diff options
| author | Eoghan Glynn <eglynn@redhat.com> | 2012-07-06 10:10:28 +0000 |
|---|---|---|
| committer | Eoghan Glynn <eglynn@redhat.com> | 2012-07-10 08:26:27 +0100 |
| commit | e9d21589d39355ffc126e360cc2ba7311e014edb (patch) | |
| tree | 8a3942e73e0c480c3a1cc45b0e1d76bca16154aa /nova/api | |
| parent | ec3bcae984468b162ad40c208a81bf2b77d8b942 (diff) | |
| download | nova-e9d21589d39355ffc126e360cc2ba7311e014edb.tar.gz nova-e9d21589d39355ffc126e360cc2ba7311e014edb.tar.xz nova-e9d21589d39355ffc126e360cc2ba7311e014edb.zip | |
Expose over-quota exceptions via native API.
Fixes bug LP 1021373.
Previously an over-quota condition would be exposed via the EC2 API,
but hidden in the corresponding call via the native API (in the sense
of the exception detail being replaced with a generic 500 Server Error
response).
We now report any NovaException declared to be safe. In this patch,
the set of safe exception types includes any subclass of QuotaError,
but in subsequent patches the net should be widened to include
exceptions that do not expose senstive information.
Change-Id: I3cc36337c7e67cf487ca49de646c437c217ae538
Diffstat (limited to 'nova/api')
| -rw-r--r-- | nova/api/openstack/__init__.py | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/nova/api/openstack/__init__.py b/nova/api/openstack/__init__.py index afeed0399..3372d9b5e 100644 --- a/nova/api/openstack/__init__.py +++ b/nova/api/openstack/__init__.py @@ -25,6 +25,7 @@ import webob.dec import webob.exc from nova.api.openstack import wsgi +from nova import exception from nova.openstack.common import log as logging from nova import wsgi as base_wsgi @@ -35,20 +36,31 @@ LOG = logging.getLogger(__name__) class FaultWrapper(base_wsgi.Middleware): """Calls down the middleware stack, making exceptions into faults.""" + def _error(self, inner, req, safe=False): + LOG.exception(_("Caught error: %s"), unicode(inner)) + msg_dict = dict(url=req.url, status=500) + LOG.info(_("%(url)s returned with HTTP %(status)d") % msg_dict) + outer = webob.exc.HTTPInternalServerError() + # NOTE(johannes): We leave the explanation empty here on + # purpose. It could possibly have sensitive information + # that should not be returned back to the user. See + # bugs 868360 and 874472 + # NOTE(eglynn): However, it would be over-conservative and + # inconsistent with the EC2 API to hide every exception, + # including those that are safe to expose, see bug 1021373 + if safe: + outer.explanation = '%s: %s' % (inner.__class__.__name__, + unicode(inner)) + return wsgi.Fault(outer) + @webob.dec.wsgify(RequestClass=wsgi.Request) def __call__(self, req): try: return req.get_response(self.application) + except exception.NovaException as ex: + return self._error(ex, req, ex.safe) except Exception as ex: - LOG.exception(_("Caught error: %s"), unicode(ex)) - msg_dict = dict(url=req.url, status=500) - LOG.info(_("%(url)s returned with HTTP %(status)d") % msg_dict) - exc = webob.exc.HTTPInternalServerError() - # NOTE(johannes): We leave the explanation empty here on - # purpose. It could possibly have sensitive information - # that should not be returned back to the user. See - # bugs 868360 and 874472 - return wsgi.Fault(exc) + return self._error(ex, req) class APIMapper(routes.Mapper): |