x/swiftonhpss
Code Issues Proposed changes

fix error handing in swauth tools

Browse Source 
The swauth tools did not handle an invalid admin_url, so it just failed
printing the stacktrace, which is not useful to end users.
This fix catches the exception and prints an error message that can
help user solve the issue.

Change-Id: I806c1cf191b5921e904b155f65cdbde5f2aac695
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Reviewed-on: http://review.gluster.org/6431
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
This commit is contained in:
Thiago da Silva 2013-12-04 18:12:12 -05:00 committed by Luis Pabon
parent 52e9fed873
commit 62d07833db
9 changed files with 165 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
gluster/swift/common/middleware/gswauth/bin/gswauth-add-account
View File

@ -15,8 +15,9 @@
# limitations under the License. # limitations under the License.
import gettext import gettext
import socket
from optparse import OptionParser from optparse import OptionParser
from os.path import basename
from sys import argv, exit from sys import argv, exit
from swift.common.bufferedhttp import http_connect_raw as http_connect from swift.common.bufferedhttp import http_connect_raw as http_connect
@ -56,9 +57,17 @@ if __name__ == '__main__':
headers = {'X-Auth-Admin-User': options.admin_user, headers = {'X-Auth-Admin-User': options.admin_user,
'X-Auth-Admin-Key': options.admin_key, 'X-Auth-Admin-Key': options.admin_key,
'Content-Length': '0'} 'Content-Length': '0'}
conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, try:
ssl=(parsed.scheme == 'https')) conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers,
resp = conn.getresponse() ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
except socket.gaierror, err:
exit('Account creation failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('Account creation failed: %s. ' \
'Check that the admin_url is valid' % msg)
if resp.status // 100 != 2: if resp.status // 100 != 2:
if resp.status == 401: if resp.status == 401:
exit('Account creation failed: %s %s: Invalid user/key provided' % exit('Account creation failed: %s %s: Invalid user/key provided' %

48
gluster/swift/common/middleware/gswauth/bin/gswauth-add-user
View File

@ -15,8 +15,9 @@
# limitations under the License. # limitations under the License.
import gettext import gettext
import socket
from optparse import OptionParser from optparse import OptionParser
from os.path import basename
from sys import argv, exit from sys import argv, exit
from swift.common.bufferedhttp import http_connect_raw as http_connect from swift.common.bufferedhttp import http_connect_raw as http_connect
@ -62,6 +63,7 @@ if __name__ == '__main__':
parsed_path = '/' parsed_path = '/'
elif parsed_path[-1] != '/': elif parsed_path[-1] != '/':
parsed_path += '/' parsed_path += '/'
# Check if user is changing his own password. This is carried out by # Check if user is changing his own password. This is carried out by
# making sure that the user changing the password and the user whose # making sure that the user changing the password and the user whose
# password is being changed are the same. # password is being changed are the same.
@ -71,19 +73,27 @@ if __name__ == '__main__':
path = '%sv2/%s' % (parsed_path, account) path = '%sv2/%s' % (parsed_path, account)
headers = {'X-Auth-Admin-User': options.admin_user, headers = {'X-Auth-Admin-User': options.admin_user,
'X-Auth-Admin-Key': options.admin_key} 'X-Auth-Admin-Key': options.admin_key}
conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers, try:
ssl=(parsed.scheme == 'https')) conn = http_connect(parsed.hostname, parsed.port, 'GET', path,
resp = conn.getresponse() headers, ssl=(parsed.scheme == 'https'))
if resp.status // 100 != 2:
# If the GET operation fails, it means the account does not exist.
# Now we create the account by sending a PUT request.
headers['Content-Length'] = '0'
conn = http_connect(parsed.hostname, parsed.port, 'PUT', path,
headers, ssl=(parsed.scheme == 'https'))
resp = conn.getresponse() resp = conn.getresponse()
if resp.status // 100 != 2: if resp.status // 100 != 2:
print 'Account creation failed: %s %s' % \ # If the GET operation fails, it means the account does not
(resp.status, resp.reason) # exist. Now we create the account by sending a PUT request.
headers['Content-Length'] = '0'
conn = http_connect(parsed.hostname, parsed.port, 'PUT', path,
headers, ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
if resp.status // 100 != 2:
print 'Account creation failed: %s %s' % \
(resp.status, resp.reason)
except socket.gaierror, err:
exit('User creation failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('User creation failed: %s. ' \
'Check that the admin_url is valid' % msg)
# Add the user # Add the user
path = '%sv2/%s/%s' % (parsed_path, account, user) path = '%sv2/%s/%s' % (parsed_path, account, user)
headers = {'X-Auth-Admin-User': options.admin_user, headers = {'X-Auth-Admin-User': options.admin_user,
@ -94,9 +104,17 @@ if __name__ == '__main__':
headers['X-Auth-User-Admin'] = 'true' headers['X-Auth-User-Admin'] = 'true'
if options.reseller_admin: if options.reseller_admin:
headers['X-Auth-User-Reseller-Admin'] = 'true' headers['X-Auth-User-Reseller-Admin'] = 'true'
conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, try:
ssl=(parsed.scheme == 'https')) conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers,
resp = conn.getresponse() ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
except socket.gaierror, err:
exit('User creation failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('User creation failed: %s. ' \
'Check that the admin_url is valid' % msg)
if resp.status // 100 != 2: if resp.status // 100 != 2:
if resp.status == 401: if resp.status == 401:
exit('User creation failed: %s %s: Invalid user/key provided' % exit('User creation failed: %s %s: Invalid user/key provided' %

6
gluster/swift/common/middleware/gswauth/bin/gswauth-cleanup-tokens
View File

@ -20,6 +20,8 @@ except ImportError:
import json import json
import gettext import gettext
import re import re
import socket
from datetime import datetime, timedelta from datetime import datetime, timedelta
from optparse import OptionParser from optparse import OptionParser
from sys import argv, exit from sys import argv, exit
@ -114,6 +116,10 @@ if __name__ == '__main__':
else: else:
exit('Object listing on container %s failed with status ' exit('Object listing on container %s failed with status '
'code %d' % (container, e.http_status)) 'code %d' % (container, e.http_status))
except socket.error, (errno, msg):
exit('Token clean-up failed: %s. ' \
'Check that the admin_url is valid' % msg)
if objs: if objs:
marker = objs[-1]['name'] marker = objs[-1]['name']
else: else:

17
gluster/swift/common/middleware/gswauth/bin/gswauth-delete-account
View File

@ -15,8 +15,9 @@
# limitations under the License. # limitations under the License.
import gettext import gettext
import socket
from optparse import OptionParser from optparse import OptionParser
from os.path import basename
from sys import argv, exit from sys import argv, exit
from swift.common.bufferedhttp import http_connect_raw as http_connect from swift.common.bufferedhttp import http_connect_raw as http_connect
@ -57,9 +58,17 @@ if __name__ == '__main__':
path = '%sv2/%s' % (parsed_path, account) path = '%sv2/%s' % (parsed_path, account)
headers = {'X-Auth-Admin-User': options.admin_user, headers = {'X-Auth-Admin-User': options.admin_user,
'X-Auth-Admin-Key': options.admin_key} 'X-Auth-Admin-Key': options.admin_key}
conn = http_connect(parsed.hostname, parsed.port, 'DELETE', path, headers, try:
ssl=(parsed.scheme == 'https')) conn = http_connect(parsed.hostname, parsed.port, 'DELETE', path, headers,
resp = conn.getresponse() ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
except socket.gaierror, err:
exit('Account deletion failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('Account deletion failed: %s. ' \
'Check that the admin_url is valid' % msg)
if resp.status // 100 != 2: if resp.status // 100 != 2:
if resp.status == 401: if resp.status == 401:
exit('Delete account failed: %s %s: Invalid user/key provided' % exit('Delete account failed: %s %s: Invalid user/key provided' %

17
gluster/swift/common/middleware/gswauth/bin/gswauth-delete-user
View File

@ -15,8 +15,9 @@
# limitations under the License. # limitations under the License.
import gettext import gettext
import socket
from optparse import OptionParser from optparse import OptionParser
from os.path import basename
from sys import argv, exit from sys import argv, exit
from swift.common.bufferedhttp import http_connect_raw as http_connect from swift.common.bufferedhttp import http_connect_raw as http_connect
@ -57,9 +58,17 @@ if __name__ == '__main__':
path = '%sv2/%s/%s' % (parsed_path, account, user) path = '%sv2/%s/%s' % (parsed_path, account, user)
headers = {'X-Auth-Admin-User': options.admin_user, headers = {'X-Auth-Admin-User': options.admin_user,
'X-Auth-Admin-Key': options.admin_key} 'X-Auth-Admin-Key': options.admin_key}
conn = http_connect(parsed.hostname, parsed.port, 'DELETE', path, headers, try:
ssl=(parsed.scheme == 'https')) conn = http_connect(parsed.hostname, parsed.port, 'DELETE', path, headers,
resp = conn.getresponse() ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
except socket.gaierror, err:
exit('User deletion failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('User deletion failed: %s. ' \
'Check that the admin_url is valid' % msg)
if resp.status // 100 != 2: if resp.status // 100 != 2:
if resp.status == 401: if resp.status == 401:
exit('Delete user failed: %s %s: Invalid user/key provided' % exit('Delete user failed: %s %s: Invalid user/key provided' %

18
gluster/swift/common/middleware/gswauth/bin/gswauth-list
View File

@ -19,8 +19,10 @@ try:
except ImportError: except ImportError:
import json import json
import gettext import gettext
import socket
import types
from optparse import OptionParser from optparse import OptionParser
from os.path import basename
from sys import argv, exit from sys import argv, exit
from swift.common.bufferedhttp import http_connect_raw as http_connect from swift.common.bufferedhttp import http_connect_raw as http_connect
@ -79,9 +81,17 @@ If the [user] is '.groups', the active groups for the account will be listed.
path = '%sv2/%s' % (parsed_path, '/'.join(args)) path = '%sv2/%s' % (parsed_path, '/'.join(args))
headers = {'X-Auth-Admin-User': options.admin_user, headers = {'X-Auth-Admin-User': options.admin_user,
'X-Auth-Admin-Key': options.admin_key} 'X-Auth-Admin-Key': options.admin_key}
conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers, try:
ssl=(parsed.scheme == 'https')) conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers,
resp = conn.getresponse() ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
except socket.gaierror, err:
exit('List failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('List failed: %s. ' \
'Check that the admin_url is valid' % msg)
body = resp.read() body = resp.read()
if resp.status // 100 != 2: if resp.status // 100 != 2:
if resp.status == 401: if resp.status == 401:

17
gluster/swift/common/middleware/gswauth/bin/gswauth-prep
View File

@ -15,8 +15,9 @@
# limitations under the License. # limitations under the License.
import gettext import gettext
import socket
from optparse import OptionParser from optparse import OptionParser
from os.path import basename
from sys import argv, exit from sys import argv, exit
from swift.common.bufferedhttp import http_connect_raw as http_connect from swift.common.bufferedhttp import http_connect_raw as http_connect
@ -54,9 +55,17 @@ if __name__ == '__main__':
path = '%sv2/.prep' % parsed_path path = '%sv2/.prep' % parsed_path
headers = {'X-Auth-Admin-User': options.admin_user, headers = {'X-Auth-Admin-User': options.admin_user,
'X-Auth-Admin-Key': options.admin_key} 'X-Auth-Admin-Key': options.admin_key}
conn = http_connect(parsed.hostname, parsed.port, 'POST', path, headers, try:
ssl=(parsed.scheme == 'https')) conn = http_connect(parsed.hostname, parsed.port, 'POST', path, headers,
resp = conn.getresponse() ssl=(parsed.scheme == 'https'))
resp = conn.getresponse()
except socket.gaierror, err:
exit('gswauth preparation failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('gswauth preparation failed: %s. ' \
'Check that the admin_url is valid' % msg)
if resp.status // 100 != 2: if resp.status // 100 != 2:
if resp.status == 401: if resp.status == 401:
exit('gswauth preparation failed: %s %s: Invalid user/key provided' % exit('gswauth preparation failed: %s %s: Invalid user/key provided' %

17
gluster/swift/common/middleware/gswauth/bin/gswauth-set-account-service
View File

@ -19,8 +19,8 @@ try:
except ImportError: except ImportError:
import json import json
import gettext import gettext
import socket
from optparse import OptionParser from optparse import OptionParser
from os.path import basename
from sys import argv, exit from sys import argv, exit
from swift.common.bufferedhttp import http_connect_raw as http_connect from swift.common.bufferedhttp import http_connect_raw as http_connect
@ -67,10 +67,17 @@ Example: %prog -K gswauthkey test storage local http://127.0.0.1:8080/v1/AUTH_01
headers = {'Content-Length': str(len(body)), headers = {'Content-Length': str(len(body)),
'X-Auth-Admin-User': options.admin_user, 'X-Auth-Admin-User': options.admin_user,
'X-Auth-Admin-Key': options.admin_key} 'X-Auth-Admin-Key': options.admin_key}
conn = http_connect(parsed.hostname, parsed.port, 'POST', path, headers, try:
ssl=(parsed.scheme == 'https')) conn = http_connect(parsed.hostname, parsed.port, 'POST', path, headers,
conn.send(body) ssl=(parsed.scheme == 'https'))
resp = conn.getresponse() conn.send(body)
resp = conn.getresponse()
except socket.gaierror, err:
exit('Service set failed: %s. ' \
'Check that the admin_url is valid' % err)
except socket.error, (errno, msg):
exit('Service set failed: %s. ' \
'Check that the admin_url is valid' % msg)
if resp.status // 100 != 2: if resp.status // 100 != 2:
if resp.status == 401: if resp.status == 401:
exit('Service set failed: %s %s: Invalid user/key provided' % exit('Service set failed: %s %s: Invalid user/key provided' %

53
test/functional_auth/gswauth/test_gswauth_cli.py
View File

@ -124,6 +124,14 @@ class TestSwauthPrep(unittest.TestCase):
self.assertNotEqual(status, 0, 'Invalid swauth-prep request accepted(wrong key provided):'+output) self.assertNotEqual(status, 0, 'Invalid swauth-prep request accepted(wrong key provided):'+output)
self.assertEqual('gswauth preparation failed: 401 Unauthorized: Invalid user/key provided' \ self.assertEqual('gswauth preparation failed: 401 Unauthorized: Invalid user/key provided' \
in output,True, 'Invalid swauth-prep request accepted: '+output) in output,True, 'Invalid swauth-prep request accepted: '+output)
(status,output)=Utils.swauthPrep(authurl='http://127.0.0.1:80/auth/')
self.assertEqual('ECONNREFUSED' in output, True,
'Invalid swauth-prep request accepted(wrong admin-url provided): %s' % output)
(status,output)=Utils.swauthPrep(authurl='http://127.0.1:80/auth/')
self.assertEqual('No address associated with hostname' in output, True,
'Invalid swauth-prep request accepted(wrong admin-url provided): %s' % output)
#TODO:More cases for invalid url and admin user #TODO:More cases for invalid url and admin user
def testAddAccountWithoutSwauthPrep(self): def testAddAccountWithoutSwauthPrep(self):
@ -176,8 +184,15 @@ class TestAccount(unittest.TestCase):
(status,output)=Utils.addAccount('testinvalidkey',key='invalidkey') (status,output)=Utils.addAccount('testinvalidkey',key='invalidkey')
self.assertEqual('Account creation failed: 401 Unauthorized: Invalid user/key provided' \ self.assertEqual('Account creation failed: 401 Unauthorized: Invalid user/key provided' \
in output,True, 'Invalid account creation request accepted: '+output) in output,True, 'Invalid account creation request accepted: '+output)
#TODO:more cases?
(status,output)=Utils.addAccount('test2', authurl='http://127.0.0.1:80/auth/')
self.assertEqual('ECONNREFUSED' in output, True,
'Invalid account creation request accepted(wrong admin-url provided): %s' % output)
(status,output)=Utils.addAccount('test2', authurl='http://127.0.1:80/auth/')
self.assertEqual('No address associated with hostname' in output, True,
'Invalid account creation request accepted(wrong admin-url provided): %s' % output)
def testAddAccountNonSuperAdminUsers(self): def testAddAccountNonSuperAdminUsers(self):
#set test account with all types of user #set test account with all types of user
@ -229,7 +244,14 @@ class TestAccount(unittest.TestCase):
(status,output)=Utils.deleteAccount('accountdoesnotexist') (status,output)=Utils.deleteAccount('accountdoesnotexist')
self.assertNotEqual(status, 0, 'account deletion failed for accountdoesnotexist'+output) self.assertNotEqual(status, 0, 'account deletion failed for accountdoesnotexist'+output)
self.assertEqual('Delete account failed: 404 Not Found: Account accountdoesnotexist does not exist' in output,True, 'account deletion failed for test account'+output) self.assertEqual('Delete account failed: 404 Not Found: Account accountdoesnotexist does not exist' in output,True, 'account deletion failed for test account'+output)
#TODO:more cases
(status,output)=Utils.deleteAccount('test3', authurl='http://127.0.0.1:80/auth/')
self.assertEqual('ECONNREFUSED' in output, True,
'Invalid deletion request accepted(wrong admin-url provided): %s' % output)
(status,output)=Utils.deleteAccount('test3', authurl='http://127.0.1:80/auth/')
self.assertEqual('No address associated with hostname' in output, True,
'Invalid deletion request accepted(wrong admin-url provided): %s' % output)
def testDeleteAccountNonSuperAdminUsers(self): def testDeleteAccountNonSuperAdminUsers(self):
#set test account with all types of user #set test account with all types of user
@ -264,6 +286,14 @@ class TestAccount(unittest.TestCase):
'+----------+\n| Accounts |\n+----------+\n| test |\n+----------+', '+----------+\n| Accounts |\n+----------+\n| test |\n+----------+',
'swauth-list failed:\n%s' % output) 'swauth-list failed:\n%s' % output)
(status,output)=Utils.listAccounts(authurl='http://127.0.0.1:80/auth/')
self.assertEqual('ECONNREFUSED' in output, True,
'Invalid list request accepted(wrong admin-url provided): %s' % output)
(status,output)=Utils.listAccounts(authurl='http://127.0.1:80/auth/')
self.assertEqual('No address associated with hostname' in output, True,
'Invalid list request accepted(wrong admin-url provided): %s' % output)
(status,output)=Utils.listAccounts('-j') (status,output)=Utils.listAccounts('-j')
self.assertEqual(output, self.assertEqual(output,
'{"accounts": [{"name": "test"}]}', '{"accounts": [{"name": "test"}]}',
@ -293,7 +323,6 @@ class TestAccount(unittest.TestCase):
self.assertNotEqual(status, 0, 'account listing success with regular user: '+output) self.assertNotEqual(status, 0, 'account listing success with regular user: '+output)
self.assertEqual('403 Forbidden' in output,True, 'account listing success with regular user: '+output) self.assertEqual('403 Forbidden' in output,True, 'account listing success with regular user: '+output)
class TestUser(unittest.TestCase): class TestUser(unittest.TestCase):
def setUp(self): def setUp(self):
@ -348,7 +377,14 @@ class TestUser(unittest.TestCase):
(status,output) = Utils.addAdminUser('accountdoesnotexist', 'testcli', 'testcli') (status,output) = Utils.addAdminUser('accountdoesnotexist', 'testcli', 'testcli')
self.assertEqual(status, 0, 'User creation request failed, where accountdoesnotexist: '+output) self.assertEqual(status, 0, 'User creation request failed, where accountdoesnotexist: '+output)
#TODO: more test cases?
(status,output)=Utils.addAdminUser('test', 'admin2', 'adminpwd', authurl='http://127.0.0.1:80/auth/')
self.assertEqual('ECONNREFUSED' in output, True,
'Invalid add user request accepted(wrong admin-url provided): %s' % output)
(status,output)=Utils.addAdminUser('test', 'admin2', 'adminpwd', authurl='http://127.0.1:80/auth/')
self.assertEqual('No address associated with hostname' in output, True,
'Invalid add user request accepted(wrong admin-url provided): %s' % output)
def testAddUserNonSuperAdminUsers (self): def testAddUserNonSuperAdminUsers (self):
#setup test,testr accounts with all user types #setup test,testr accounts with all user types
@ -463,6 +499,13 @@ class TestUser(unittest.TestCase):
(status,output) = Utils.deleteUser('accountisnothere', 'testcli') (status,output) = Utils.deleteUser('accountisnothere', 'testcli')
self.assertNotEqual(status, 0, 'Invalid user deletion request accepted, accountdoesnotexist:'+output) self.assertNotEqual(status, 0, 'Invalid user deletion request accepted, accountdoesnotexist:'+output)
#TODO:more testcases? #TODO:more testcases?
(status,output)=Utils.deleteUser('test', 'admin2', authurl='http://127.0.0.1:80/auth/')
self.assertEqual('ECONNREFUSED' in output, True,
'Invalid delete user request accepted(wrong admin-url provided): %s' % output)
(status,output)=Utils.deleteUser('test', 'admin2', authurl='http://127.0.1:80/auth/')
self.assertEqual('No address associated with hostname' in output, True,
'Invalid delete user request accepted(wrong admin-url provided): %s' % output)
def testDeleteUserNonSuperAdminUsers(self): def testDeleteUserNonSuperAdminUsers(self):
#set test, test2 acc with all type of users #set test, test2 acc with all type of users