Handle bad or expired XSRF token

The XSRF token might be expired after too long with no activity.
This should not happen because the nsxlib cluster uses keep alive
messages.
in case it does happen, the keep alive will detect this incident
and renew the session.

Change-Id: I6c9a7af01b5b18c2a7e46cc6bf8337b7205d161f
This commit is contained in:
Adit Sarfaty 2017-08-31 12:27:46 +03:00
parent 1c5ef33e13
commit eb0c06fa81
3 changed files with 13 additions and 1 deletions

View File

@ -36,7 +36,9 @@ def http_error_to_exception(status_code, error_code):
'default': exceptions.ResourceNotFound},
requests.codes.PRECONDITION_FAILED: exceptions.StaleRevision,
requests.codes.INTERNAL_SERVER_ERROR:
{'99': exceptions.ClientCertificateNotTrusted}}
{'99': exceptions.ClientCertificateNotTrusted},
requests.codes.FORBIDDEN:
{'98': exceptions.BadXSRFToken}}
if status_code in errors:
if isinstance(errors[status_code], dict):

View File

@ -468,6 +468,12 @@ class ClusteredAPI(object):
{'ep': endpoint})
# regenerate connection pool based on new certificate
endpoint.regenerate_pool()
except exceptions.BadXSRFToken:
LOG.warning("Failed to validate API cluster endpoint "
"'%(ep)s' due to expired XSRF token",
{'ep': endpoint})
# regenerate connection pool based on token
endpoint.regenerate_pool()
except Exception as e:
endpoint.set_state(EndpointState.DOWN)
LOG.warning("Failed to validate API cluster endpoint "

View File

@ -101,6 +101,10 @@ class ClientCertificateNotTrusted(ManagerError):
message = _("Certificate not trusted")
class BadXSRFToken(ManagerError):
message = _("Bad or expired XSRF token")
class ServiceClusterUnavailable(ManagerError):
message = _("Service cluster: '%(cluster_id)s' is unavailable. Please, "
"check NSX setup and/or configuration")