yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #35221
[Bug 1473556] [NEW] Error log is generated when API operation is PolicyNotAuthorized and returns 404
Public bug reported:
neutron.policy module can raises webob.exc.HTTPNotFound when
PolicyNotAuthorized is raised. In this case, neutron.api.resource
outputs a log with error level. It should be INFO level as it occurs by
user API requests.
One of the easiest way is to reproduce this bug is as follows:
(1) create a shared network by admin user
(2) try to delete the shared network by regular user
(A regular user can know a ID of the shared network, so the user can
request to delete the shared network.)
As a result we get the following log.
It is confusing from the point of log monitoring.
2015-07-11 05:28:33.914 DEBUG neutron.policy [req-5aef6df6-1fb7-4187-9980-4e41fc648ad7 demo 1e942c3c210b42ff8c45f42962da33b4] Enforcing rules: ['delete_network', 'delete_network:provider:physical_network
', 'delete_network:shared', 'delete_network:provider:network_type', 'delete_network:provider:segmentation_id'] from (pid=1439) log_rule_list /opt/stack/neutron/neutron/policy.py:319
2015-07-11 05:28:33.914 DEBUG neutron.policy [req-5aef6df6-1fb7-4187-9980-4e41fc648ad7 demo 1e942c3c210b42ff8c45f42962da33b4] Failed policy check for 'delete_network' from (pid=1439) enforce /opt/stack/n
eutron/neutron/policy.py:393
2015-07-11 05:28:33.914 ERROR neutron.api.v2.resource [req-5aef6df6-1fb7-4187-9980-4e41fc648ad7 demo 1e942c3c210b42ff8c45f42962da33b4] delete failed
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource Traceback (most recent call last):
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource File "/opt/stack/neutron/neutron/api/v2/resource.py", line 83, in resource
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource result = method(request=request, **args)
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource File "/usr/local/lib/python2.7/dist-packages/oslo_db/api.py", line 146, in wrapper
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource ectxt.value = e.inner_exc
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource File "/usr/local/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 119, in __exit__
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource six.reraise(self.type_, self.value, self.tb)
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource File "/usr/local/lib/python2.7/dist-packages/oslo_db/api.py", line 136, in wrapper
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource return f(*args, **kwargs)
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource File "/opt/stack/neutron/neutron/api/v2/base.py", line 495, in delete
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource raise webob.exc.HTTPNotFound(msg)
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource HTTPNotFound: The resource could not be found.
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource
** Affects: neutron
Importance: Low
Assignee: Akihiro Motoki (amotoki)
Status: In Progress
** Tags: api
** Changed in: neutron
Importance: Medium => Low
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1473556
Title:
Error log is generated when API operation is PolicyNotAuthorized and
returns 404
Status in neutron:
In Progress
Bug description:
neutron.policy module can raises webob.exc.HTTPNotFound when
PolicyNotAuthorized is raised. In this case, neutron.api.resource
outputs a log with error level. It should be INFO level as it occurs
by user API requests.
One of the easiest way is to reproduce this bug is as follows:
(1) create a shared network by admin user
(2) try to delete the shared network by regular user
(A regular user can know a ID of the shared network, so the user can
request to delete the shared network.)
As a result we get the following log.
It is confusing from the point of log monitoring.
2015-07-11 05:28:33.914 DEBUG neutron.policy [req-5aef6df6-1fb7-4187-9980-4e41fc648ad7 demo 1e942c3c210b42ff8c45f42962da33b4] Enforcing rules: ['delete_network', 'delete_network:provider:physical_network
', 'delete_network:shared', 'delete_network:provider:network_type', 'delete_network:provider:segmentation_id'] from (pid=1439) log_rule_list /opt/stack/neutron/neutron/policy.py:319
2015-07-11 05:28:33.914 DEBUG neutron.policy [req-5aef6df6-1fb7-4187-9980-4e41fc648ad7 demo 1e942c3c210b42ff8c45f42962da33b4] Failed policy check for 'delete_network' from (pid=1439) enforce /opt/stack/n
eutron/neutron/policy.py:393
2015-07-11 05:28:33.914 ERROR neutron.api.v2.resource [req-5aef6df6-1fb7-4187-9980-4e41fc648ad7 demo 1e942c3c210b42ff8c45f42962da33b4] delete failed
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource Traceback (most recent call last):
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource File "/opt/stack/neutron/neutron/api/v2/resource.py", line 83, in resource
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource result = method(request=request, **args)
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource File "/usr/local/lib/python2.7/dist-packages/oslo_db/api.py", line 146, in wrapper
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource ectxt.value = e.inner_exc
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource File "/usr/local/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 119, in __exit__
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource six.reraise(self.type_, self.value, self.tb)
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource File "/usr/local/lib/python2.7/dist-packages/oslo_db/api.py", line 136, in wrapper
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource return f(*args, **kwargs)
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource File "/opt/stack/neutron/neutron/api/v2/base.py", line 495, in delete
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource raise webob.exc.HTTPNotFound(msg)
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource HTTPNotFound: The resource could not be found.
2015-07-11 05:28:33.914 TRACE neutron.api.v2.resource
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1473556/+subscriptions
Follow ups
