Standardize Barbican error messages
Wrap Barbican's errors with a KeyManagerError instead of reraising the Barbican exception. Change-Id: Ib49bad7336534df75ef8165c7229c656fae04dd8
This commit is contained in:
parent
4fda4a749f
commit
0be6648f6f
|
@ -42,7 +42,7 @@ class CastellanException(Exception):
|
||||||
if not message_arg:
|
if not message_arg:
|
||||||
message_arg = self.message
|
message_arg = self.message
|
||||||
try:
|
try:
|
||||||
self.message = message_arg.format(**kwargs)
|
self.message = message_arg % kwargs
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
if _FATAL_EXCEPTION_FORMAT_ERRORS:
|
if _FATAL_EXCEPTION_FORMAT_ERRORS:
|
||||||
raise e
|
raise e
|
||||||
|
|
|
@ -25,7 +25,6 @@ from keystoneclient.auth import identity
|
||||||
from keystoneclient import session
|
from keystoneclient import session
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
from oslo_utils import excutils
|
|
||||||
|
|
||||||
from castellan.common import exception
|
from castellan.common import exception
|
||||||
from castellan.common.objects import key as key_base_class
|
from castellan.common.objects import key as key_base_class
|
||||||
|
@ -90,8 +89,8 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
:param context: the user context for authentication
|
:param context: the user context for authentication
|
||||||
:return: a Barbican Client object
|
:return: a Barbican Client object
|
||||||
:raises Forbidden: if the context is None
|
:raises Forbidden: if the context is None
|
||||||
:raises KeyManagerError: if context is missing tenant or
|
:raises KeyManagerError: if context is missing tenant or tenant is
|
||||||
tenant is None
|
None or error occurs while creating client
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Confirm context is provided, if not raise forbidden
|
# Confirm context is provided, if not raise forbidden
|
||||||
|
@ -104,7 +103,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
msg = u._("Unable to create Barbican Client without tenant "
|
msg = u._("Unable to create Barbican Client without tenant "
|
||||||
"attribute in context object.")
|
"attribute in context object.")
|
||||||
LOG.error(msg)
|
LOG.error(msg)
|
||||||
raise exception.KeyManagerError(msg)
|
raise exception.KeyManagerError(reason=msg)
|
||||||
|
|
||||||
if self._barbican_client and self._current_context == context:
|
if self._barbican_client and self._current_context == context:
|
||||||
return self._barbican_client
|
return self._barbican_client
|
||||||
|
@ -120,8 +119,8 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
endpoint=self._barbican_endpoint)
|
endpoint=self._barbican_endpoint)
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
with excutils.save_and_reraise_exception():
|
LOG.error(u._LE("Error creating Barbican client: %s"), e)
|
||||||
LOG.error(u._LE("Error creating Barbican client: %s"), e)
|
raise exception.KeyManagerError(reason=e)
|
||||||
|
|
||||||
self._base_url = self._create_base_url(auth,
|
self._base_url = self._create_base_url(auth,
|
||||||
sess,
|
sess,
|
||||||
|
@ -158,7 +157,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
msg = u._LE(
|
msg = u._LE(
|
||||||
"Could not find discovery information for %s") % endpoint
|
"Could not find discovery information for %s") % endpoint
|
||||||
LOG.error(msg)
|
LOG.error(msg)
|
||||||
raise exception.KeyManagerError(msg)
|
raise exception.KeyManagerError(reason=msg)
|
||||||
latest_version = raw_data[-1]
|
latest_version = raw_data[-1]
|
||||||
api_version = latest_version.get('id')
|
api_version = latest_version.get('id')
|
||||||
|
|
||||||
|
@ -175,9 +174,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
:param length: the bit length of the secret
|
:param length: the bit length of the secret
|
||||||
:param expiration: the date the key will expire
|
:param expiration: the date the key will expire
|
||||||
:return: the UUID of the new key
|
:return: the UUID of the new key
|
||||||
:raises HTTPAuthError: if key creation fails with 401
|
:raises KeyManagerError: if key creation fails
|
||||||
:raises HTTPClientError: if key creation failes with 4xx
|
|
||||||
:raises HTTPServerError: if key creation fails with 5xx
|
|
||||||
"""
|
"""
|
||||||
barbican_client = self._get_barbican_client(context)
|
barbican_client = self._get_barbican_client(context)
|
||||||
|
|
||||||
|
@ -192,8 +189,8 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
except (barbican_exceptions.HTTPAuthError,
|
except (barbican_exceptions.HTTPAuthError,
|
||||||
barbican_exceptions.HTTPClientError,
|
barbican_exceptions.HTTPClientError,
|
||||||
barbican_exceptions.HTTPServerError) as e:
|
barbican_exceptions.HTTPServerError) as e:
|
||||||
with excutils.save_and_reraise_exception():
|
LOG.error(u._LE("Error creating key: %s"), e)
|
||||||
LOG.error(u._LE("Error creating key: %s"), e)
|
raise exception.KeyManagerError(reason=e)
|
||||||
|
|
||||||
def create_key_pair(self, context, algorithm, length, expiration=None):
|
def create_key_pair(self, context, algorithm, length, expiration=None):
|
||||||
"""Creates an asymmetric key pair.
|
"""Creates an asymmetric key pair.
|
||||||
|
@ -205,9 +202,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
:param expiration: the date the key will expire
|
:param expiration: the date the key will expire
|
||||||
:return: the UUIDs of the new key, in the order (private, public)
|
:return: the UUIDs of the new key, in the order (private, public)
|
||||||
:raises NotImplementedError: until implemented
|
:raises NotImplementedError: until implemented
|
||||||
:raises HTTPAuthError: if key creation fails with 401
|
:raises KeyManagerError: if key pair creation fails
|
||||||
:raises HTTPClientError: if key creation failes with 4xx
|
|
||||||
:raises HTTPServerError: if key creation fails with 5xx
|
|
||||||
"""
|
"""
|
||||||
barbican_client = self._get_barbican_client(context)
|
barbican_client = self._get_barbican_client(context)
|
||||||
|
|
||||||
|
@ -229,8 +224,8 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
except (barbican_exceptions.HTTPAuthError,
|
except (barbican_exceptions.HTTPAuthError,
|
||||||
barbican_exceptions.HTTPClientError,
|
barbican_exceptions.HTTPClientError,
|
||||||
barbican_exceptions.HTTPServerError) as e:
|
barbican_exceptions.HTTPServerError) as e:
|
||||||
with excutils.save_and_reraise_exception():
|
LOG.error(u._LE("Error creating key pair: %s"), e)
|
||||||
LOG.error(u._LE("Error creating key pair: %s"), e)
|
raise exception.KeyManagerError(reason=e)
|
||||||
|
|
||||||
def _get_barbican_object(self, barbican_client, managed_object):
|
def _get_barbican_object(self, barbican_client, managed_object):
|
||||||
"""Converts the Castellan managed_object to a Barbican secret."""
|
"""Converts the Castellan managed_object to a Barbican secret."""
|
||||||
|
@ -292,9 +287,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
:param expiration: the expiration time of the secret in ISO 8601
|
:param expiration: the expiration time of the secret in ISO 8601
|
||||||
format
|
format
|
||||||
:returns: the UUID of the stored object
|
:returns: the UUID of the stored object
|
||||||
:raises HTTPAuthError: if object creation fails with 401
|
:raises KeyManagerError: if object store fails
|
||||||
:raises HTTPClientError: if object creation failes with 4xx
|
|
||||||
:raises HTTPServerError: if object creation fails with 5xx
|
|
||||||
"""
|
"""
|
||||||
barbican_client = self._get_barbican_client(context)
|
barbican_client = self._get_barbican_client(context)
|
||||||
|
|
||||||
|
@ -307,8 +300,8 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
except (barbican_exceptions.HTTPAuthError,
|
except (barbican_exceptions.HTTPAuthError,
|
||||||
barbican_exceptions.HTTPClientError,
|
barbican_exceptions.HTTPClientError,
|
||||||
barbican_exceptions.HTTPServerError) as e:
|
barbican_exceptions.HTTPServerError) as e:
|
||||||
with excutils.save_and_reraise_exception():
|
LOG.error(u._LE("Error storing object: %s"), e)
|
||||||
LOG.error(u._LE("Error storing object: %s"), e)
|
raise exception.KeyManagerError(reason=e)
|
||||||
|
|
||||||
def _create_secret_ref(self, key_id):
|
def _create_secret_ref(self, key_id):
|
||||||
"""Creates the URL required for accessing a secret.
|
"""Creates the URL required for accessing a secret.
|
||||||
|
@ -318,7 +311,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
"""
|
"""
|
||||||
if not key_id:
|
if not key_id:
|
||||||
msg = "Key ID is None"
|
msg = "Key ID is None"
|
||||||
raise exception.KeyManagerError(msg)
|
raise exception.KeyManagerError(reason=msg)
|
||||||
base_url = self._base_url
|
base_url = self._base_url
|
||||||
if base_url[-1] != '/':
|
if base_url[-1] != '/':
|
||||||
base_url += '/'
|
base_url += '/'
|
||||||
|
@ -356,7 +349,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
'num_retries':
|
'num_retries':
|
||||||
number_of_retries}
|
number_of_retries}
|
||||||
LOG.error(msg)
|
LOG.error(msg)
|
||||||
raise exception.KeyManagerError(msg)
|
raise exception.KeyManagerError(reason=msg)
|
||||||
|
|
||||||
def _retrieve_secret_uuid(self, secret_ref):
|
def _retrieve_secret_uuid(self, secret_ref):
|
||||||
"""Retrieves the UUID of the secret from the secret_ref.
|
"""Retrieves the UUID of the secret from the secret_ref.
|
||||||
|
@ -432,9 +425,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
for the request (castellan/context.py)
|
for the request (castellan/context.py)
|
||||||
:param key_id: UUID of the secret
|
:param key_id: UUID of the secret
|
||||||
:return: the secret's metadata
|
:return: the secret's metadata
|
||||||
:raises HTTPAuthError: if object retrieval fails with 401
|
:raises KeyManagerError: if object retrieval fails
|
||||||
:raises HTTPClientError: if object retrieval fails with 4xx
|
|
||||||
:raises HTTPServerError: if object retrieval fails with 5xx
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
barbican_client = self._get_barbican_client(context)
|
barbican_client = self._get_barbican_client(context)
|
||||||
|
@ -445,8 +436,8 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
except (barbican_exceptions.HTTPAuthError,
|
except (barbican_exceptions.HTTPAuthError,
|
||||||
barbican_exceptions.HTTPClientError,
|
barbican_exceptions.HTTPClientError,
|
||||||
barbican_exceptions.HTTPServerError) as e:
|
barbican_exceptions.HTTPServerError) as e:
|
||||||
with excutils.save_and_reraise_exception():
|
LOG.error(u._LE("Error getting secret metadata: %s"), e)
|
||||||
LOG.error(u._LE("Error getting secret metadata: %s"), e)
|
raise exception.KeyManagerError(reason=e)
|
||||||
|
|
||||||
def get(self, context, managed_object_id):
|
def get(self, context, managed_object_id):
|
||||||
"""Retrieves the specified managed object.
|
"""Retrieves the specified managed object.
|
||||||
|
@ -457,18 +448,17 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
for the request (castellan/context.py)
|
for the request (castellan/context.py)
|
||||||
:param managed_object_id: the UUID of the object to retrieve
|
:param managed_object_id: the UUID of the object to retrieve
|
||||||
:return: SymmetricKey representation of the key
|
:return: SymmetricKey representation of the key
|
||||||
:raises HTTPAuthError: if object retrieval fails with 401
|
:raises KeyManagerError: if object retrieval fails
|
||||||
:raises HTTPClientError: if object retrieval fails with 4xx
|
|
||||||
:raises HTTPServerError: if object retrieval fails with 5xx
|
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
secret = self._get_secret(context, managed_object_id)
|
secret = self._get_secret(context, managed_object_id)
|
||||||
return self._get_castellan_object(secret)
|
return self._get_castellan_object(secret)
|
||||||
except (barbican_exceptions.HTTPAuthError,
|
except (barbican_exceptions.HTTPAuthError,
|
||||||
barbican_exceptions.HTTPClientError,
|
barbican_exceptions.HTTPClientError,
|
||||||
barbican_exceptions.HTTPServerError) as e:
|
barbican_exceptions.HTTPServerError,
|
||||||
with excutils.save_and_reraise_exception():
|
exception.KeyManagerError) as e:
|
||||||
LOG.error(u._LE("Error getting object: %s"), e)
|
LOG.error(u._LE("Error getting object: %s"), e)
|
||||||
|
raise exception.KeyManagerError(reason=e)
|
||||||
|
|
||||||
def delete(self, context, managed_object_id):
|
def delete(self, context, managed_object_id):
|
||||||
"""Deletes the specified managed object.
|
"""Deletes the specified managed object.
|
||||||
|
@ -476,9 +466,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
:param context: contains information of the user and the environment
|
:param context: contains information of the user and the environment
|
||||||
for the request (castellan/context.py)
|
for the request (castellan/context.py)
|
||||||
:param managed_object_id: the UUID of the object to delete
|
:param managed_object_id: the UUID of the object to delete
|
||||||
:raises HTTPAuthError: if key deletion fails with 401
|
:raises KeyManagerError: if key deletion fails
|
||||||
:raises HTTPClientError: if key deletion fails with 4xx
|
|
||||||
:raises HTTPServerError: if key deletion fails with 5xx
|
|
||||||
"""
|
"""
|
||||||
barbican_client = self._get_barbican_client(context)
|
barbican_client = self._get_barbican_client(context)
|
||||||
|
|
||||||
|
@ -488,5 +476,5 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
except (barbican_exceptions.HTTPAuthError,
|
except (barbican_exceptions.HTTPAuthError,
|
||||||
barbican_exceptions.HTTPClientError,
|
barbican_exceptions.HTTPClientError,
|
||||||
barbican_exceptions.HTTPServerError) as e:
|
barbican_exceptions.HTTPServerError) as e:
|
||||||
with excutils.save_and_reraise_exception():
|
LOG.error(u._LE("Error deleting object: %s"), e)
|
||||||
LOG.error(u._LE("Error deleting object: %s"), e)
|
raise exception.KeyManagerError(reason=e)
|
||||||
|
|
|
@ -106,7 +106,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
|
||||||
self.mock_barbican.orders.create_key.return_value = key_order
|
self.mock_barbican.orders.create_key.return_value = key_order
|
||||||
key_order.submit = mock.Mock(
|
key_order.submit = mock.Mock(
|
||||||
side_effect=barbican_exceptions.HTTPClientError('test error'))
|
side_effect=barbican_exceptions.HTTPClientError('test error'))
|
||||||
self.assertRaises(barbican_exceptions.HTTPClientError,
|
self.assertRaises(exception.KeyManagerError,
|
||||||
self.key_mgr.create_key, self.ctxt, 'AES', 256)
|
self.key_mgr.create_key, self.ctxt, 'AES', 256)
|
||||||
|
|
||||||
def test_create_key_pair(self):
|
def test_create_key_pair(self):
|
||||||
|
@ -159,7 +159,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
|
||||||
self.mock_barbican.orders.create_asymmetric.return_value = asym_order
|
self.mock_barbican.orders.create_asymmetric.return_value = asym_order
|
||||||
asym_order.submit = mock.Mock(
|
asym_order.submit = mock.Mock(
|
||||||
side_effect=barbican_exceptions.HTTPClientError('test error'))
|
side_effect=barbican_exceptions.HTTPClientError('test error'))
|
||||||
self.assertRaises(barbican_exceptions.HTTPClientError,
|
self.assertRaises(exception.KeyManagerError,
|
||||||
self.key_mgr.create_key_pair, self.ctxt, 'RSA', 2048)
|
self.key_mgr.create_key_pair, self.ctxt, 'RSA', 2048)
|
||||||
|
|
||||||
def test_delete_null_context(self):
|
def test_delete_null_context(self):
|
||||||
|
@ -178,7 +178,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
|
||||||
def test_delete_with_error(self):
|
def test_delete_with_error(self):
|
||||||
self.mock_barbican.secrets.delete = mock.Mock(
|
self.mock_barbican.secrets.delete = mock.Mock(
|
||||||
side_effect=barbican_exceptions.HTTPClientError('test error'))
|
side_effect=barbican_exceptions.HTTPClientError('test error'))
|
||||||
self.assertRaises(barbican_exceptions.HTTPClientError,
|
self.assertRaises(exception.KeyManagerError,
|
||||||
self.key_mgr.delete, self.ctxt, self.key_id)
|
self.key_mgr.delete, self.ctxt, self.key_id)
|
||||||
|
|
||||||
def test_get_key(self):
|
def test_get_key(self):
|
||||||
|
@ -207,7 +207,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
|
||||||
def test_get_with_error(self):
|
def test_get_with_error(self):
|
||||||
self.mock_barbican.secrets.get = mock.Mock(
|
self.mock_barbican.secrets.get = mock.Mock(
|
||||||
side_effect=barbican_exceptions.HTTPClientError('test error'))
|
side_effect=barbican_exceptions.HTTPClientError('test error'))
|
||||||
self.assertRaises(barbican_exceptions.HTTPClientError,
|
self.assertRaises(exception.KeyManagerError,
|
||||||
self.key_mgr.get, self.ctxt, self.key_id)
|
self.key_mgr.get, self.ctxt, self.key_id)
|
||||||
|
|
||||||
def test_store_key(self):
|
def test_store_key(self):
|
||||||
|
@ -245,7 +245,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
|
||||||
_key = sym_key.SymmetricKey('AES',
|
_key = sym_key.SymmetricKey('AES',
|
||||||
key_length,
|
key_length,
|
||||||
secret_key)
|
secret_key)
|
||||||
self.assertRaises(barbican_exceptions.HTTPClientError,
|
self.assertRaises(exception.KeyManagerError,
|
||||||
self.key_mgr.store, self.ctxt, _key)
|
self.key_mgr.store, self.ctxt, _key)
|
||||||
|
|
||||||
def test_get_active_order(self):
|
def test_get_active_order(self):
|
||||||
|
|
Loading…
Reference in New Issue