Fix traceback in scheduler-stats API
There was a traceback being included in the error message body. This is unhelpful to end users. The error message that included the traceback was for this corner case where the RBAC policy isn't aligned with the internal "context_is_admin" policy - an unlikely combination of decisions that a deployer would make - nevertheless, this is an opportunity for us to fix this code path. Change-Id: I888d684acac2133425f986ec7cef5e4f5cdcc5b6 Closes-Bug: #1917520 Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com> (cherry picked from commita13ff5d5a7
) (cherry picked from commit177ce7e949
) (cherry picked from commit94bb8fea8c
)
This commit is contained in:
parent
3a17dcbcf8
commit
c319dcdc9b
|
@ -71,8 +71,12 @@ class SchedulerStatsController(wsgi.Controller):
|
|||
msg = _("Share type %s not found.") % req_share_type
|
||||
raise exc.HTTPBadRequest(explanation=msg)
|
||||
|
||||
pools = self.scheduler_api.get_pools(context, filters=search_opts,
|
||||
cached=True)
|
||||
try:
|
||||
pools = self.scheduler_api.get_pools(context,
|
||||
filters=search_opts,
|
||||
cached=True)
|
||||
except exception.NotAuthorized:
|
||||
raise exc.HTTPForbidden()
|
||||
detail = (action == 'detail')
|
||||
return self._view_builder.pools(pools, detail=detail)
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@ from webob import exc
|
|||
from manila.api.openstack import api_version_request as api_version
|
||||
from manila.api.v1 import scheduler_stats
|
||||
from manila import context
|
||||
from manila import exception
|
||||
from manila import policy
|
||||
from manila.scheduler import rpcapi
|
||||
from manila.share import share_types
|
||||
|
@ -332,6 +333,24 @@ class SchedulerStatsControllerTestCase(test.TestCase):
|
|||
self.mock_policy_check.assert_called_once_with(
|
||||
self.ctxt, self.resource_name, 'detail')
|
||||
|
||||
@ddt.data('index', 'detail')
|
||||
def test_pools_forbidden(self, subresource):
|
||||
mock_get_pools = self.mock_object(
|
||||
rpcapi.SchedulerAPI, 'get_pools',
|
||||
mock.Mock(side_effect=exception.AdminRequired(
|
||||
"some traceback here")))
|
||||
path = '/v1/fake_project/scheduler_stats/pools'
|
||||
path = path + ('/%s' % subresource if subresource == 'detail' else '')
|
||||
req = fakes.HTTPRequest.blank(path)
|
||||
req.environ['manila.context'] = self.ctxt
|
||||
|
||||
self.assertRaises(exc.HTTPForbidden,
|
||||
getattr(self.controller, 'pools_%s' % subresource),
|
||||
req)
|
||||
mock_get_pools.assert_called_once_with(self.ctxt,
|
||||
filters={},
|
||||
cached=True)
|
||||
|
||||
|
||||
class SchedulerStatsTestCase(test.TestCase):
|
||||
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
The scheduler stats resource APIs (/scheduler-stats/pools and
|
||||
/scheduler-stats/pools/detail) have been fixed to not return an
|
||||
arbitrary traceback in the error message body to the caller when access to
|
||||
the resource has been denied.
|
Loading…
Reference in New Issue