RPC API: Add an InvalidTenant exception

Change-Id: I0bd91c3ba15166d728f9e0570f787fdcc6a1cdc6
Signed-off-by: Zane Bitter <zbitter@redhat.com>

diff --git a/heat/api/aws/exception.py b/heat/api/aws/exception.py
index 9dca5ec23b8bda39da0a58e91997e8228a9eb38f..87ff9e37df825f0bac0253b041e5c054ba815ad2 100644 (file)
--- a/heat/api/aws/exception.py
+++ b/heat/api/aws/exception.py
@@ -246,6 +246,7 @@ def map_remote_error(ex):
         inval_param_errors = (
             'AttributeError',
             'ValueError',
+            'InvalidTenant',
         )
 
         if ex.exc_type in inval_param_errors:

diff --git a/heat/api/openstack/v1/util.py b/heat/api/openstack/v1/util.py
index 73eb8444d973740a1a7a1c608c34af5eafaa1184..55f6d459a2db475a9ce5de1171c2bf58f5dcd0b1 100644 (file)
--- a/heat/api/openstack/v1/util.py
+++ b/heat/api/openstack/v1/util.py
@@ -91,6 +91,7 @@ def remote_error(ex, force_exists=False):
     error_map = {
         'AttributeError': client_error,
         'ValueError': client_error,
+        'InvalidTenant': exc.HTTPForbidden,
     }
 
     Exc = error_map.get(ex.exc_type, exc.HTTPInternalServerError)

diff --git a/heat/common/exception.py b/heat/common/exception.py
index 5d0454a2393c4ddc36b0387a1684e5e32e606a3f..22cd6fff0f6501fdb1f5a1340e0ba7e6170eac9f 100644 (file)
--- a/heat/common/exception.py
+++ b/heat/common/exception.py
@@ -202,3 +202,8 @@ class UserKeyPairMissing(OpenstackException):
 
 class ImageNotFound(OpenstackException):
     message = _("The Image (%(image_name)s) could not be found.")
+
+
+class InvalidTenant(OpenstackException):
+    message = _("Searching Tenant %(target)s "
+                "from Tenant %(actual)s forbidden.")

diff --git a/heat/engine/service.py b/heat/engine/service.py
index 166f7a98e47693a04dc371fd1654c099ccfea99b..c699540947af52fa79a799cc83332b9f5c8c1c9c 100644 (file)
--- a/heat/engine/service.py
+++ b/heat/engine/service.py
@@ -128,7 +128,8 @@ class EngineService(service.Service):
         identity = identifier.HeatIdentifier(**stack_identity)
 
         if identity.tenant != context.tenant_id:
-            raise AttributeError('Invalid tenant')
+            raise exception.InvalidTenant(target=identity.tenant,
+                                          actual=context.tenant_id)
 
         s = db_api.stack_get(context, identity.stack_id)
 

diff --git a/heat/tests/test_api_cfn_v1.py b/heat/tests/test_api_cfn_v1.py
index 4474f538ffb3b9d2af867cb3f3761463dedf3f28..a2031a5372e2d2db0474e6d7ef348d7466ffbe63 100644 (file)
--- a/heat/tests/test_api_cfn_v1.py
+++ b/heat/tests/test_api_cfn_v1.py
@@ -315,6 +315,28 @@ class StackControllerTest(unittest.TestCase):
 
         self.assertEqual(response, expected)
 
+    def test_describe_arn_invalidtenant(self):
+        # Format a dummy GET request to pass into the WSGI handler
+        stack_name = u"wordpress"
+        stack_identifier = identifier.HeatIdentifier('wibble', stack_name, '6')
+        identity = dict(stack_identifier)
+        params = {'Action': 'DescribeStacks',
+                  'StackName': stack_identifier.arn()}
+        dummy_req = self._dummy_GET_request(params)
+
+        self.m.StubOutWithMock(rpc, 'call')
+        rpc.call(dummy_req.context, self.topic,
+                 {'method': 'show_stack',
+                  'args': {'stack_identity': identity},
+                  'version': self.api_version},
+                 None).AndRaise(rpc_common.RemoteError("InvalidTenant"))
+
+        self.m.ReplayAll()
+
+        result = self.controller.describe(dummy_req)
+        self.assertEqual(type(result),
+                         exception.HeatInvalidParameterValueError)
+
     def test_describe_aterr(self):
         stack_name = "wordpress"
         identity = dict(identifier.HeatIdentifier('t', stack_name, '6'))

diff --git a/heat/tests/test_api_openstack_v1.py b/heat/tests/test_api_openstack_v1.py
index 04cb100aef45e2afb112e10771e822779faa75cb..801cf14e355fda00c7005aca102282cb108a725f 100644 (file)
--- a/heat/tests/test_api_openstack_v1.py
+++ b/heat/tests/test_api_openstack_v1.py
@@ -578,6 +578,26 @@ class StackControllerTest(ControllerTest, unittest.TestCase):
                           stack_id=identity.stack_id)
         self.m.VerifyAll()
 
+    def test_show_invalidtenant(self):
+        identity = identifier.HeatIdentifier('wibble', 'wordpress', '6')
+
+        req = self._get('/stacks/%(stack_name)s/%(stack_id)s' % identity)
+
+        self.m.StubOutWithMock(rpc, 'call')
+        rpc.call(req.context, self.topic,
+                 {'method': 'show_stack',
+                  'args': {'stack_identity': dict(identity)},
+                  'version': self.api_version},
+                 None).AndRaise(rpc_common.RemoteError("InvalidTenant"))
+        self.m.ReplayAll()
+
+        self.assertRaises(webob.exc.HTTPForbidden,
+                          self.controller.show,
+                          req, tenant_id=identity.tenant,
+                          stack_name=identity.stack_name,
+                          stack_id=identity.stack_id)
+        self.m.VerifyAll()
+
     def test_get_template(self):
         identity = identifier.HeatIdentifier(self.tenant, 'wordpress', '6')
         req = self._get('/stacks/%(stack_name)s/%(stack_id)s' % identity)

diff --git a/heat/tests/test_engine_service.py b/heat/tests/test_engine_service.py
index 1c3b077db06772bcfd55177ed96f52a33e120f52..638c2fe4b82b02f9a2c95adfed44295e4bb0c9b7 100644 (file)
--- a/heat/tests/test_engine_service.py
+++ b/heat/tests/test_engine_service.py
@@ -496,6 +496,13 @@ class stackServiceTest(unittest.TestCase):
                           self.man.show_stack,
                           self.ctx, nonexist)
 
+    def test_stack_describe_bad_tenant(self):
+        nonexist = dict(self.stack_identity)
+        nonexist['tenant'] = 'wibble'
+        self.assertRaises(exception.InvalidTenant,
+                          self.man.show_stack,
+                          self.ctx, nonexist)
+
     def test_stack_describe(self):
         sl = self.man.show_stack(self.ctx, self.stack_identity)