From e9d21589d39355ffc126e360cc2ba7311e014edb Mon Sep 17 00:00:00 2001 From: Eoghan Glynn Date: Fri, 6 Jul 2012 10:10:28 +0000 Subject: Expose over-quota exceptions via native API. Fixes bug LP 1021373. Previously an over-quota condition would be exposed via the EC2 API, but hidden in the corresponding call via the native API (in the sense of the exception detail being replaced with a generic 500 Server Error response). We now report any NovaException declared to be safe. In this patch, the set of safe exception types includes any subclass of QuotaError, but in subsequent patches the net should be widened to include exceptions that do not expose senstive information. Change-Id: I3cc36337c7e67cf487ca49de646c437c217ae538 --- nova/api/openstack/__init__.py | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) (limited to 'nova/api') diff --git a/nova/api/openstack/__init__.py b/nova/api/openstack/__init__.py index afeed0399..3372d9b5e 100644 --- a/nova/api/openstack/__init__.py +++ b/nova/api/openstack/__init__.py @@ -25,6 +25,7 @@ import webob.dec import webob.exc from nova.api.openstack import wsgi +from nova import exception from nova.openstack.common import log as logging from nova import wsgi as base_wsgi @@ -35,20 +36,31 @@ LOG = logging.getLogger(__name__) class FaultWrapper(base_wsgi.Middleware): """Calls down the middleware stack, making exceptions into faults.""" + def _error(self, inner, req, safe=False): + LOG.exception(_("Caught error: %s"), unicode(inner)) + msg_dict = dict(url=req.url, status=500) + LOG.info(_("%(url)s returned with HTTP %(status)d") % msg_dict) + outer = webob.exc.HTTPInternalServerError() + # NOTE(johannes): We leave the explanation empty here on + # purpose. It could possibly have sensitive information + # that should not be returned back to the user. See + # bugs 868360 and 874472 + # NOTE(eglynn): However, it would be over-conservative and + # inconsistent with the EC2 API to hide every exception, + # including those that are safe to expose, see bug 1021373 + if safe: + outer.explanation = '%s: %s' % (inner.__class__.__name__, + unicode(inner)) + return wsgi.Fault(outer) + @webob.dec.wsgify(RequestClass=wsgi.Request) def __call__(self, req): try: return req.get_response(self.application) + except exception.NovaException as ex: + return self._error(ex, req, ex.safe) except Exception as ex: - LOG.exception(_("Caught error: %s"), unicode(ex)) - msg_dict = dict(url=req.url, status=500) - LOG.info(_("%(url)s returned with HTTP %(status)d") % msg_dict) - exc = webob.exc.HTTPInternalServerError() - # NOTE(johannes): We leave the explanation empty here on - # purpose. It could possibly have sensitive information - # that should not be returned back to the user. See - # bugs 868360 and 874472 - return wsgi.Fault(exc) + return self._error(ex, req) class APIMapper(routes.Mapper): -- cgit