Better error messages when using the API, index and registry

2014-01-24 14:12:04 -05:00 · 2014-01-24 14:12:04 -05:00 · 98109a28cd
commit 98109a28cd
parent 335733ad68
4 changed files with 142 additions and 102 deletions
--- a/endpoints/registry.py
+++ b/endpoints/registry.py
@ -1,7 +1,7 @@
 import logging
 import json

-from flask import (make_response, request, session, Response, abort,
+from flask import (make_response, request, session, Response, abort as flask_abort,
                   redirect, Blueprint)
 from functools import wraps
 from datetime import datetime
@ -10,7 +10,7 @@ from time import time
 from data.queue import image_diff_queue

 from app import app
-from auth.auth import process_auth, extract_namespace_repo_from_session
+from auth.auth import process_auth, extract_namespace_repo_from_session, get_authenticated_user, get_validated_token
 from util import checksums, changes
 from auth.permissions import (ReadRepositoryPermission,
                              ModifyRepositoryPermission)
@ -21,6 +21,38 @@ registry = Blueprint('registry', __name__)
 store = app.config['STORAGE']
 logger = logging.getLogger(__name__)

+DEFAULT_MESSAGE = {}
+DEFAULT_MESSAGE[400] = 'Invalid Request'
+DEFAULT_MESSAGE[403] = 'Forbidden'
+DEFAULT_MESSAGE[404] = 'Not Found'
+
+@registry.errorhandler(404)
+def fallback_not_found(e):
+  return make_response('Not Found', 404)
+
+@registry.errorhandler(403)
+def fallback_forbidden(e):
+  return make_response('Forbidden', 403)
+
+@registry.errorhandler(400)
+def fallback_invalid_request(e):
+  return make_response('Invalid Request', 400)
+
+def abort(status_code, message=None, **kwargs):
+  if status_code == 403 and not message:
+    # Create a default error message for auth failure.
+    message = 'Forbidden. '
+    auth_user = get_authenticated_user()
+    auth_token = get_validated_token()
+    if auth_user:
+      message = message + 'Current user: ' + auth_user
+    elif auth_token:
+      message = message + 'Current token: ' + auth_token
+
+  message = message % kwargs if message else DEFAULT_MESSAGE[status_code] 
+  log.error('Error %s: %s' % (status_code, message))
+  flask_abort(make_response(HTTPException(message), status_code, headers))
+  

 class SocketReader(object):
  def __init__(self, fp):
@ -45,8 +77,8 @@ def require_completion(f):
  def wrapper(namespace, repository, *args, **kwargs):
    if store.exists(store.image_mark_path(namespace, repository,
                                          kwargs['image_id'])):
-      logger.warning('Image is already being uploaded: %s', kwargs['image_id'])
-      abort(400)  # 'Image is being uploaded, retry later')
+      abort(400, 'Image %(image_id)s is being uploaded, retry later', image_id=kwargs['image_id'])
+
    return f(namespace, repository, *args, **kwargs)
  return wrapper

@ -90,9 +122,8 @@ def get_image_layer(namespace, repository, image_id, headers):
    try:
      return Response(store.stream_read(path), headers=headers)
    except IOError:
-      logger.warning('Image not found: %s', image_id)
-      abort(404)  # 'Image not found', 404)
-
+      abort(404, 'Image %(image_id)s not found', image_id=image_id)
+  
  abort(403)


@ -108,11 +139,11 @@ def put_image_layer(namespace, repository, image_id):
    json_data = store.get_content(store.image_json_path(namespace, repository,
                                                        image_id))
  except IOError:
-    abort(404)  # 'Image not found', 404)
+    abort(404, 'Image not found')
  layer_path = store.image_layer_path(namespace, repository, image_id)
  mark_path = store.image_mark_path(namespace, repository, image_id)
  if store.exists(layer_path) and not store.exists(mark_path):
-    abort(409)  # 'Image already exists', 409)
+    abort(409, 'Image already exists')
  input_stream = request.stream
  if request.headers.get('transfer-encoding') == 'chunked':
    # Careful, might work only with WSGI servers supporting chunked
@ -151,7 +182,8 @@ def put_image_layer(namespace, repository, image_id):
  # We check if the checksums provided matches one the one we computed
  if checksum not in csums:
    logger.warning('put_image_layer: Wrong checksum')
-    abort(400)  # 'Checksum mismatch, ignoring the layer')
+    abort(400, 'Checksum mismatch; ignoring the layer')
+
  # Checksum is ok, we remove the marker
  store.remove(mark_path)

@ -177,24 +209,28 @@ def put_image_checksum(namespace, repository, image_id):

  checksum = request.headers.get('X-Docker-Checksum')
  if not checksum:
-    logger.warning('Missing Image\'s checksum: %s', image_id)
-    abort(400)  # 'Missing Image\'s checksum')
+    abort(400, "Missing checksum for image %(image_id)s", image_id=image_id)
+
  if not session.get('checksum'):
-    logger.warning('Checksum not found in Cookie for image: %s', image_id)
-    abort(400)  # 'Checksum not found in Cookie')
+    abort(400, 'Checksum not found in Cookie for image %(imaage_id)s', image_id=image_id)
+
  if not store.exists(store.image_json_path(namespace, repository, image_id)):
-    abort(404)  # 'Image not found', 404)
+    abort(404, 'Image not found: %(image_id)s', image_id=image_id)
+
  mark_path = store.image_mark_path(namespace, repository, image_id)
  if not store.exists(mark_path):
-    abort(409)  # 'Cannot set this image checksum', 409)
+    abort(409, 'Cannot set checksum for image %(image_id)s', image_id=image_id)
+
  err = store_checksum(namespace, repository, image_id, checksum)
  if err:
-    abort(err)
+    abort(400, err)
+
  if checksum not in session.get('checksum', []):
    logger.debug('session checksums: %s' % session.get('checksum', []))
    logger.debug('client supplied checksum: %s' % checksum)
    logger.debug('put_image_layer: Wrong checksum')
-    abort(400)  # 'Checksum mismatch')
+    abort(400, 'Checksum mismatch for image: %(image_id)s', image_id=image_id)
+
  # Checksum is ok, we remove the marker
  store.remove(mark_path)

@ -225,16 +261,19 @@ def get_image_json(namespace, repository, image_id, headers):
    data = store.get_content(store.image_json_path(namespace, repository,
                                                   image_id))
  except IOError:
-    abort(404)  # 'Image not found', 404)
+    abort(404, 'Image %(image_id)%s not found', image_id=image_id)
+
  try:
    size = store.get_size(store.image_layer_path(namespace, repository,
                                                 image_id))
    headers['X-Docker-Size'] = str(size)
  except OSError:
    pass
+
  checksum_path = store.image_checksum_path(namespace, repository, image_id)
  if store.exists(checksum_path):
    headers['X-Docker-Checksum'] = store.get_content(checksum_path)
+
  response = make_response(data, 200)
  response.headers.extend(headers)
  return response
@ -255,7 +294,8 @@ def get_image_ancestry(namespace, repository, image_id, headers):
    data = store.get_content(store.image_ancestry_path(namespace, repository,
                                                       image_id))
  except IOError:
-    abort(404)  # 'Image not found', 404)
+    abort(404, 'Image %(image_id)s not found', image_id=image_id)
+
  response = make_response(json.dumps(json.loads(data)), 200)
  response.headers.extend(headers)
  return response
@ -280,6 +320,7 @@ def store_checksum(namespace, repository, image_id, checksum):
  checksum_parts = checksum.split(':')
  if len(checksum_parts) != 2:
    return 'Invalid checksum format'
+
  # We store the checksum
  checksum_path = store.image_checksum_path(namespace, repository, image_id)
  store.put_content(checksum_path, checksum)
@ -298,36 +339,35 @@ def put_image_json(namespace, repository, image_id):
  except json.JSONDecodeError:
    pass
  if not data or not isinstance(data, dict):
-    logger.warning('Invalid JSON for image: %s json: %s', image_id,
-                   request.data)
-    abort(400)  # 'Invalid JSON')
+    abort(400, 'Invalid JSON for image: %(image_id)s\nJSON: %(json)s', image_id=image_id, json=request.data)
+
  if 'id' not in data:
-    logger.warning('Missing key `id\' in JSON for image: %s', image_id)
-    abort(400)  # 'Missing key `id\' in JSON')
+    abort(400, 'Missing key `id` in JSON for image: %(image_id)s', image_id=image_id)
+
  # Read the checksum
  checksum = request.headers.get('X-Docker-Checksum')
  if checksum:
    # Storing the checksum is optional at this stage
    err = store_checksum(namespace, repository, image_id, checksum)
    if err:
-      abort(err)
+      abort(400, err)
+
  else:
    # We cleanup any old checksum in case it's a retry after a fail
    store.remove(store.image_checksum_path(namespace, repository, image_id))
  if image_id != data['id']:
-    logger.warning('JSON data contains invalid id for image: %s', image_id)
-    abort(400)  # 'JSON data contains invalid id')
+    abort(400, 'JSON data contains invalid id for image: %(image_id)s', image_id=image_id)
+
  parent_id = data.get('parent')
-  if parent_id and not store.exists(store.image_json_path(namespace,
-                                                          repository,
-                                                          data['parent'])):
-    logger.warning('Image depends on a non existing parent image: %s',
-                   image_id)
-    abort(400)  # 'Image depends on a non existing parent')
+  if parent_id and not store.exists(store.image_json_path(namespace, repository, parent_id)):
+    abort(400, 'Image %(image_id)s depends on non existing parent image %(parent_id)s',
+          image_id=image_id, parent_id=parent_id)
+
  json_path = store.image_json_path(namespace, repository, image_id)
  mark_path = store.image_mark_path(namespace, repository, image_id)
  if store.exists(json_path) and not store.exists(mark_path):
-    abort(409)  # 'Image already exists', 409)
+    abort(409, 'Image %(image_id)s already exists', image_id=image_id)
+
  # If we reach that point, it means that this is a new image or a retry
  # on a failed push
  # save the metadata