#1589 closed defect (fixed)
S3 backend: when a txaws operation gets an error response, include the full request URI and response body in the exception message, and maybe trigger an incident
Reported by: | davidsarah | Owned by: | davidsarah |
---|---|---|---|
Priority: | major | Milestone: | 1.14.0 |
Component: | code-storage | Version: | 1.9.0-s3branch |
Keywords: | error s3-backend txaws reviewed | Cc: | zooko |
Launchpad Bug: |
Description (last modified by daira)
The exception message shouldn't include secrets (AWS secret key, user token or product token), or data, but the request URI and the body of error responses are short enough to include in full. In particular the response code, which txaws currently drops, would be useful. We don't send any caps in S3 requests.
It would also be useful to trigger an incident for errors that we don't understand or haven't seen before (probably based on the HTTP response code).
Attachments (1)
Change History (16)
comment:1 Changed at 2011-11-19T16:30:53Z by davidsarah
- Description modified (diff)
- Summary changed from S3 backend: when a txaws operation gets an error response, include the full request URI and response body in the exception message to S3 backend: when a txaws operation gets an error response, include the full request URI and response body in the exception message, and maybe trigger an incident
comment:2 Changed at 2011-12-31T03:26:32Z by zooko
- Cc zooko added
comment:3 Changed at 2012-02-14T20:52:55Z by davidsarah
- Owner set to davidsarah
- Status changed from new to assigned
Changed at 2012-02-16T04:13:05Z by davidsarah
Make S3 error tracebacks include the status code and response, and trigger an incident. fixes #1589
comment:4 Changed at 2012-02-16T04:13:35Z by davidsarah
- Keywords review-needed added
- Owner changed from davidsarah to zancas
- Status changed from assigned to new
comment:5 Changed at 2012-02-16T04:19:16Z by davidsarah
On line 313 of the patch, the error string should be: "was supposed to raise TahoeS3Error, not get %r"
comment:6 follow-up: ↓ 8 Changed at 2012-02-17T21:28:25Z by zooko
patch review:
I guess it is redundant but not harmful to say that class S3Bucket implements(IS3Bucket), since it now subclasses S3BucketMixin which implements(IS3Bucket). I would tend to err on the side of removing that declaration from class S3Bucket, but I could go either way.
Why do we need both the f.trap(self.S3Error) and the except self.S3Error? Don't those both mean the same thing -- one for twisted Failure instances and the other for Python Error instances? Don't we know which of those two types we might encounter there?
Other than that, I saw no problems with it.
comment:7 Changed at 2012-02-17T21:28:47Z by zooko
- Keywords reviewed added; review-needed removed
- Owner changed from zancas to davidsarah
comment:8 in reply to: ↑ 6 Changed at 2012-02-17T21:59:27Z by davidsarah
Replying to zooko:
patch review:
I guess it is redundant but not harmful to say that class S3Bucket implements(IS3Bucket), since it now subclasses S3BucketMixin which implements(IS3Bucket).
S3BucketMixin doesn't actually implement S3Bucket (and shouldn't, since it only implements one helper method).
Why do we need both the f.trap(self.S3Error) and the except self.S3Error?
The intention is to preserve the exception traceback. The trap call does so when the exception is not a self.S3Error (because it's preserving the same Failure), and the except clause does so (using the 3-arg form of raise) when it is. The except clause depends on the exception object being an S3Error or MockS3Error. I don't know of any other way to preserve the traceback than to raise and catch f.value.
(I attempted to just change the behaviour of stringification by setting f.value.__str__ rather than using a different exception class, but was stymied by what I consider to be a bug in CPython -- str(x) is equivalent to x.__class__.__str__(x) and not to x.__str__() as the documentation implies, so setting __str__ on an instance does not work.)
The other alternative would be to change AWSError.__str__ in txaws. That might be more elegant, but I would prefer to minimize the changes in our txaws fork.
comment:9 Changed at 2012-02-18T06:18:32Z by davidsarah
This is ready to push to the ticket999-S3-backend branch, but I'm going to delay that until I also push the patch on #1678.
comment:10 follow-up: ↓ 11 Changed at 2012-02-20T21:21:28Z by zancas
The attached code is related to issues documented in ticket #1590. In particular, that ticket notes the need for more explicit handling/reporting of error information generated by the txaws S3 client's transactions with AWS S3 buckets.
comment:11 in reply to: ↑ 10 Changed at 2012-02-20T21:40:45Z by davidsarah
comment:12 Changed at 2012-05-18T23:18:10Z by davidsarah
- Milestone changed from 1.11.0 to soon
- Resolution set to fixed
- Status changed from new to closed
- Version changed from 1.9.0b1 to 1.9.0-s3branch
This was fixed in [5548/ticket999-S3-backend] and improved most recently in [5647/ticket999-S3-backend].
comment:13 Changed at 2014-11-27T03:52:10Z by daira
- Description modified (diff)
- Milestone changed from soon to 1.12.0
comment:14 Changed at 2016-03-22T05:02:25Z by warner
- Milestone changed from 1.12.0 to 1.13.0
Milestone renamed
comment:15 Changed at 2016-06-28T18:17:14Z by warner
- Milestone changed from 1.13.0 to 1.14.0
renaming milestone
txaws is preserving the xml_bytes, status, and response in the args of the S3Error object (so we don't need a txaws patch), but they are not being included in the stringified form of the exception (line 58 of txaws/exception.py).
So, we need an errback, probably after each operation in ticket999-S3-backend/src/allmydata/storage/backends/s3/s3_bucket.py, that extracts this information, logs it, and raises another exception that includes it in the error message.