webob.exc.HTTPForbidden can't show correct message

Bug #1283872 reported by Haiwei Xu on 2014-02-24
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Low
Haiwei Xu
OpenStack Compute (nova)
Undecided
Haiwei Xu
OpenStack Identity (keystone)
Low
Haiwei Xu
neutron
Low
Haiwei Xu

Bug Description

In nova/api/ec2/__init__.py there are codes like:

154 def __call__(self, req):
155 access_key = str(req.params['AWSAccessKeyId'])
156 failures_key = "authfailures-%s" % access_key
157 failures = int(self.mc.get(failures_key) or 0)
158 if failures >= CONF.lockout_attempts:
159 detail = _("Too many failed authentications.")
160 raise webob.exc.HTTPForbidden(detail=detail)

But webob.exc.HTTPForbidden should use the 'explanation' parameter to show the error message.

The source can be referred to

https://github.com/Pylons/webob/blob/master/webob/exc.py#L666

Haiwei Xu (xu-haiwei) on 2014-02-24
Changed in nova:
assignee: nobody → Haiwei Xu (xu-haiwei)
status: New → In Progress
Haiwei Xu (xu-haiwei) on 2014-02-24
Changed in keystone:
assignee: nobody → Haiwei Xu (xu-haiwei)
status: New → In Progress
Haiwei Xu (xu-haiwei) on 2014-02-24
Changed in cinder:
assignee: nobody → Haiwei Xu (xu-haiwei)

Fix proposed to branch: master
Review: https://review.openstack.org/75743

Changed in cinder:
status: New → In Progress
Haiwei Xu (xu-haiwei) on 2014-02-24
Changed in neutron:
assignee: nobody → Haiwei Xu (xu-haiwei)

Fix proposed to branch: master
Review: https://review.openstack.org/75753

Changed in neutron:
status: New → In Progress
Changed in cinder:
importance: Undecided → Low
milestone: none → icehouse-3

Reviewed: https://review.openstack.org/75743
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=330a476f8a82c672d636d7da78b81cc46db1e9dd
Submitter: Jenkins
Branch: master

commit 330a476f8a82c672d636d7da78b81cc46db1e9dd
Author: Haiwei Xu <email address hidden>
Date: Mon Feb 24 20:39:19 2014 +0900

    Fix webob.exc.HTTPForbidden parameter miss

    HTTPForbidden should use the parameter 'explanation'
    instead of 'detail'.
    This patch fixes this bug.

    Change-Id: I688145f7ea942277c7d3ed3221d6ff2bc7a852ad
    Closes-Bug: #1283872

Changed in cinder:
status: In Progress → Fix Committed
Oleg Bondarev (obondarev) wrote :

The actual constructor of HTTPForbidden (defined in its parent WSGIHTTPException) has 'detail' as a parameter. 'explanation' is not what constructor expects. At least passing 'detail' is acceptable. Not sure this is a bug, marking as invalid for now

Changed in neutron:
status: In Progress → Invalid
Dolph Mathews (dolph) on 2014-02-24
Changed in keystone:
importance: Undecided → Low
Haiwei Xu (xu-haiwei) wrote :

@Oleg Bondarev

I also found the 'detail' in the parent class, but this parameter can't be output when the exception happens.

I have made some tests, only when 'explanation' is assigned, the exception output error messages correctly.

I don't know the exact reason, bug I think this should be fixed.

Oleg Bondarev (obondarev) wrote :

>>> from webob import exc
>>> raise exc.HTTPForbidden()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
webob.exc.HTTPForbidden: Access was denied to this resource.
>>> raise exc.HTTPForbidden(explanation='Oops..')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
webob.exc.HTTPForbidden: Oops..
>>> raise exc.HTTPForbidden(detail='Oops..')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
webob.exc.HTTPForbidden: Oops..

so it works for both explanation and detail. What am I missing?

Haiwei Xu (xu-haiwei) wrote :

@Oleg Bondarev

The situation you tested is correct in python library. But in openstack components the situation is changed.

In neutron/wsgi.py I got these codes:

1134 def _default_body_function(wrapped_exc):
1135 code = wrapped_exc.status_int
1136 fault_data = {
1137 'Error': {
1138 'code': code,
1139 'message': wrapped_exc.explanation}}
1140 # 'code' is an attribute on the fault tag itself
1141 metadata = {'attributes': {'Error': 'code'}}
1142 return fault_data, metadata

in line 1139 we can see 'message' is only passed the wrapped_exc.explanation, so if we use the 'detail' parameter, the 'message' can't get it.

Oleg Bondarev (obondarev) wrote :

Ok, I see the root cause now, didn't realize this is specific for wsgi module. Thanks for clarification

Changed in neutron:
status: Invalid → In Progress

Reviewed: https://review.openstack.org/75733
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=06ec3d6231ae07c45663b53b28755c7a4cc33bc4
Submitter: Jenkins
Branch: master

commit 06ec3d6231ae07c45663b53b28755c7a4cc33bc4
Author: Haiwei Xu <email address hidden>
Date: Mon Feb 24 19:17:54 2014 +0900

    Make webob.exc.HTTPForbidden return correct message

    Currently HTTPForbidden is using wrong parameter 'detail'
    somewhere, while the correct parameter should be 'explanation'.
    This patch fixes this bug.

    Change-Id: I69bc3249f88e9cbf9add954571c21b07cf58f7c6
    Closes-Bug: #1283872

Changed in nova:
status: In Progress → Fix Committed
Changed in neutron:
importance: Undecided → Low
milestone: none → icehouse-3

Reviewed: https://review.openstack.org/75753
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=5dea9b2f49d97a26952d58fba95cfbd734729615
Submitter: Jenkins
Branch: master

commit 5dea9b2f49d97a26952d58fba95cfbd734729615
Author: Haiwei Xu <email address hidden>
Date: Mon Feb 24 22:12:59 2014 +0900

    Fix webob.exc.HTTPForbidden parameter miss

    HTTPForbidden should use the parameter 'explanation'
    instead of 'detail'.
    This patch fixes this bug.

    Change-Id: I4c66697daf0ce9e00c8820311dc7141eacd7e733
    Closes-Bug: #1283872

Changed in neutron:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2014-03-05
Changed in nova:
milestone: none → icehouse-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2014-03-05
Changed in cinder:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2014-03-05
Changed in neutron:
status: Fix Committed → Fix Released

Reviewed: https://review.openstack.org/75741
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=7d3583a9f320b5cc80570a685eb5b1d97fc08696
Submitter: Jenkins
Branch: master

commit 7d3583a9f320b5cc80570a685eb5b1d97fc08696
Author: Haiwei Xu <email address hidden>
Date: Mon Feb 24 20:18:15 2014 +0900

    Fix webob.exc.HTTPForbidden parameter miss

    HTTPForbidden should use the parameter 'explanation'
    instead of 'detail'.
    This patch fixes this bug.

    Change-Id: I0ebc01e8bbcc564debce450ea52faf94faa21eeb
    Closes-Bug: #1283872

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2014-03-26
Changed in keystone:
milestone: none → icehouse-rc1
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2014-04-17
Changed in keystone:
milestone: icehouse-rc1 → 2014.1
Thierry Carrez (ttx) on 2014-04-17
Changed in nova:
milestone: icehouse-3 → 2014.1
Thierry Carrez (ttx) on 2014-04-17
Changed in cinder:
milestone: icehouse-3 → 2014.1
Thierry Carrez (ttx) on 2014-04-17
Changed in neutron:
milestone: icehouse-3 → 2014.1
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers