Narrow expected responses for CheckUserInGroup

When checking whether a given user is in a given group, keystone will return a 404 Not Found if all went well but the user was not in the group. It may also return a 403 if the user and the group are in different backends, which would also mean that the user was not in the group[1]. Any other 400 response is a client error and any 500 response is a server error to which the user should be alerted. Without this patch, openstackclient treats any exception as a valid "not found" and may end up hiding server errors. This patch reduces the caught exceptions to 403 and 404 responses and treats everything else as an error. [1] https://developer.openstack.org/api-ref/identity/v3/?expanded=check-whether-user-belongs-to-group-detail#check-whether-user-belongs-to-group Closes-bug: #1672634 Change-Id: Id3f3b2409b7cee480ee3c19b6d6c3070599ffe8f
2017-03-14 01:24:31 +01:00 · 2017-03-14 01:24:31 +01:00 · 853ea5ab59
parent 4a19f6753b
commit 853ea5ab59
3 changed files with 31 additions and 6 deletions
--- a/openstackclient/identity/v3/group.py
+++ b/openstackclient/identity/v3/group.py
@ -102,12 +102,15 @@ class CheckUserInGroup(command.Command):

        try:
            identity_client.users.check_in_group(user_id, group_id)
-        except Exception:
-            msg = _("%(user)s not in group %(group)s\n") % {
-                'user': parsed_args.user,
-                'group': parsed_args.group,
-            }
-            sys.stderr.write(msg)
+        except ks_exc.http.HTTPClientError as e:
+            if e.http_status == 403 or e.http_status == 404:
+                msg = _("%(user)s not in group %(group)s\n") % {
+                    'user': parsed_args.user,
+                    'group': parsed_args.group,
+                }
+                sys.stderr.write(msg)
+            else:
+                raise e
        else:
            msg = _("%(user)s in group %(group)s\n") % {
                'user': parsed_args.user,
--- a/openstackclient/tests/unit/identity/v3/test_group.py
+++ b/openstackclient/tests/unit/identity/v3/test_group.py
@ -115,6 +115,23 @@ class TestGroupCheckUser(TestGroup):
            self.user.id, self.group.id)
        self.assertIsNone(result)

+    def test_group_check_user_server_error(self):
+        def server_error(*args):
+            raise ks_exc.http.InternalServerError
+        self.users_mock.check_in_group.side_effect = server_error
+        arglist = [
+            self.group.name,
+            self.user.name,
+        ]
+        verifylist = [
+            ('group', self.group.name),
+            ('user', self.user.name),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        self.assertRaises(ks_exc.http.InternalServerError,
+                          self.cmd.take_action, parsed_args)
+

 class TestGroupCreate(TestGroup):

--- a/releasenotes/notes/bug-1672634-ef754cb5109dd0f2.yaml
+++ b/releasenotes/notes/bug-1672634-ef754cb5109dd0f2.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Narrow acceptable negative response codes for ``group contains user``
+    [Bug `1672634 <https://bugs.launchpad.net/python-openstackclient/+bug/1672634>`_]