diff options
| author | Brian Lamar <brian.lamar@rackspace.com> | 2011-04-16 20:01:23 +0000 |
|---|---|---|
| committer | Tarmac <> | 2011-04-16 20:01:23 +0000 |
| commit | 3929267d627600d372e4592f43c10e89e88c55e7 (patch) | |
| tree | da3132c6d8e1fe27afb1591da9037fac0bcb8022 | |
| parent | a1db2db067574ae6188f4d21a14478c1c018fe66 (diff) | |
| parent | b571bf6bb329e3bb085987554461c411ef56b330 (diff) | |
Add additional logging for WSGI and OpenStack API authentication.
| -rw-r--r-- | nova/api/openstack/auth.py | 20 | ||||
| -rw-r--r-- | nova/wsgi.py | 5 |
2 files changed, 23 insertions, 2 deletions
diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py index f3a9bdeca..311e6bde9 100644 --- a/nova/api/openstack/auth.py +++ b/nova/api/openstack/auth.py @@ -55,6 +55,9 @@ class AuthMiddleware(wsgi.Middleware): user = self.get_user_by_authentication(req) accounts = self.auth.get_projects(user=user) if not user: + token = req.headers["X-Auth-Token"] + msg = _("%(user)s could not be found with token '%(token)s'") + LOG.warn(msg % locals()) return faults.Fault(webob.exc.HTTPUnauthorized()) if accounts: @@ -66,6 +69,8 @@ class AuthMiddleware(wsgi.Middleware): if not self.auth.is_admin(user) and \ not self.auth.is_project_member(user, account): + msg = _("%(user)s must be an admin or a member of %(account)s") + LOG.warn(msg % locals()) return faults.Fault(webob.exc.HTTPUnauthorized()) req.environ['nova.context'] = context.RequestContext(user, account) @@ -82,12 +87,16 @@ class AuthMiddleware(wsgi.Middleware): # honor it path_info = req.path_info if len(path_info) > 1: - return faults.Fault(webob.exc.HTTPUnauthorized()) + msg = _("Authentication requests must be made against a version " + "root (e.g. /v1.0 or /v1.1).") + LOG.warn(msg) + return faults.Fault(webob.exc.HTTPUnauthorized(explanation=msg)) try: username = req.headers['X-Auth-User'] key = req.headers['X-Auth-Key'] - except KeyError: + except KeyError as ex: + LOG.warn(_("Could not find %s in request.") % ex) return faults.Fault(webob.exc.HTTPUnauthorized()) token, user = self._authorize_user(username, key, req) @@ -100,6 +109,7 @@ class AuthMiddleware(wsgi.Middleware): res.headers['X-CDN-Management-Url'] = token.cdn_management_url res.content_type = 'text/plain' res.status = '204' + LOG.debug(_("Successfully authenticated '%s'") % username) return res else: return faults.Fault(webob.exc.HTTPUnauthorized()) @@ -139,6 +149,7 @@ class AuthMiddleware(wsgi.Middleware): try: user = self.auth.get_user_from_access_key(key) except exception.NotFound: + LOG.warn(_("User not found with provided API key.")) user = None if user and user.name == username: @@ -153,4 +164,9 @@ class AuthMiddleware(wsgi.Middleware): token_dict['user_id'] = user.id token = self.db.auth_token_create(ctxt, token_dict) return token, user + elif user and user.name != username: + msg = _("Provided API key is valid, but not for user " + "'%(username)s'") % locals() + LOG.warn(msg) + return None, None diff --git a/nova/wsgi.py b/nova/wsgi.py index 72758e50e..de2e0749f 100644 --- a/nova/wsgi.py +++ b/nova/wsgi.py @@ -43,6 +43,7 @@ from nova import utils FLAGS = flags.FLAGS +LOG = logging.getLogger('nova.wsgi') class WritableLogger(object): @@ -346,6 +347,7 @@ class Controller(object): arg_dict = req.environ['wsgiorg.routing_args'][1] action = arg_dict['action'] method = getattr(self, action) + LOG.debug("%s %s" % (req.method, req.url)) del arg_dict['controller'] del arg_dict['action'] if 'format' in arg_dict: @@ -361,6 +363,9 @@ class Controller(object): response = webob.Response() response.headers["Content-Type"] = content_type response.body = body + msg_dict = dict(url=req.url, status=response.status_int) + msg = _("%(url)s returned with HTTP %(status)d") % msg_dict + LOG.debug(msg) return response else: return result |