 1498e54973..e6ff6ee47d 100644
--- a/openstack_dashboard/dashboards/project/firewalls/panel.py
+++ b/openstack_dashboard/dashboards/project/firewalls/panel.py
@@ -10,6 +10,8 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+import logging
+
 from django.utils.translation import ugettext_lazy as _
 
 import horizon
@@ -17,6 +19,8 @@ import horizon
 from openstack_dashboard.api import neutron
 from openstack_dashboard.dashboards.project import dashboard
 
+LOG = logging.getLogger(__name__)
+
 
 class Firewall(horizon.Panel):
     name = _("Firewalls")
@@ -27,9 +31,15 @@ class Firewall(horizon.Panel):
         request = context['request']
         if not request.user.has_perms(self.permissions):
             return False
-        if not neutron.is_service_enabled(request,
-                                          config_name='enable_firewall',
-                                          ext_name='fwaas'):
+        try:
+            if not neutron.is_service_enabled(request,
+                                              config_name='enable_firewall',
+                                              ext_name='fwaas'):
+                return False
+        except Exception:
+            LOG.error("Call to list enabled services failed. This is likely "
+                      "due to a problem communicating with the Neutron "
+                      "endpoint. Firewalls panel will not be displayed.")
             return False
         if not super(Firewall, self).allowed(context):
             return False
diff --git a/openstack_dashboard/dashboards/project/loadbalancers/panel.py b/openstack_dashboard/dashboards/project/loadbalancers/panel.py
index c0cae19915..29494d3404 100644
--- a/openstack_dashboard/dashboards/project/loadbalancers/panel.py
+++ b/openstack_dashboard/dashboards/project/loadbalancers/panel.py
@@ -10,6 +10,8 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+import logging
+
 from django.utils.translation import ugettext_lazy as _
 
 import horizon
@@ -17,6 +19,8 @@ import horizon
 from openstack_dashboard.api import neutron
 from openstack_dashboard.dashboards.project import dashboard
 
+LOG = logging.getLogger(__name__)
+
 
 class LoadBalancer(horizon.Panel):
     name = _("Load Balancers")
@@ -27,9 +31,15 @@ class LoadBalancer(horizon.Panel):
         request = context['request']
         if not request.user.has_perms(self.permissions):
             return False
-        if not neutron.is_service_enabled(request,
-                                          config_name='enable_lb',
-                                          ext_name='lbaas'):
+        try:
+            if not neutron.is_service_enabled(request,
+                                              config_name='enable_lb',
+                                              ext_name='lbaas'):
+                return False
+        except Exception:
+            LOG.error("Call to list enabled services failed. This is likely "
+                      "due to a problem communicating with the Neutron "
+                      "endpoint. Load Balancers panel will not be displayed.")
             return False
         if not super(LoadBalancer, self).allowed(context):
             return False
diff --git a/openstack_dashboard/dashboards/project/vpn/panel.py b/openstack_dashboard/dashboards/project/vpn/panel.py
index 78ad4df5fa..5577671f00 100644
--- a/openstack_dashboard/dashboards/project/vpn/panel.py
+++ b/openstack_dashboard/dashboards/project/vpn/panel.py
@@ -12,6 +12,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import logging
+
 from django.utils.translation import ugettext_lazy as _
 
 import horizon
@@ -19,6 +21,8 @@ import horizon
 from openstack_dashboard.api import neutron
 from openstack_dashboard.dashboards.project import dashboard
 
+LOG = logging.getLogger(__name__)
+
 
 class VPN(horizon.Panel):
     name = _("VPN")
@@ -29,9 +33,15 @@ class VPN(horizon.Panel):
         request = context['request']
         if not request.user.has_perms(self.permissions):
             return False
-        if not neutron.is_service_enabled(request,
-                                          config_name='enable_vpn',
-                                          ext_name='vpnaas'):
+        try:
+            if not neutron.is_service_enabled(request,
+                                              config_name='enable_vpn',
+                                              ext_name='vpnaas'):
+                return False
+        except Exception:
+            LOG.error("Call to list enabled services failed. This is likely "
+                      "due to a problem communicating with the Neutron "
+                      "endpoint. VPN panel will not be displayed.")
             return False
         if not super(VPN, self).allowed(context):
             return False