poor exception handling creates inaccurate user facing error messages

Bug #1210625 reported by Jay Buffington on 2013-08-09
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
python-keystoneclient
Medium
Unassigned

Bug Description

Keystone client has an anti-pattern throughout it: it catches exceptions, ignores them and then warns or rethrows a different exception.

Here is an example of the impact of this bad practice:

    $ glance image-list
    Authorization Failed: <attribute 'message' of 'exceptions.BaseException' objects> (HTTP Unable to establish connection to https://keystone-mr.example.com:5000/v2.0/tokens)

    # but I can talk to keystone just fine:
    [EXIT 1] $ keystone endpoint-list
    +----------------------------------+--------+---------------------------------------------------------------+---------------------------------------------------------------+---------------------------------------------------------------+----------------------------------+
    | id | region | publicurl | internalurl | adminurl | service_id |
    +----------------------------------+--------+---------------------------------------------------------------+---------------------------------------------------------------+---------------------------------------------------------------+----------------------------------+
    | 2782708b08ac4cb39c5c50db186557da | mr | http://neutron-mr.example.com:9696 | http://neutron-mr.example.com:9696 | http://neutron-mr.example.com:9696 | bd0f191fb7bc4beeaf0cfe782b6675be |
    | 2f7ddb958ce74838ab32bf502678c0ea | mr | http://nova-controller-mr.example.com:8774/v2/%(tenant_id)s | http://nova-controller-mr.example.com:8774/v2/%(tenant_id)s | http://nova-controller-mr.example.com:8774/v2/%(tenant_id)s | a8c47f64f591492692c23938a2729310 |
    | 9f44982d617e41c3856395df28f7b70c | mr | https://keystone-mr.example.com:5000/v2.0 | https://keystone-mr.example.com:5000/v2.0 | https://keystone-mr.example.com:35357/v2.0 | 8333fb6107c8400f994328c72b964c78 |
    | ad6cf1833b304c28bf11e4c6f1f52791 | mr | http://glance-mr.example.com:9292 | http://glance-mr.example.com:9292 | http://glance-mr.example.com:9292 | fc0e9fdab0c449b8b36335ca0f276c93 |
    +----------------------------------+--------+---------------------------------------------------------------+---------------------------------------------------------------+---------------------------------------------------------------+----------------------------------+

So, I removed this try/except in the request method in keystoneclient/client.py:

        try:
            resp = requests.request(
                method,
                url,
                verify=self.verify_cert,
                **request_kwargs)
        except requests.ConnectionError:
            msg = 'Unable to establish connection to %s' % url
            raise exceptions.ClientException(msg)

And I got a better error message:
    $ glance image-list
    Authorization Failed: [Errno 1] _ssl.c:490: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

There are other examples of this in keystone client such as in _validate_user_token in keystoneclient/middleware/auth_token.py and do_endpoint_delete in keystoneclient/v2_0/shell.py

Dolph Mathews (dolph) on 2013-08-23
Changed in python-keystoneclient:
status: New → Confirmed
Dolph Mathews (dolph) on 2013-08-23
Changed in python-keystoneclient:
importance: Undecided → Medium
Changed in python-keystoneclient:
assignee: nobody → Jorge Edgar Valderrama Romero (jorge-valderrama)
Dolph Mathews (dolph) wrote :

Unassigning due to inactivity.

Changed in python-keystoneclient:
assignee: Jorge Edgar Valderrama Romero (jorge-valderrama) → nobody
Changed in python-keystoneclient:
assignee: nobody → Victor Howard (victor-r-howard)
Changed in python-keystoneclient:
assignee: Victor Howard (victor-r-howard) → nobody
Changed in python-keystoneclient:
assignee: nobody → Aleksey Nakoryakov (alfnak)
Lance Bragstad (lbragstad) wrote :

Automatically unassigning due to inactivity.

Changed in python-keystoneclient:
assignee: Aleksey Nakoryakov (alfnak) → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers