Straighten up exceptions imports
exc and exceptions is not very descriptive of where errors are coming from. As we add keystoneauth this is only going to get worse so make it clear where the different imports are from. Change-Id: I35d2952007495d37b530b6e0be1544528501bfbf
This commit is contained in:
Jamie Lennox
parent
0f31eb0449
commit
92e176814f
|
|
@ -215,7 +215,7 @@ from keystoneclient import adapter
|
|||
from keystoneclient import auth
|
||||
from keystoneclient.common import cms
|
||||
from keystoneclient import discover
|
||||
from keystoneclient import exceptions
|
||||
from keystoneclient import exceptions as ksc_exceptions
|
||||
from keystoneclient import session
|
||||
from oslo_config import cfg
|
||||
from oslo_serialization import jsonutils
|
||||
|
|
@ -226,7 +226,7 @@ import webob.dec
|
|||
from keystonemiddleware.auth_token import _auth
|
||||
from keystonemiddleware.auth_token import _base
|
||||
from keystonemiddleware.auth_token import _cache
|
||||
from keystonemiddleware.auth_token import _exceptions as exc
|
||||
from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
|
||||
from keystonemiddleware.auth_token import _identity
|
||||
from keystonemiddleware.auth_token import _request
|
||||
from keystonemiddleware.auth_token import _revocations
|
||||
|
|
@ -416,7 +416,7 @@ def _conf_values_type_convert(conf):
|
|||
# This option is not known to auth_token.
|
||||
pass
|
||||
except ValueError as e:
|
||||
raise exc.ConfigurationError(
|
||||
raise ksm_exceptions.ConfigurationError(
|
||||
_('Unable to convert the value of %(key)s option into correct '
|
||||
'type: %(ex)s') % {'key': k, 'ex': e})
|
||||
opts[dest] = v
|
||||
|
|
@ -480,7 +480,7 @@ class _BaseAuthProtocol(object):
|
|||
data, user_auth_ref = self._do_fetch_token(request.user_token)
|
||||
self._validate_token(user_auth_ref)
|
||||
self._confirm_token_bind(user_auth_ref, request)
|
||||
except exc.InvalidToken:
|
||||
except ksm_exceptions.InvalidToken:
|
||||
self.log.info(_LI('Invalid user token'))
|
||||
request.user_token_valid = False
|
||||
else:
|
||||
|
|
@ -493,7 +493,7 @@ class _BaseAuthProtocol(object):
|
|||
_, serv_auth_ref = self._do_fetch_token(request.service_token)
|
||||
self._validate_token(serv_auth_ref)
|
||||
self._confirm_token_bind(serv_auth_ref, request)
|
||||
except exc.InvalidToken:
|
||||
except ksm_exceptions.InvalidToken:
|
||||
self.log.info(_LI('Invalid service token'))
|
||||
request.service_token_valid = False
|
||||
else:
|
||||
|
|
@ -512,7 +512,7 @@ class _BaseAuthProtocol(object):
|
|||
"""
|
||||
# 0 seconds of validity means it is invalid right now
|
||||
if auth_ref.will_expire_soon(stale_duration=0):
|
||||
raise exc.InvalidToken(_('Token authorization failed'))
|
||||
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
|
||||
|
||||
def _do_fetch_token(self, token):
|
||||
"""Helper method to fetch a token and convert it into an AccessInfo"""
|
||||
|
|
@ -522,7 +522,7 @@ class _BaseAuthProtocol(object):
|
|||
return data, access.AccessInfo.factory(body=data, auth_token=token)
|
||||
except Exception:
|
||||
self.log.warning(_LW('Invalid token contents.'), exc_info=True)
|
||||
raise exc.InvalidToken(_('Token authorization failed'))
|
||||
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
|
||||
|
||||
def _fetch_token(self, token):
|
||||
"""Fetch the token data based on the value in the header.
|
||||
|
|
@ -555,7 +555,7 @@ class _BaseAuthProtocol(object):
|
|||
if msg is False:
|
||||
msg = _('Token authorization failed')
|
||||
|
||||
raise exc.InvalidToken(msg)
|
||||
raise ksm_exceptions.InvalidToken(msg)
|
||||
|
||||
def _confirm_token_bind(self, auth_ref, req):
|
||||
if self._enforce_token_bind == _BIND_MODE.DISABLED:
|
||||
|
|
@ -848,11 +848,13 @@ class AuthProtocol(_BaseAuthProtocol):
|
|||
|
||||
self._token_cache.store(token_hashes[0], data)
|
||||
|
||||
except (exceptions.ConnectionRefused, exceptions.RequestTimeout,
|
||||
exc.RevocationListError, exc.ServiceError) as e:
|
||||
except (ksc_exceptions.ConnectionRefused,
|
||||
ksc_exceptions.RequestTimeout,
|
||||
ksm_exceptions.RevocationListError,
|
||||
ksm_exceptions.ServiceError) as e:
|
||||
self.log.critical(_LC('Unable to validate token: %s'), e)
|
||||
raise webob.exc.HTTPServiceUnavailable()
|
||||
except exc.InvalidToken:
|
||||
except ksm_exceptions.InvalidToken:
|
||||
self.log.debug('Token validation failure.', exc_info=True)
|
||||
if token_hashes:
|
||||
self._token_cache.store_invalid(token_hashes[0])
|
||||
|
|
@ -873,10 +875,10 @@ class AuthProtocol(_BaseAuthProtocol):
|
|||
else:
|
||||
# Can't do offline validation for this type of token.
|
||||
return
|
||||
except exceptions.CertificateConfigError:
|
||||
except ksc_exceptions.CertificateConfigError:
|
||||
self.log.warning(_LW('Fetch certificate config failed, '
|
||||
'fallback to online validation.'))
|
||||
except exc.RevocationListError:
|
||||
except ksm_exceptions.RevocationListError:
|
||||
self.log.warning(_LW('Fetch revocation list failed, '
|
||||
'fallback to online validation.'))
|
||||
else:
|
||||
|
|
@ -888,7 +890,7 @@ class AuthProtocol(_BaseAuthProtocol):
|
|||
|
||||
if auth_ref.version == 'v2.0' and not auth_ref.project_id:
|
||||
msg = _('Unable to determine service tenancy.')
|
||||
raise exc.InvalidToken(msg)
|
||||
raise ksm_exceptions.InvalidToken(msg)
|
||||
|
||||
def _cms_verify(self, data, inform=cms.PKI_ASN1_FORM):
|
||||
"""Verifies the signature of the provided data's IAW CMS syntax.
|
||||
|
|
@ -905,14 +907,15 @@ class AuthProtocol(_BaseAuthProtocol):
|
|||
return cms.cms_verify(data, signing_cert_path,
|
||||
signing_ca_path,
|
||||
inform=inform).decode('utf-8')
|
||||
except (exceptions.CMSError,
|
||||
except (ksc_exceptions.CMSError,
|
||||
cms.subprocess.CalledProcessError) as err:
|
||||
self.log.warning(_LW('Verify error: %s'), err)
|
||||
raise exc.InvalidToken(_('Token authorization failed'))
|
||||
msg = _('Token authorization failed')
|
||||
raise ksm_exceptions.InvalidToken(msg)
|
||||
|
||||
try:
|
||||
return verify()
|
||||
except exceptions.CertificateConfigError:
|
||||
except ksc_exceptions.CertificateConfigError:
|
||||
# the certs might be missing; unconditionally fetch to avoid racing
|
||||
self._fetch_signing_cert()
|
||||
self._fetch_ca_cert()
|
||||
|
|
@ -920,7 +923,7 @@ class AuthProtocol(_BaseAuthProtocol):
|
|||
try:
|
||||
# retry with certs in place
|
||||
return verify()
|
||||
except exceptions.CertificateConfigError as err:
|
||||
except ksc_exceptions.CertificateConfigError as err:
|
||||
# if this is still occurring, something else is wrong and we
|
||||
# need err.output to identify the problem
|
||||
self.log.error(_LE('CMS Verify output: %s'), err.output)
|
||||
|
|
@ -942,7 +945,7 @@ class AuthProtocol(_BaseAuthProtocol):
|
|||
# TypeError If the signed_text is not zlib compressed
|
||||
# binascii.Error if signed_text has incorrect base64 padding (py34)
|
||||
except (TypeError, binascii.Error):
|
||||
raise exc.InvalidToken(signed_text)
|
||||
raise ksm_exceptions.InvalidToken(signed_text)
|
||||
|
||||
def _fetch_signing_cert(self):
|
||||
self._signing_directory.write_file(
|
||||
|
|
@ -1105,7 +1108,7 @@ def app_factory(global_conf, **local_conf):
|
|||
|
||||
|
||||
# NOTE(jamielennox): Maintained here for public API compatibility.
|
||||
InvalidToken = exc.InvalidToken
|
||||
ServiceError = exc.ServiceError
|
||||
ConfigurationError = exc.ConfigurationError
|
||||
RevocationListError = exc.RevocationListError
|
||||
InvalidToken = ksm_exceptions.InvalidToken
|
||||
ServiceError = ksm_exceptions.ServiceError
|
||||
ConfigurationError = ksm_exceptions.ConfigurationError
|
||||
RevocationListError = ksm_exceptions.RevocationListError
|
||||
|
|
|
|||
|
|
@ -14,13 +14,13 @@ import functools
|
|||
|
||||
from keystoneclient import auth
|
||||
from keystoneclient import discover
|
||||
from keystoneclient import exceptions
|
||||
from keystoneclient import exceptions as ksc_exceptions
|
||||
from keystoneclient.v2_0 import client as v2_client
|
||||
from keystoneclient.v3 import client as v3_client
|
||||
from six.moves import urllib
|
||||
|
||||
from keystonemiddleware.auth_token import _auth
|
||||
from keystonemiddleware.auth_token import _exceptions as exc
|
||||
from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
|
||||
from keystonemiddleware.i18n import _, _LE, _LI, _LW
|
||||
|
||||
|
||||
|
|
@ -29,8 +29,8 @@ def _convert_fetch_cert_exception(fetch_cert):
|
|||
def wrapper(self):
|
||||
try:
|
||||
text = fetch_cert(self)
|
||||
except exceptions.HTTPError as e:
|
||||
raise exceptions.CertificateConfigError(e.details)
|
||||
except ksc_exceptions.HTTPError as e:
|
||||
raise ksc_exceptions.CertificateConfigError(e.details)
|
||||
return text
|
||||
|
||||
return wrapper
|
||||
|
|
@ -77,7 +77,7 @@ class _V2RequestStrategy(_RequestStrategy):
|
|||
|
||||
if not auth_ref:
|
||||
msg = _('Failed to fetch token data from identity server')
|
||||
raise exc.InvalidToken(msg)
|
||||
raise ksm_exceptions.InvalidToken(msg)
|
||||
|
||||
return {'access': auth_ref}
|
||||
|
||||
|
|
@ -106,7 +106,7 @@ class _V3RequestStrategy(_RequestStrategy):
|
|||
|
||||
if not auth_ref:
|
||||
msg = _('Failed to fetch token data from identity server')
|
||||
raise exc.InvalidToken(msg)
|
||||
raise ksm_exceptions.InvalidToken(msg)
|
||||
|
||||
return {'token': auth_ref}
|
||||
|
||||
|
|
@ -194,7 +194,7 @@ class IdentityServer(object):
|
|||
', '.join(versions))
|
||||
|
||||
msg = _('No compatible apis supported by server')
|
||||
raise exc.ServiceError(msg)
|
||||
raise ksm_exceptions.ServiceError(msg)
|
||||
|
||||
def verify_token(self, user_token, retry=True):
|
||||
"""Authenticate user token with identity server.
|
||||
|
|
@ -211,11 +211,11 @@ class IdentityServer(object):
|
|||
"""
|
||||
try:
|
||||
auth_ref = self._request_strategy.verify_token(user_token)
|
||||
except exceptions.NotFound as e:
|
||||
except ksc_exceptions.NotFound as e:
|
||||
self._LOG.warning(_LW('Authorization failed for token'))
|
||||
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
|
||||
raise exc.InvalidToken(_('Token authorization failed'))
|
||||
except exceptions.Unauthorized as e:
|
||||
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
|
||||
except ksc_exceptions.Unauthorized as e:
|
||||
self._LOG.info(_LI('Identity server rejected authorization'))
|
||||
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
|
||||
if retry:
|
||||
|
|
@ -223,26 +223,26 @@ class IdentityServer(object):
|
|||
return self.verify_token(user_token, False)
|
||||
msg = _('Identity server rejected authorization necessary to '
|
||||
'fetch token data')
|
||||
raise exc.ServiceError(msg)
|
||||
except exceptions.HttpError as e:
|
||||
raise ksm_exceptions.ServiceError(msg)
|
||||
except ksc_exceptions.HttpError as e:
|
||||
self._LOG.error(
|
||||
_LE('Bad response code while validating token: %s'),
|
||||
e.http_status)
|
||||
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
|
||||
msg = _('Failed to fetch token data from identity server')
|
||||
raise exc.ServiceError(msg)
|
||||
raise ksm_exceptions.ServiceError(msg)
|
||||
else:
|
||||
return auth_ref
|
||||
|
||||
def fetch_revocation_list(self):
|
||||
try:
|
||||
data = self._request_strategy.fetch_revocation_list()
|
||||
except exceptions.HTTPError as e:
|
||||
except ksc_exceptions.HTTPError as e:
|
||||
msg = _('Failed to fetch token revocation list: %d')
|
||||
raise exc.RevocationListError(msg % e.http_status)
|
||||
raise ksm_exceptions.RevocationListError(msg % e.http_status)
|
||||
if 'signed' not in data:
|
||||
msg = _('Revocation list improperly formatted.')
|
||||
raise exc.RevocationListError(msg)
|
||||
raise ksm_exceptions.RevocationListError(msg)
|
||||
return data['signed']
|
||||
|
||||
def fetch_signing_cert(self):
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ import uuid
|
|||
import fixtures
|
||||
from keystoneclient import auth
|
||||
from keystoneclient.common import cms
|
||||
from keystoneclient import exceptions
|
||||
from keystoneclient import exceptions as ksc_exceptions
|
||||
from keystoneclient import fixture
|
||||
from keystoneclient import session
|
||||
import mock
|
||||
|
|
@ -42,7 +42,7 @@ import webob.dec
|
|||
|
||||
from keystonemiddleware import auth_token
|
||||
from keystonemiddleware.auth_token import _base
|
||||
from keystonemiddleware.auth_token import _exceptions as exc
|
||||
from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
|
||||
from keystonemiddleware.auth_token import _revocations
|
||||
from keystonemiddleware.openstack.common import memorycache
|
||||
from keystonemiddleware.tests.unit.auth_token import base
|
||||
|
|
@ -512,7 +512,7 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
|
|||
conf = {
|
||||
'include_service_catalog': '123',
|
||||
}
|
||||
self.assertRaises(exc.ConfigurationError,
|
||||
self.assertRaises(ksm_exceptions.ConfigurationError,
|
||||
auth_token.AuthProtocol, self.fake_app, conf)
|
||||
|
||||
def test_auth_region_name(self):
|
||||
|
|
@ -656,7 +656,7 @@ class CommonAuthTokenMiddlewareTest(object):
|
|||
# test the case where that retrieval fails
|
||||
self.middleware._revocations._fetched_time = datetime.datetime.min
|
||||
with mock.patch.object(self.middleware._revocations, '_fetch',
|
||||
side_effect=exc.RevocationListError):
|
||||
side_effect=ksm_exceptions.RevocationListError):
|
||||
self.call_middleware(headers={'X-Auth-Token': token},
|
||||
expected_status=503)
|
||||
|
||||
|
|
@ -797,7 +797,7 @@ class CommonAuthTokenMiddlewareTest(object):
|
|||
def test_verify_signed_token_raises_exception_for_revoked_token(self):
|
||||
self.middleware._revocations._list = (
|
||||
self.get_revocation_list_json())
|
||||
self.assertRaises(exc.InvalidToken,
|
||||
self.assertRaises(ksm_exceptions.InvalidToken,
|
||||
self.middleware._verify_signed_token,
|
||||
self.token_dict['revoked_token'],
|
||||
[self.token_dict['revoked_token_hash']])
|
||||
|
|
@ -807,7 +807,7 @@ class CommonAuthTokenMiddlewareTest(object):
|
|||
self.set_middleware()
|
||||
self.middleware._revocations._list = (
|
||||
self.get_revocation_list_json(mode='sha256'))
|
||||
self.assertRaises(exc.InvalidToken,
|
||||
self.assertRaises(ksm_exceptions.InvalidToken,
|
||||
self.middleware._verify_signed_token,
|
||||
self.token_dict['revoked_token'],
|
||||
[self.token_dict['revoked_token_hash_sha256'],
|
||||
|
|
@ -816,7 +816,7 @@ class CommonAuthTokenMiddlewareTest(object):
|
|||
def test_verify_signed_token_raises_exception_for_revoked_pkiz_token(self):
|
||||
self.middleware._revocations._list = (
|
||||
self.examples.REVOKED_TOKEN_PKIZ_LIST_JSON)
|
||||
self.assertRaises(exc.InvalidToken,
|
||||
self.assertRaises(ksm_exceptions.InvalidToken,
|
||||
self.middleware._verify_pkiz_token,
|
||||
self.token_dict['revoked_token_pkiz'],
|
||||
[self.token_dict['revoked_token_pkiz_hash']])
|
||||
|
|
@ -912,7 +912,7 @@ class CommonAuthTokenMiddlewareTest(object):
|
|||
|
||||
def test_invalid_revocation_list_raises_error(self):
|
||||
self.requests_mock.get(self.revocation_url, json={})
|
||||
self.assertRaises(exc.RevocationListError,
|
||||
self.assertRaises(ksm_exceptions.RevocationListError,
|
||||
self.middleware._revocations._fetch)
|
||||
|
||||
def test_fetch_revocation_list(self):
|
||||
|
|
@ -983,7 +983,8 @@ class CommonAuthTokenMiddlewareTest(object):
|
|||
token = 'invalid-token'
|
||||
self.call_middleware(headers={'X-Auth-Token': token},
|
||||
expected_status=401)
|
||||
self.assertRaises(exc.InvalidToken, self._get_cached_token, token)
|
||||
self.assertRaises(ksm_exceptions.InvalidToken,
|
||||
self._get_cached_token, token)
|
||||
|
||||
def test_memcache_set_expired(self, extra_conf={}, extra_environ={}):
|
||||
token_cache_time = 10
|
||||
|
|
@ -1319,7 +1320,7 @@ class V2CertDownloadMiddlewareTest(BaseAuthTokenMiddlewareTest,
|
|||
status_code=404)
|
||||
self.requests_mock.get('%s%s' % (BASE_URI, self.signing_path),
|
||||
status_code=404)
|
||||
self.assertRaises(exceptions.CertificateConfigError,
|
||||
self.assertRaises(ksc_exceptions.CertificateConfigError,
|
||||
self.middleware._verify_signed_token,
|
||||
self.examples.SIGNED_TOKEN_SCOPED,
|
||||
[self.examples.SIGNED_TOKEN_SCOPED_HASH])
|
||||
|
|
@ -1411,7 +1412,7 @@ class V3CertDownloadMiddlewareTest(V2CertDownloadMiddlewareTest):
|
|||
|
||||
|
||||
def network_error_response(request, context):
|
||||
raise exceptions.ConnectionRefused("Network connection refused.")
|
||||
raise ksc_exceptions.ConnectionRefused("Network connection refused.")
|
||||
|
||||
|
||||
class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
|
||||
|
|
@ -1680,7 +1681,8 @@ class v3AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
|
|||
self.assertEqual(auth_id, FAKE_ADMIN_TOKEN_ID)
|
||||
|
||||
if token_id == ERROR_TOKEN:
|
||||
raise exceptions.ConnectionRefused("Network connection refused.")
|
||||
msg = "Network connection refused."
|
||||
raise ksc_exceptions.ConnectionRefused(msg)
|
||||
|
||||
try:
|
||||
response = self.examples.JSON_TOKEN_RESPONSES[token_id]
|
||||
|
|
@ -2131,7 +2133,8 @@ class v3CompositeAuthTests(BaseAuthTokenMiddlewareTest,
|
|||
response = ""
|
||||
|
||||
if token_id == ERROR_TOKEN:
|
||||
raise exceptions.ConnectionRefused("Network connection refused.")
|
||||
msg = "Network connection refused."
|
||||
raise ksc_exceptions.ConnectionRefused(msg)
|
||||
|
||||
try:
|
||||
response = self.examples.JSON_TOKEN_RESPONSES[token_id]
|
||||
|
|
@ -2281,7 +2284,7 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest):
|
|||
group=_base.AUTHTOKEN_GROUP)
|
||||
|
||||
self.assertRaises(
|
||||
exceptions.NoMatchingPlugin,
|
||||
ksc_exceptions.NoMatchingPlugin,
|
||||
self.create_simple_middleware)
|
||||
|
||||
def test_plugin_loading_mixed_opts(self):
|
||||
|
|
|
|||
Loading…
Reference in New Issue