Fix traceback in scheduler-stats API
There was a traceback being included in the error message body. This is unhelpful to end users. The error message that included the traceback was for this corner case where the RBAC policy isn't aligned with the internal "context_is_admin" policy - an unlikely combination of decisions that a deployer would make - nevertheless, this is an opportunity for us to fix this code path. Change-Id: I888d684acac2133425f986ec7cef5e4f5cdcc5b6 Closes-Bug: #1917520 Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
This commit is contained in:
parent
d487c2db72
commit
a13ff5d5a7
@ -71,8 +71,12 @@ class SchedulerStatsController(wsgi.Controller):
|
|||||||
msg = _("Share type %s not found.") % req_share_type
|
msg = _("Share type %s not found.") % req_share_type
|
||||||
raise exc.HTTPBadRequest(explanation=msg)
|
raise exc.HTTPBadRequest(explanation=msg)
|
||||||
|
|
||||||
pools = self.scheduler_api.get_pools(context, filters=search_opts,
|
try:
|
||||||
cached=True)
|
pools = self.scheduler_api.get_pools(context,
|
||||||
|
filters=search_opts,
|
||||||
|
cached=True)
|
||||||
|
except exception.NotAuthorized:
|
||||||
|
raise exc.HTTPForbidden()
|
||||||
detail = (action == 'detail')
|
detail = (action == 'detail')
|
||||||
return self._view_builder.pools(pools, detail=detail)
|
return self._view_builder.pools(pools, detail=detail)
|
||||||
|
|
||||||
|
@ -21,6 +21,7 @@ from webob import exc
|
|||||||
from manila.api.openstack import api_version_request as api_version
|
from manila.api.openstack import api_version_request as api_version
|
||||||
from manila.api.v1 import scheduler_stats
|
from manila.api.v1 import scheduler_stats
|
||||||
from manila import context
|
from manila import context
|
||||||
|
from manila import exception
|
||||||
from manila import policy
|
from manila import policy
|
||||||
from manila.scheduler import rpcapi
|
from manila.scheduler import rpcapi
|
||||||
from manila.share import share_types
|
from manila.share import share_types
|
||||||
@ -333,6 +334,24 @@ class SchedulerStatsControllerTestCase(test.TestCase):
|
|||||||
self.mock_policy_check.assert_called_once_with(
|
self.mock_policy_check.assert_called_once_with(
|
||||||
self.ctxt, self.resource_name, 'detail')
|
self.ctxt, self.resource_name, 'detail')
|
||||||
|
|
||||||
|
@ddt.data('index', 'detail')
|
||||||
|
def test_pools_forbidden(self, subresource):
|
||||||
|
mock_get_pools = self.mock_object(
|
||||||
|
rpcapi.SchedulerAPI, 'get_pools',
|
||||||
|
mock.Mock(side_effect=exception.AdminRequired(
|
||||||
|
"some traceback here")))
|
||||||
|
path = '/v1/fake_project/scheduler_stats/pools'
|
||||||
|
path = path + ('/%s' % subresource if subresource == 'detail' else '')
|
||||||
|
req = fakes.HTTPRequest.blank(path)
|
||||||
|
req.environ['manila.context'] = self.ctxt
|
||||||
|
|
||||||
|
self.assertRaises(exc.HTTPForbidden,
|
||||||
|
getattr(self.controller, 'pools_%s' % subresource),
|
||||||
|
req)
|
||||||
|
mock_get_pools.assert_called_once_with(self.ctxt,
|
||||||
|
filters={},
|
||||||
|
cached=True)
|
||||||
|
|
||||||
|
|
||||||
class SchedulerStatsTestCase(test.TestCase):
|
class SchedulerStatsTestCase(test.TestCase):
|
||||||
|
|
||||||
|
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
The scheduler stats resource APIs (/scheduler-stats/pools and
|
||||||
|
/scheduler-stats/pools/detail) have been fixed to not return an
|
||||||
|
arbitrary traceback in the error message body to the caller when access to
|
||||||
|
the resource has been denied.
|
Loading…
Reference in New Issue
Block a user