← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1473556] [NEW] Error log is generated when API operation is PolicyNotAuthorized and returns 404

 

Public bug reported:

neutron.policy module can raises webob.exc.HTTPNotFound when
PolicyNotAuthorized is raised. In this case, neutron.api.resource
outputs a log with error level. It should be INFO level as it occurs by
user API requests.

One of the easiest way is to reproduce this bug is as follows:

(1) create a shared network by admin user
(2) try to delete the shared network by regular user

(A regular user can know a ID of the shared network, so the user can
request to delete the shared network.)

As a result we get the following log.
It is confusing from the point of log monitoring.

2015-07-11 05:28:33.914 DEBUG neutron.policy [req-5aef6df6-1fb7-4187-9980-4e41fc648ad7 demo 1e942c3c210b42ff8c45f42962da33b4] Enforcing rules: ['delete_network', 'delete_network:provider:physical_network
', 'delete_network:shared', 'delete_network:provider:network_type', 'delete_network:provider:segmentation_id'] from (pid=1439) log_rule_list /opt/stack/neutron/neutron/policy.py:319
2015-07-11 05:28:33.914 DEBUG neutron.policy [req-5aef6df6-1fb7-4187-9980-4e41fc648ad7 demo 1e942c3c210b42ff8c45f42962da33b4] Failed policy check for 'delete_network' from (pid=1439) enforce /opt/stack/n
eutron/neutron/policy.py:393
2015-07-11 05:28:33.914 ERROR neutron.api.v2.resource [req-5aef6df6-1fb7-4187-9980-4e41fc648ad7 demo 1e942c3c210b42ff8c45f42962da33b4] delete failed
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource Traceback (most recent call last):
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource   File "/opt/stack/neutron/neutron/api/v2/resource.py", line 83, in resource
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource     result = method(request=request, **args)
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource   File "/usr/local/lib/python2.7/dist-packages/oslo_db/api.py", line 146, in wrapper
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource     ectxt.value = e.inner_exc
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource   File "/usr/local/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 119, in __exit__
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource     six.reraise(self.type_, self.value, self.tb)
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource   File "/usr/local/lib/python2.7/dist-packages/oslo_db/api.py", line 136, in wrapper
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource     return f(*args, **kwargs)
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource   File "/opt/stack/neutron/neutron/api/v2/base.py", line 495, in delete
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource     raise webob.exc.HTTPNotFound(msg)
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource HTTPNotFound: The resource could not be found.
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource

** Affects: neutron
     Importance: Low
     Assignee: Akihiro Motoki (amotoki)
         Status: In Progress


** Tags: api

** Changed in: neutron
   Importance: Medium => Low

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1473556

Title:
  Error log is generated when API operation is PolicyNotAuthorized and
  returns 404

Status in neutron:
  In Progress

Bug description:
  neutron.policy module can raises webob.exc.HTTPNotFound when
  PolicyNotAuthorized is raised. In this case, neutron.api.resource
  outputs a log with error level. It should be INFO level as it occurs
  by user API requests.

  One of the easiest way is to reproduce this bug is as follows:

  (1) create a shared network by admin user
  (2) try to delete the shared network by regular user

  (A regular user can know a ID of the shared network, so the user can
  request to delete the shared network.)

  As a result we get the following log.
  It is confusing from the point of log monitoring.

  2015-07-11 05:28:33.914 DEBUG neutron.policy [req-5aef6df6-1fb7-4187-9980-4e41fc648ad7 demo 1e942c3c210b42ff8c45f42962da33b4] Enforcing rules: ['delete_network', 'delete_network:provider:physical_network
  ', 'delete_network:shared', 'delete_network:provider:network_type', 'delete_network:provider:segmentation_id'] from (pid=1439) log_rule_list /opt/stack/neutron/neutron/policy.py:319
  2015-07-11 05:28:33.914 DEBUG neutron.policy [req-5aef6df6-1fb7-4187-9980-4e41fc648ad7 demo 1e942c3c210b42ff8c45f42962da33b4] Failed policy check for 'delete_network' from (pid=1439) enforce /opt/stack/n
  eutron/neutron/policy.py:393
  2015-07-11 05:28:33.914 ERROR neutron.api.v2.resource [req-5aef6df6-1fb7-4187-9980-4e41fc648ad7 demo 1e942c3c210b42ff8c45f42962da33b4] delete failed
  2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource Traceback (most recent call last):
  2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource   File "/opt/stack/neutron/neutron/api/v2/resource.py", line 83, in resource
  2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource     result = method(request=request, **args)
  2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource   File "/usr/local/lib/python2.7/dist-packages/oslo_db/api.py", line 146, in wrapper
  2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource     ectxt.value = e.inner_exc
  2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource   File "/usr/local/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 119, in __exit__
  2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource     six.reraise(self.type_, self.value, self.tb)
  2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource   File "/usr/local/lib/python2.7/dist-packages/oslo_db/api.py", line 136, in wrapper
  2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource     return f(*args, **kwargs)
  2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource   File "/opt/stack/neutron/neutron/api/v2/base.py", line 495, in delete
  2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource     raise webob.exc.HTTPNotFound(msg)
  2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource HTTPNotFound: The resource could not be found.
  2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1473556/+subscriptions


Follow ups