x/swiftonhpss
Code Issues Proposed changes

fix error handing in swauth tools

Browse Source 
The swauth tools did not handle an invalid admin_url, so it just failed
printing the stacktrace, which is not useful to end users.
This fix catches the exception and prints an error message that can
help user solve the issue.

Change-Id: I806c1cf191b5921e904b155f65cdbde5f2aac695
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Reviewed-on: http://review.gluster.org/6431
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
This commit is contained in:
Thiago da Silva 2013-12-04 18:12:12 -05:00 committed by Luis Pabon
parent 52e9fed873
commit 62d07833db
9 changed files with 165 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
gluster/swift/common/middleware/gswauth/bin/gswauth-add-account
View File

@ -15,8 +15,9 @@
# limitations under the License.
import gettext
import socket
from optparse import OptionParser
from os.path import basename
from sys import argv, exit
from swift.common.bufferedhttp import http_connect_raw as http_connect
@ -56,9 +57,17 @@ if __name__ == '__main__':
headers = {'X-Auth-Admin-User': options.admin_user,
'X-Auth-Admin-Key': options.admin_key,
'Content-Length': '0'}
conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers,
ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
try:
conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers,
ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
except socket.gaierror, err:
exit('Account creation failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('Account creation failed: %s. ' \
'Check that the admin_url is valid' % msg)
if resp.status // 100 != 2:
if resp.status == 401:
exit('Account creation failed: %s %s: Invalid user/key provided' %

48
gluster/swift/common/middleware/gswauth/bin/gswauth-add-user
View File

@ -15,8 +15,9 @@
# limitations under the License.
import gettext
import socket
from optparse import OptionParser
from os.path import basename
from sys import argv, exit
from swift.common.bufferedhttp import http_connect_raw as http_connect
@ -62,6 +63,7 @@ if __name__ == '__main__':
parsed_path = '/'
elif parsed_path[-1] != '/':
parsed_path += '/'
# Check if user is changing his own password. This is carried out by
# making sure that the user changing the password and the user whose
# password is being changed are the same.
@ -71,19 +73,27 @@ if __name__ == '__main__':
path = '%sv2/%s' % (parsed_path, account)
headers = {'X-Auth-Admin-User': options.admin_user,
'X-Auth-Admin-Key': options.admin_key}
conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers,
ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
if resp.status // 100 != 2:
# If the GET operation fails, it means the account does not exist.
# Now we create the account by sending a PUT request.
headers['Content-Length'] = '0'
conn = http_connect(parsed.hostname, parsed.port, 'PUT', path,
headers, ssl=(parsed.scheme == 'https'))
try:
conn = http_connect(parsed.hostname, parsed.port, 'GET', path,
headers, ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
if resp.status // 100 != 2:
print 'Account creation failed: %s %s' % \
(resp.status, resp.reason)
# If the GET operation fails, it means the account does not
# exist. Now we create the account by sending a PUT request.
headers['Content-Length'] = '0'
conn = http_connect(parsed.hostname, parsed.port, 'PUT', path,
headers, ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
if resp.status // 100 != 2:
print 'Account creation failed: %s %s' % \
(resp.status, resp.reason)
except socket.gaierror, err:
exit('User creation failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('User creation failed: %s. ' \
'Check that the admin_url is valid' % msg)
# Add the user
path = '%sv2/%s/%s' % (parsed_path, account, user)
headers = {'X-Auth-Admin-User': options.admin_user,
@ -94,9 +104,17 @@ if __name__ == '__main__':
headers['X-Auth-User-Admin'] = 'true'
if options.reseller_admin:
headers['X-Auth-User-Reseller-Admin'] = 'true'
conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers,
ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
try:
conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers,
ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
except socket.gaierror, err:
exit('User creation failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('User creation failed: %s. ' \
'Check that the admin_url is valid' % msg)
if resp.status // 100 != 2:
if resp.status == 401:
exit('User creation failed: %s %s: Invalid user/key provided' %

6
gluster/swift/common/middleware/gswauth/bin/gswauth-cleanup-tokens
View File

@ -20,6 +20,8 @@ except ImportError:
import json
import gettext
import re
import socket
from datetime import datetime, timedelta
from optparse import OptionParser
from sys import argv, exit
@ -114,6 +116,10 @@ if __name__ == '__main__':
else:
exit('Object listing on container %s failed with status '
'code %d' % (container, e.http_status))
except socket.error, (errno, msg):
exit('Token clean-up failed: %s. ' \
'Check that the admin_url is valid' % msg)
if objs:
marker = objs[-1]['name']
else:

17
gluster/swift/common/middleware/gswauth/bin/gswauth-delete-account
View File

@ -15,8 +15,9 @@
# limitations under the License.
import gettext
import socket
from optparse import OptionParser
from os.path import basename
from sys import argv, exit
from swift.common.bufferedhttp import http_connect_raw as http_connect
@ -57,9 +58,17 @@ if __name__ == '__main__':
path = '%sv2/%s' % (parsed_path, account)
headers = {'X-Auth-Admin-User': options.admin_user,
'X-Auth-Admin-Key': options.admin_key}
conn = http_connect(parsed.hostname, parsed.port, 'DELETE', path, headers,
ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
try:
conn = http_connect(parsed.hostname, parsed.port, 'DELETE', path, headers,
ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
except socket.gaierror, err:
exit('Account deletion failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('Account deletion failed: %s. ' \
'Check that the admin_url is valid' % msg)
if resp.status // 100 != 2:
if resp.status == 401:
exit('Delete account failed: %s %s: Invalid user/key provided' %

17
gluster/swift/common/middleware/gswauth/bin/gswauth-delete-user
View File

@ -15,8 +15,9 @@
# limitations under the License.
import gettext
import socket
from optparse import OptionParser
from os.path import basename
from sys import argv, exit
from swift.common.bufferedhttp import http_connect_raw as http_connect
@ -57,9 +58,17 @@ if __name__ == '__main__':
path = '%sv2/%s/%s' % (parsed_path, account, user)
headers = {'X-Auth-Admin-User': options.admin_user,
'X-Auth-Admin-Key': options.admin_key}
conn = http_connect(parsed.hostname, parsed.port, 'DELETE', path, headers,
ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
try:
conn = http_connect(parsed.hostname, parsed.port, 'DELETE', path, headers,
ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
except socket.gaierror, err:
exit('User deletion failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('User deletion failed: %s. ' \
'Check that the admin_url is valid' % msg)
if resp.status // 100 != 2:
if resp.status == 401:
exit('Delete user failed: %s %s: Invalid user/key provided' %

18
gluster/swift/common/middleware/gswauth/bin/gswauth-list
View File

@ -19,8 +19,10 @@ try:
except ImportError:
import json
import gettext
import socket
import types
from optparse import OptionParser
from os.path import basename
from sys import argv, exit
from swift.common.bufferedhttp import http_connect_raw as http_connect
@ -79,9 +81,17 @@ If the [user] is '.groups', the active groups for the account will be listed.
path = '%sv2/%s' % (parsed_path, '/'.join(args))
headers = {'X-Auth-Admin-User': options.admin_user,
'X-Auth-Admin-Key': options.admin_key}
conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers,
ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
try:
conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers,
ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
except socket.gaierror, err:
exit('List failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('List failed: %s. ' \
'Check that the admin_url is valid' % msg)
body = resp.read()
if resp.status // 100 != 2:
if resp.status == 401:

17
gluster/swift/common/middleware/gswauth/bin/gswauth-prep
View File

@ -15,8 +15,9 @@
# limitations under the License.
import gettext
import socket
from optparse import OptionParser
from os.path import basename
from sys import argv, exit
from swift.common.bufferedhttp import http_connect_raw as http_connect
@ -54,9 +55,17 @@ if __name__ == '__main__':
path = '%sv2/.prep' % parsed_path
headers = {'X-Auth-Admin-User': options.admin_user,
'X-Auth-Admin-Key': options.admin_key}
conn = http_connect(parsed.hostname, parsed.port, 'POST', path, headers,
ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
try:
conn = http_connect(parsed.hostname, parsed.port, 'POST', path, headers,
ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
except socket.gaierror, err:
exit('gswauth preparation failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('gswauth preparation failed: %s. ' \
'Check that the admin_url is valid' % msg)
if resp.status // 100 != 2:
if resp.status == 401:
exit('gswauth preparation failed: %s %s: Invalid user/key provided' %

17
gluster/swift/common/middleware/gswauth/bin/gswauth-set-account-service
View File

@ -19,8 +19,8 @@ try:
except ImportError:
import json
import gettext
import socket
from optparse import OptionParser
from os.path import basename
from sys import argv, exit
from swift.common.bufferedhttp import http_connect_raw as http_connect
@ -67,10 +67,17 @@ Example: %prog -K gswauthkey test storage local http://127.0.0.1:8080/v1/AUTH_01
headers = {'Content-Length': str(len(body)),
'X-Auth-Admin-User': options.admin_user,
'X-Auth-Admin-Key': options.admin_key}
conn = http_connect(parsed.hostname, parsed.port, 'POST', path, headers,
ssl=(parsed.scheme == 'https'))
conn.send(body)
resp = conn.getresponse()
try:
conn = http_connect(parsed.hostname, parsed.port, 'POST', path, headers,
ssl=(parsed.scheme == 'https'))
conn.send(body)
resp = conn.getresponse()
except socket.gaierror, err:
exit('Service set failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('Service set failed: %s. ' \
'Check that the admin_url is valid' % msg)
if resp.status // 100 != 2:
if resp.status == 401:
exit('Service set failed: %s %s: Invalid user/key provided' %

53
test/functional_auth/gswauth/test_gswauth_cli.py
View File

@ -124,6 +124,14 @@ class TestSwauthPrep(unittest.TestCase):
self.assertNotEqual(status, 0, 'Invalid swauth-prep request accepted(wrong key provided):'+output)
self.assertEqual('gswauth preparation failed: 401 Unauthorized: Invalid user/key provided' \
in output,True, 'Invalid swauth-prep request accepted: '+output)
(status,output)=Utils.swauthPrep(authurl='http://127.0.0.1:80/auth/')
self.assertEqual('ECONNREFUSED' in output, True,
'Invalid swauth-prep request accepted(wrong admin-url provided): %s' % output)
(status,output)=Utils.swauthPrep(authurl='http://127.0.1:80/auth/')
self.assertEqual('No address associated with hostname' in output, True,
'Invalid swauth-prep request accepted(wrong admin-url provided): %s' % output)
#TODO:More cases for invalid url and admin user
def testAddAccountWithoutSwauthPrep(self):
@ -176,8 +184,15 @@ class TestAccount(unittest.TestCase):
(status,output)=Utils.addAccount('testinvalidkey',key='invalidkey')
self.assertEqual('Account creation failed: 401 Unauthorized: Invalid user/key provided' \
in output,True, 'Invalid account creation request accepted: '+output)
#TODO:more cases?
in output,True, 'Invalid account creation request accepted: '+output)
(status,output)=Utils.addAccount('test2', authurl='http://127.0.0.1:80/auth/')
self.assertEqual('ECONNREFUSED' in output, True,
'Invalid account creation request accepted(wrong admin-url provided): %s' % output)
(status,output)=Utils.addAccount('test2', authurl='http://127.0.1:80/auth/')
self.assertEqual('No address associated with hostname' in output, True,
'Invalid account creation request accepted(wrong admin-url provided): %s' % output)
def testAddAccountNonSuperAdminUsers(self):
#set test account with all types of user
@ -229,7 +244,14 @@ class TestAccount(unittest.TestCase):
(status,output)=Utils.deleteAccount('accountdoesnotexist')
self.assertNotEqual(status, 0, 'account deletion failed for accountdoesnotexist'+output)
self.assertEqual('Delete account failed: 404 Not Found: Account accountdoesnotexist does not exist' in output,True, 'account deletion failed for test account'+output)
#TODO:more cases
(status,output)=Utils.deleteAccount('test3', authurl='http://127.0.0.1:80/auth/')
self.assertEqual('ECONNREFUSED' in output, True,
'Invalid deletion request accepted(wrong admin-url provided): %s' % output)
(status,output)=Utils.deleteAccount('test3', authurl='http://127.0.1:80/auth/')
self.assertEqual('No address associated with hostname' in output, True,
'Invalid deletion request accepted(wrong admin-url provided): %s' % output)
def testDeleteAccountNonSuperAdminUsers(self):
#set test account with all types of user
@ -264,6 +286,14 @@ class TestAccount(unittest.TestCase):
'+----------+\n| Accounts |\n+----------+\n| test |\n+----------+',
'swauth-list failed:\n%s' % output)
(status,output)=Utils.listAccounts(authurl='http://127.0.0.1:80/auth/')
self.assertEqual('ECONNREFUSED' in output, True,
'Invalid list request accepted(wrong admin-url provided): %s' % output)
(status,output)=Utils.listAccounts(authurl='http://127.0.1:80/auth/')
self.assertEqual('No address associated with hostname' in output, True,
'Invalid list request accepted(wrong admin-url provided): %s' % output)
(status,output)=Utils.listAccounts('-j')
self.assertEqual(output,
'{"accounts": [{"name": "test"}]}',
@ -293,7 +323,6 @@ class TestAccount(unittest.TestCase):
self.assertNotEqual(status, 0, 'account listing success with regular user: '+output)
self.assertEqual('403 Forbidden' in output,True, 'account listing success with regular user: '+output)
class TestUser(unittest.TestCase):
def setUp(self):
@ -348,7 +377,14 @@ class TestUser(unittest.TestCase):
(status,output) = Utils.addAdminUser('accountdoesnotexist', 'testcli', 'testcli')
self.assertEqual(status, 0, 'User creation request failed, where accountdoesnotexist: '+output)
#TODO: more test cases?
(status,output)=Utils.addAdminUser('test', 'admin2', 'adminpwd', authurl='http://127.0.0.1:80/auth/')
self.assertEqual('ECONNREFUSED' in output, True,
'Invalid add user request accepted(wrong admin-url provided): %s' % output)
(status,output)=Utils.addAdminUser('test', 'admin2', 'adminpwd', authurl='http://127.0.1:80/auth/')
self.assertEqual('No address associated with hostname' in output, True,
'Invalid add user request accepted(wrong admin-url provided): %s' % output)
def testAddUserNonSuperAdminUsers (self):
#setup test,testr accounts with all user types
@ -463,6 +499,13 @@ class TestUser(unittest.TestCase):
(status,output) = Utils.deleteUser('accountisnothere', 'testcli')
self.assertNotEqual(status, 0, 'Invalid user deletion request accepted, accountdoesnotexist:'+output)
#TODO:more testcases?
(status,output)=Utils.deleteUser('test', 'admin2', authurl='http://127.0.0.1:80/auth/')
self.assertEqual('ECONNREFUSED' in output, True,
'Invalid delete user request accepted(wrong admin-url provided): %s' % output)
(status,output)=Utils.deleteUser('test', 'admin2', authurl='http://127.0.1:80/auth/')
self.assertEqual('No address associated with hostname' in output, True,
'Invalid delete user request accepted(wrong admin-url provided): %s' % output)
def testDeleteUserNonSuperAdminUsers(self):
#set test, test2 acc with all type of users