Skip to content

Commit

Permalink
analytics-api throws Internal Server Error for non-admin user
Browse files Browse the repository at this point in the history 
1) user_token was referenced before initialization causing analytics-api to
throw exception.

2) Fix the issue in vnc-api that if an invalid/expired user-token is passed,
   then it shouldn't retry with the admin user token.

Change-Id: I8ce47116f6421ee33971ea4e5fdd23f2ed5c408a
Closes-Bug: #1731182
  • Loading branch information
Sundaresan Rajangam committed Nov 10, 2017
1 parent 55d42bd commit 5d98f66
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
1 change: 1 addition & 0 deletions src/api-lib/vnc_api.py
View file
Expand Up @@ -912,6 +912,7 @@ def _request(self, op, url, data=None, retry_on_error=True,
if user_token:
headers = self._headers.copy()
headers['X-AUTH-TOKEN'] = user_token
retry_after_authn = True
try:
if (op == rest.OP_GET):
(status, content) = self._http_get(
Expand Down
9 changes: 8 additions & 1 deletion src/opserver/opserver.py
View file
Expand Up @@ -441,6 +441,7 @@ def _impl(self, *f_args, **f_kwargs):
headers = self._reject_auth_headers())
else:
bottle.request.is_role_cloud_admin = is_cloud_admin
bottle.request.user_token = user_token
bottle.request.user_token_info = user_token_info
if only_cloud_admin and not is_cloud_admin:
raise bottle.HTTPResponse(status = 401,
Expand Down Expand Up @@ -470,6 +471,12 @@ def get_user_token_info(self, token_info):
return None
# end get_user_token_info

def get_user_token(self):
if self._args.auth_conf_info.get('aaa_auth_enabled') and \
bottle.request.app == bottle.app():
return bottle.request.user_token
# end get_user_token

"""
returns the list of resources for which user has permissions
returns None if user is cloud-admin or if mode is no-auth
Expand All @@ -493,7 +500,7 @@ def get_resource_list(self, obj_type):
if self._args.aaa_mode == AAA_MODE_RBAC and \
bottle.request.app == bottle.app():
res_list = self._vnc_api_client.get_resource_list(obj_type,\
user_token)
self.get_user_token())
if res_list is None:
return None
user_accessible_resources = set()
Expand Down

0 comments on commit 5d98f66

Please sign in to comment.