attempting to create a public domain with wrong permissions causes stack trace to the user

Bug #1092610 reported by Sean Dague
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Medium
Davanum Srinivas (DIMS)
Folsom
Fix Released
Medium
Vish Ishaya

Bug Description

Trying to run:

nova dns-create-public-domain somedomain.com

as *not* the admin user, causes the following stack trace to be displayed to the user:

ERROR: User does not have admin privileges
Traceback (most recent call last):

  File "/opt/stack/nova/nova/openstack/common/rpc/amqp.py", line 277, in _process_data
    rval = self.proxy.dispatch(ctxt, version, method, **args)

  File "/opt/stack/nova/nova/openstack/common/rpc/dispatcher.py", line 147, in dispatch
    return getattr(proxyobj, method)(ctxt, **kwargs)

  File "/opt/stack/nova/nova/network/manager.py", line 284, in wrapped
    return func(self, context, *args, **kwargs)

  File "/opt/stack/nova/nova/network/manager.py", line 866, in create_public_dns_domain
    self.db.dnsdomain_register_for_project(context, domain, project)

  File "/opt/stack/nova/nova/db/api.py", line 360, in dnsdomain_register_for_project
    return IMPL.dnsdomain_register_for_project(context, fqdomain, project)

  File "/opt/stack/nova/nova/db/sqlalchemy/api.py", line 107, in wrapper
    raise exception.AdminRequired()

AdminRequired: User does not have admin privileges
 (HTTP 403) (Request-ID: req-3d93329d-032e-4524-9278-c298b0474f6d)

The error is correct, but we shouldn't be passing back a giant stack trace in the process.

Sean Dague (sdague)
Changed in nova:
importance: Undecided → Medium
Chuck Short (zulcss)
Changed in nova:
status: New → Confirmed
Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote :

The review below fixes this issue:
https://review.openstack.org/#/c/20502/

-- dims

Changed in nova:
assignee: nobody → Davanum Srinivas (DIMS) (dims-v)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/20502
Committed: http://github.com/openstack/nova/commit/fa52cb09b2270876c9d9a03106f961be6c9db834
Submitter: Jenkins
Branch: master

commit fa52cb09b2270876c9d9a03106f961be6c9db834
Author: Davanum Srinivas <email address hidden>
Date: Fri Jan 25 13:07:34 2013 -0500

    Strip out Traceback from HTTP response

    We should not let stack traces leak to the REST API users

    Fixes LP# 1103324
    Fixes LP# 1092610

    Change-Id: Ic1208bfeb7d44e672f8b8d3a4004a9802c14e7b9

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → grizzly-3
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (stable/folsom)

Fix proposed to branch: stable/folsom
Review: https://review.openstack.org/24471

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/24475

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (stable/folsom)

Fix proposed to branch: stable/folsom
Review: https://review.openstack.org/24476

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/24475
Committed: http://github.com/openstack/nova/commit/d63bd8d692a9eb16caa818101cdbb3358f6b4681
Submitter: Jenkins
Branch: master

commit d63bd8d692a9eb16caa818101cdbb3358f6b4681
Author: Vishvananda Ishaya <email address hidden>
Date: Thu Mar 14 13:47:42 2013 -0700

    Don't include traceback when wrapping exceptions

    The fix in fa52cb09b2270876c9d9a03106f961be6c9db834 strips tracebacks
    from exceptions when returning them to the user, but it still spams
    the log with a long traceback. We shouldn't be including the traceback
    when we wrap the exception in the first place. Instead we just
    include the message.

    It also updates the error code to 409 for device in use since this
    is actually a conflict.

    Fix for:

      bug 1155315
      bug 1103324
      bug 1092610

    Change-Id: I95019a3022eb52e0335c455009c13fe229475d03

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/folsom)

Reviewed: https://review.openstack.org/24476
Committed: http://github.com/openstack/nova/commit/524a5a3dc89331649bf89ab442d0295f45dcae3f
Submitter: Jenkins
Branch: stable/folsom

commit 524a5a3dc89331649bf89ab442d0295f45dcae3f
Author: Vishvananda Ishaya <email address hidden>
Date: Thu Mar 14 13:47:42 2013 -0700

    Don't include traceback when wrapping exceptions

    The fix in fa52cb09b2270876c9d9a03106f961be6c9db834 strips tracebacks
    from exceptions when returning them to the user, but it still spams
    the log with a long traceback. We shouldn't be including the traceback
    when we wrap the exception in the first place. Instead we just
    include the message.

    It also updates the error code to 409 for device in use since this
    is actually a conflict.

    Fix for:

      bug 1155315
      bug 1103324
      bug 1092610

    Change-Id: I95019a3022eb52e0335c455009c13fe229475d03
    (cherry picked from commit d63bd8d692a9eb16caa818101cdbb3358f6b4681)

Thierry Carrez (ttx)
Changed in nova:
milestone: grizzly-3 → 2013.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers