From: Jason Dillaman Date: Sun, 27 Oct 2019 19:56:34 +0000 (-0400) Subject: pybind/mgr: use custom exception to handle authorization failures X-Git-Tag: v14.2.8~20^2~55^2~1 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=b81b01b9b019bdacc274bdd39c34e336a578fdce;p=ceph.git pybind/mgr: use custom exception to handle authorization failures Python2 does not include the PermissionError exception so use a custom exception to support both versions. Signed-off-by: Jason Dillaman (cherry picked from commit 7683f5f259bbeb6fcfc6a18c8e1a9551e068e847) --- diff --git a/src/pybind/mgr/rbd_support/module.py b/src/pybind/mgr/rbd_support/module.py index faa6c5446c8..6b1421221e1 100644 --- a/src/pybind/mgr/rbd_support/module.py +++ b/src/pybind/mgr/rbd_support/module.py @@ -82,6 +82,10 @@ TASK_RETRY_INTERVAL = timedelta(seconds=30) MAX_COMPLETED_TASKS = 50 +class NotAuthorizedError(Exception): + pass + + def is_authorized(module, pool, namespace): return module.is_authorized({"pool": pool or '', "namespace": namespace or ''}) @@ -89,7 +93,7 @@ def is_authorized(module, pool, namespace): def authorize_request(module, pool, namespace): if not is_authorized(module, pool, namespace): - raise PermissionError("not authorized on pool={}, namespace={}".format( + raise NotAuthorizedError("not authorized on pool={}, namespace={}".format( pool, namespace)) @@ -1368,6 +1372,8 @@ class Module(MgrModule): elif prefix.startswith('rbd task '): return self.task.handle_command(inbuf, prefix[9:], cmd) + except NotAuthorizedError: + raise except Exception as ex: # log the full traceback but don't send it to the CLI user self.log.fatal("Fatal runtime error: {}\n{}".format( @@ -1384,7 +1390,7 @@ class Module(MgrModule): return -errno.ENOENT, "", str(ex) except ValueError as ex: return -errno.EINVAL, "", str(ex) - except PermissionError as ex: + except NotAuthorizedError as ex: return -errno.EACCES, "", str(ex) raise NotImplementedError(cmd['prefix'])