Only send traceback to users when in debug mode

API services currently send the traceback to clients. While the client
hides it from user view, it is still present in the response, exposing
the service to details of the engine that administrators likely would
not like to have exposed.

Fixes bug #1210623

Change-Id: I554ba24b7ac9166e28a8a0a10f566ed9cfa03014

diff --git a/heat/api/middleware/fault.py b/heat/api/middleware/fault.py
index ef3a685a0cd9b2b42295914988152c597890d943..42656d14d766b367fa5825d7834d4b60e8fcc8e5 100644 (file)
--- a/heat/api/middleware/fault.py
+++ b/heat/api/middleware/fault.py
@@ -22,6 +22,9 @@ Cinder's faultwrapper
 
 import traceback
 import webob
+from oslo.config import cfg
+
+cfg.CONF.import_opt('debug', 'heat.openstack.common.log')
 
 from heat.common import exception
 from heat.openstack.common import log as logging
@@ -80,7 +83,8 @@ class FaultWrapper(wsgi.Middleware):
         if isinstance(ex, exception.HTTPExceptionDisguise):
             # An HTTP exception was disguised so it could make it here
             # let's remove the disguise and set the original HTTP exception
-            trace = ''.join(traceback.format_tb(ex.tb))
+            if cfg.CONF.debug:
+                trace = ''.join(traceback.format_tb(ex.tb))
             ex = ex.exc
             webob_exc = ex
 
@@ -91,7 +95,7 @@ class FaultWrapper(wsgi.Middleware):
 
         message = str(ex.message)
 
-        if not trace:
+        if cfg.CONF.debug and not trace:
             trace = str(ex)
             if trace.find('\n') > -1:
                 unused, trace = trace.split('\n', 1)

diff --git a/heat/tests/test_api_openstack_v1.py b/heat/tests/test_api_openstack_v1.py
index 8921ab1bfe18982c75684410497f96fef382d47a..8f4197038e096cd2eca9a0cc6419e4529d5b2ae2 100644 (file)
--- a/heat/tests/test_api_openstack_v1.py
+++ b/heat/tests/test_api_openstack_v1.py
@@ -647,6 +647,7 @@ class StackControllerTest(ControllerTest, HeatTestCase):
         self.m.VerifyAll()
 
     def test_create_err_stack_bad_reqest(self):
+        cfg.CONF.set_override('debug', True)
         template = {u'Foo': u'bar'}
         parameters = {u'InstanceType': u'm1.xlarge'}
         body = {'template': template,

diff --git a/heat/tests/test_fault_middleware.py b/heat/tests/test_fault_middleware.py
index b114b1a5c26fde3561ebe4ee9ae3b3e676e7ac8a..9fe55191ec513ddb1adc1c1aaa78d2b42cdc5eb0 100644 (file)
--- a/heat/tests/test_fault_middleware.py
+++ b/heat/tests/test_fault_middleware.py
@@ -27,7 +27,7 @@ class FaultMiddlewareTest(HeatTestCase):
         msg = wrapper._error(heat_exc.StackNotFound(stack_name='a'))
         expected = {'code': 404,
                     'error': {'message': 'The Stack (a) could not be found.',
-                              'traceback': 'None\n',
+                              'traceback': None,
                               'type': 'StackNotFound'},
                     'explanation': 'The resource could not be found.',
                     'title': 'Not Found'}
@@ -39,7 +39,7 @@ class FaultMiddlewareTest(HeatTestCase):
         expected = {'code': 500,
                     'error': {'message': 'Response from Keystone does '
                                          'not contain a Heat endpoint.',
-                              'traceback': 'None\n',
+                              'traceback': None,
                               'type': 'NoServiceEndpoint'},
                     'explanation': 'The server has either erred or is '
                                    'incapable of performing the requested '
@@ -48,6 +48,8 @@ class FaultMiddlewareTest(HeatTestCase):
         self.assertEqual(msg, expected)
 
     def test_remote_exception(self):
+        # We want tracebacks
+        cfg.CONF.set_override('debug', True)
         error = heat_exc.StackNotFound(stack_name='a')
         exc_info = (type(error), error, None)
         serialized = rpc_common.serialize_remote_exception(exc_info)