WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-api

[Xen-API] [PATCH] CA-36633: http server can also return 500 and 403

To: xen-api <xen-api@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-API] [PATCH] CA-36633: http server can also return 500 and 403
From: Marcus Granado <marcus.granado@xxxxxxxxxx>
Date: Wed, 17 Feb 2010 17:18:17 +0000
Delivery-date: Wed, 17 Feb 2010 09:18:16 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Marcus Granado <marcus.granado@xxxxxxxxxx>
# Date 1266426911 0
# Node ID 6d66c87993de600782428fecd670a43c8d67601e
# Parent  7031b543d1cf60a31a8ec04068ef525db8aad29c
CA-36633: http server can also return 500 and 403

Signed-off-by: Marcus Granado <marcus.granado@xxxxxxxxxxxxx>

diff -r 7031b543d1cf -r 6d66c87993de ocaml/database/master_connection.ml
--- a/ocaml/database/master_connection.ml       Wed Feb 17 17:15:11 2010 +0000
+++ b/ocaml/database/master_connection.ml       Wed Feb 17 17:15:11 2010 +0000
@@ -133,8 +133,8 @@
            write_ok := true;
            result := res (* yippeee! return and exit from while loop *)
       with
-      | Xmlrpcclient.Http_401_unauthorized ->
-         error "Received HTTP 401 unauthorized from master. This suggests our 
master address is wrong. Sleeping for %.0fs and then restarting." 
Xapi_globs.permanent_master_failure_retry_timeout;
+      | Xmlrpcclient.Http_error (http_code,err_msg) ->
+         error "Received HTTP error %s (%s) from master. This suggests our 
master address is wrong. Sleeping for %.0fs and then restarting." http_code 
err_msg Xapi_globs.permanent_master_failure_retry_timeout;
          Thread.delay Xapi_globs.permanent_master_failure_retry_timeout;
          exit Xapi_globs.restart_return_code
       |        _ ->
diff -r 7031b543d1cf -r 6d66c87993de ocaml/idl/ocaml_backend/xmlrpcclient.ml
--- a/ocaml/idl/ocaml_backend/xmlrpcclient.ml   Wed Feb 17 17:15:11 2010 +0000
+++ b/ocaml/idl/ocaml_backend/xmlrpcclient.ml   Wed Feb 17 17:15:11 2010 +0000
@@ -62,8 +62,13 @@
     to immediately close. *)
 exception Empty_response_from_server
 
-(** Thrown when we get an HTTP 401, e.g. if we supply the wrong credentials *)
-exception Http_401_unauthorized
+(** Thrown when we get a specific HTTP error, e.g. 
+               401 (unauthorized) if we supply the wrong credentials
+               403 (forbidden)    if RBAC denied access
+               500 (internal server error) if XAPI failed with an 
INTERNAL_ERROR,
+                     Api_server error, XMLRPC_UNMARSHAL_FAILURE error etc.
+ *)
+exception Http_error of string*string
 
 let input_line_fd (fd: Unix.file_descr) = 
   let buf = Buffer.create 20 in
@@ -153,8 +158,8 @@
                 end 
               end
         done
-     | _ :: "401" :: _ ->
-        raise Http_401_unauthorized
+     | _ :: (("401"|"403"|"500") as http_code) :: _ ->
+       raise (Http_error (http_code,error_msg))
      | _ -> 
         debug "Read unknown response response: %s" line;
         raise Not_found
@@ -189,6 +194,8 @@
   let line = Buf_io.input_line ?timeout buf in
   match String.split_f String.isspace line with
   | _ :: "200" :: _ -> read_http_headers ?timeout buf 
+  | _ :: (("401"|"403"|"500") as http_code) :: _ ->
+      raise (Http_error (http_code,error_msg))
   | _ ->
       warn "http_rpc_recv_response_timeout: unknown response: %s" line;
       raise (Http_request_rejected error_msg)
diff -r 7031b543d1cf -r 6d66c87993de ocaml/idl/ocaml_backend/xmlrpcclient.mli
--- a/ocaml/idl/ocaml_backend/xmlrpcclient.mli  Wed Feb 17 17:15:11 2010 +0000
+++ b/ocaml/idl/ocaml_backend/xmlrpcclient.mli  Wed Feb 17 17:15:11 2010 +0000
@@ -15,8 +15,13 @@
     parse enough of the response to be sure... but it was non-empty at least) 
*)
 exception Http_request_rejected of string
 
-(** Thrown when we get an HTTP 401, e.g. if we supply the wrong credentials *)
-exception Http_401_unauthorized
+(** Thrown when we get a specific HTTP error, e.g.                             
             
+    401 (unauthorized) if we supply the wrong credentials
+    403 (forbidden)    if RBAC denied access                             
+    500 (internal server error) if XAPI failed with an INTERNAL_ERROR,
+          Api_server error, XMLRPC_UNMARSHAL_FAILURE error etc.
+*)
+exception Http_error of string*string
 
 exception Content_length_required
 
diff -r 7031b543d1cf -r 6d66c87993de ocaml/xapi/quicktest_http.ml
--- a/ocaml/xapi/quicktest_http.ml      Wed Feb 17 17:15:11 2010 +0000
+++ b/ocaml/xapi/quicktest_http.ml      Wed Feb 17 17:15:11 2010 +0000
@@ -93,7 +93,7 @@
                "Tests that invalid pool secrets are rejected."
                begin fun () ->
                        assert_raises_match
-                               (function Xmlrpcclient.Http_401_unauthorized _ 
-> true | _ -> false)
+                               (function Xmlrpcclient.Http_error _ -> true | _ 
-> false)
                                (fun () -> http invalid_pool_secret "" (fun _ _ 
_ -> ()))
                end
 
@@ -101,7 +101,7 @@
                "Tests that invalid basic authentication fails."
                begin fun () ->
                        assert_raises_match
-                               (function Xmlrpcclient.Http_request_rejected _ 
-> true | _ -> false)
+                               (function Xmlrpcclient.Http_error _ -> true | 
Xmlrpcclient.Http_request_rejected _ -> true | _ -> false)
                                (fun () -> http invalid_basicauth "" (fun _ _ _ 
-> ()))
                end
 
diff -r 7031b543d1cf -r 6d66c87993de ocaml/xapi/workload_balancing.ml
--- a/ocaml/xapi/workload_balancing.ml  Wed Feb 17 17:15:11 2010 +0000
+++ b/ocaml/xapi/workload_balancing.ml  Wed Feb 17 17:15:11 2010 +0000
@@ -294,7 +294,7 @@
   with
     | Remote_requests.Timed_out ->
         raise_timeout timeout
-    | Xmlrpcclient.Http_request_rejected _ ->
+    | Xmlrpcclient.Http_request_rejected _ | Xmlrpcclient.Http_error _ ->
         raise_authentication_failed ()
     | Xmlrpcclient.Connection_reset ->
         raise_connection_reset ()
diff -r 7031b543d1cf -r 6d66c87993de ocaml/xapi/xapi_pool.ml
--- a/ocaml/xapi/xapi_pool.ml   Wed Feb 17 17:15:11 2010 +0000
+++ b/ocaml/xapi/xapi_pool.ml   Wed Feb 17 17:15:11 2010 +0000
@@ -515,7 +515,7 @@
        let rpc = rpc master_address in
        let session_id =
        try Client.Session.login_with_password rpc master_username 
master_password Xapi_globs.api_version_string
-               with Xmlrpcclient.Http_request_rejected _ ->
+               with Xmlrpcclient.Http_request_rejected _ | 
Xmlrpcclient.Http_error _ ->
                        raise 
(Api_errors.Server_error(Api_errors.pool_joining_host_service_failed, [])) in
 
        let cluster_secret = ref "" in
6 files changed, 24 insertions(+), 12 deletions(-)
ocaml/database/master_connection.ml      |    4 ++--
ocaml/idl/ocaml_backend/xmlrpcclient.ml  |   15 +++++++++++----
ocaml/idl/ocaml_backend/xmlrpcclient.mli |    9 +++++++--
ocaml/xapi/quicktest_http.ml             |    4 ++--
ocaml/xapi/workload_balancing.ml         |    2 +-
ocaml/xapi/xapi_pool.ml                  |    2 +-


Attachment: xen-api.hg.patch
Description: Text Data

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-API] [PATCH] CA-36633: http server can also return 500 and 403, Marcus Granado <=