Fix traceback in scheduler-stats API

There was a traceback being included in the
error message body. This is unhelpful to
end users.

The error message that included the traceback
was for this corner case where the RBAC policy
isn't aligned with the internal "context_is_admin"
policy - an unlikely combination of decisions
that a deployer would make - nevertheless,
this is an opportunity for us to fix this
code path.

Change-Id: I888d684acac2133425f986ec7cef5e4f5cdcc5b6
Closes-Bug: #1917520
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
This commit is contained in:
Goutham Pacha Ravi 2021-03-02 15:53:02 -08:00
parent d487c2db72
commit a13ff5d5a7
3 changed files with 32 additions and 2 deletions

View File

@ -71,8 +71,12 @@ class SchedulerStatsController(wsgi.Controller):
msg = _("Share type %s not found.") % req_share_type
raise exc.HTTPBadRequest(explanation=msg)
pools = self.scheduler_api.get_pools(context, filters=search_opts,
cached=True)
try:
pools = self.scheduler_api.get_pools(context,
filters=search_opts,
cached=True)
except exception.NotAuthorized:
raise exc.HTTPForbidden()
detail = (action == 'detail')
return self._view_builder.pools(pools, detail=detail)

View File

@ -21,6 +21,7 @@ from webob import exc
from manila.api.openstack import api_version_request as api_version
from manila.api.v1 import scheduler_stats
from manila import context
from manila import exception
from manila import policy
from manila.scheduler import rpcapi
from manila.share import share_types
@ -333,6 +334,24 @@ class SchedulerStatsControllerTestCase(test.TestCase):
self.mock_policy_check.assert_called_once_with(
self.ctxt, self.resource_name, 'detail')
@ddt.data('index', 'detail')
def test_pools_forbidden(self, subresource):
mock_get_pools = self.mock_object(
rpcapi.SchedulerAPI, 'get_pools',
mock.Mock(side_effect=exception.AdminRequired(
"some traceback here")))
path = '/v1/fake_project/scheduler_stats/pools'
path = path + ('/%s' % subresource if subresource == 'detail' else '')
req = fakes.HTTPRequest.blank(path)
req.environ['manila.context'] = self.ctxt
self.assertRaises(exc.HTTPForbidden,
getattr(self.controller, 'pools_%s' % subresource),
req)
mock_get_pools.assert_called_once_with(self.ctxt,
filters={},
cached=True)
class SchedulerStatsTestCase(test.TestCase):

View File

@ -0,0 +1,7 @@
---
fixes:
- |
The scheduler stats resource APIs (/scheduler-stats/pools and
/scheduler-stats/pools/detail) have been fixed to not return an
arbitrary traceback in the error message body to the caller when access to
the resource has been denied.