From 92e176814f2e8a8e13925916b6e6c6c8c4ac67fa Mon Sep 17 00:00:00 2001
From: Jamie Lennox <jamielennox@redhat.com>
Date: Wed, 14 Oct 2015 12:36:02 +1100
Subject: [PATCH] Straighten up exceptions imports

exc and exceptions is not very descriptive of where errors are coming
from. As we add keystoneauth this is only going to get worse so make it
clear where the different imports are from.

Change-Id: I35d2952007495d37b530b6e0be1544528501bfbf
---
 keystonemiddleware/auth_token/__init__.py     | 49 ++++++++++---------
 keystonemiddleware/auth_token/_identity.py    | 32 ++++++------
 .../auth_token/test_auth_token_middleware.py  | 31 ++++++------
 3 files changed, 59 insertions(+), 53 deletions(-)

diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py
index 28e2b5fe..2dabf96a 100644
--- a/keystonemiddleware/auth_token/__init__.py
+++ b/keystonemiddleware/auth_token/__init__.py
@@ -215,7 +215,7 @@ from keystoneclient import adapter
 from keystoneclient import auth
 from keystoneclient.common import cms
 from keystoneclient import discover
-from keystoneclient import exceptions
+from keystoneclient import exceptions as ksc_exceptions
 from keystoneclient import session
 from oslo_config import cfg
 from oslo_serialization import jsonutils
@@ -226,7 +226,7 @@ import webob.dec
 from keystonemiddleware.auth_token import _auth
 from keystonemiddleware.auth_token import _base
 from keystonemiddleware.auth_token import _cache
-from keystonemiddleware.auth_token import _exceptions as exc
+from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
 from keystonemiddleware.auth_token import _identity
 from keystonemiddleware.auth_token import _request
 from keystonemiddleware.auth_token import _revocations
@@ -416,7 +416,7 @@ def _conf_values_type_convert(conf):
             # This option is not known to auth_token.
             pass
         except ValueError as e:
-            raise exc.ConfigurationError(
+            raise ksm_exceptions.ConfigurationError(
                 _('Unable to convert the value of %(key)s option into correct '
                   'type: %(ex)s') % {'key': k, 'ex': e})
         opts[dest] = v
@@ -480,7 +480,7 @@ class _BaseAuthProtocol(object):
                 data, user_auth_ref = self._do_fetch_token(request.user_token)
                 self._validate_token(user_auth_ref)
                 self._confirm_token_bind(user_auth_ref, request)
-            except exc.InvalidToken:
+            except ksm_exceptions.InvalidToken:
                 self.log.info(_LI('Invalid user token'))
                 request.user_token_valid = False
             else:
@@ -493,7 +493,7 @@ class _BaseAuthProtocol(object):
                 _, serv_auth_ref = self._do_fetch_token(request.service_token)
                 self._validate_token(serv_auth_ref)
                 self._confirm_token_bind(serv_auth_ref, request)
-            except exc.InvalidToken:
+            except ksm_exceptions.InvalidToken:
                 self.log.info(_LI('Invalid service token'))
                 request.service_token_valid = False
             else:
@@ -512,7 +512,7 @@ class _BaseAuthProtocol(object):
         """
         # 0 seconds of validity means it is invalid right now
         if auth_ref.will_expire_soon(stale_duration=0):
-            raise exc.InvalidToken(_('Token authorization failed'))
+            raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
 
     def _do_fetch_token(self, token):
         """Helper method to fetch a token and convert it into an AccessInfo"""
@@ -522,7 +522,7 @@ class _BaseAuthProtocol(object):
             return data, access.AccessInfo.factory(body=data, auth_token=token)
         except Exception:
             self.log.warning(_LW('Invalid token contents.'), exc_info=True)
-            raise exc.InvalidToken(_('Token authorization failed'))
+            raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
 
     def _fetch_token(self, token):
         """Fetch the token data based on the value in the header.
@@ -555,7 +555,7 @@ class _BaseAuthProtocol(object):
         if msg is False:
             msg = _('Token authorization failed')
 
-        raise exc.InvalidToken(msg)
+        raise ksm_exceptions.InvalidToken(msg)
 
     def _confirm_token_bind(self, auth_ref, req):
         if self._enforce_token_bind == _BIND_MODE.DISABLED:
@@ -848,11 +848,13 @@ class AuthProtocol(_BaseAuthProtocol):
 
                 self._token_cache.store(token_hashes[0], data)
 
-        except (exceptions.ConnectionRefused, exceptions.RequestTimeout,
-                exc.RevocationListError, exc.ServiceError) as e:
+        except (ksc_exceptions.ConnectionRefused,
+                ksc_exceptions.RequestTimeout,
+                ksm_exceptions.RevocationListError,
+                ksm_exceptions.ServiceError) as e:
             self.log.critical(_LC('Unable to validate token: %s'), e)
             raise webob.exc.HTTPServiceUnavailable()
-        except exc.InvalidToken:
+        except ksm_exceptions.InvalidToken:
             self.log.debug('Token validation failure.', exc_info=True)
             if token_hashes:
                 self._token_cache.store_invalid(token_hashes[0])
@@ -873,10 +875,10 @@ class AuthProtocol(_BaseAuthProtocol):
             else:
                 # Can't do offline validation for this type of token.
                 return
-        except exceptions.CertificateConfigError:
+        except ksc_exceptions.CertificateConfigError:
             self.log.warning(_LW('Fetch certificate config failed, '
                                  'fallback to online validation.'))
-        except exc.RevocationListError:
+        except ksm_exceptions.RevocationListError:
             self.log.warning(_LW('Fetch revocation list failed, '
                                  'fallback to online validation.'))
         else:
@@ -888,7 +890,7 @@ class AuthProtocol(_BaseAuthProtocol):
 
         if auth_ref.version == 'v2.0' and not auth_ref.project_id:
             msg = _('Unable to determine service tenancy.')
-            raise exc.InvalidToken(msg)
+            raise ksm_exceptions.InvalidToken(msg)
 
     def _cms_verify(self, data, inform=cms.PKI_ASN1_FORM):
         """Verifies the signature of the provided data's IAW CMS syntax.
@@ -905,14 +907,15 @@ class AuthProtocol(_BaseAuthProtocol):
                 return cms.cms_verify(data, signing_cert_path,
                                       signing_ca_path,
                                       inform=inform).decode('utf-8')
-            except (exceptions.CMSError,
+            except (ksc_exceptions.CMSError,
                     cms.subprocess.CalledProcessError) as err:
                 self.log.warning(_LW('Verify error: %s'), err)
-                raise exc.InvalidToken(_('Token authorization failed'))
+                msg = _('Token authorization failed')
+                raise ksm_exceptions.InvalidToken(msg)
 
         try:
             return verify()
-        except exceptions.CertificateConfigError:
+        except ksc_exceptions.CertificateConfigError:
             # the certs might be missing; unconditionally fetch to avoid racing
             self._fetch_signing_cert()
             self._fetch_ca_cert()
@@ -920,7 +923,7 @@ class AuthProtocol(_BaseAuthProtocol):
             try:
                 # retry with certs in place
                 return verify()
-            except exceptions.CertificateConfigError as err:
+            except ksc_exceptions.CertificateConfigError as err:
                 # if this is still occurring, something else is wrong and we
                 # need err.output to identify the problem
                 self.log.error(_LE('CMS Verify output: %s'), err.output)
@@ -942,7 +945,7 @@ class AuthProtocol(_BaseAuthProtocol):
         # TypeError If the signed_text is not zlib compressed
         # binascii.Error if signed_text has incorrect base64 padding (py34)
         except (TypeError, binascii.Error):
-            raise exc.InvalidToken(signed_text)
+            raise ksm_exceptions.InvalidToken(signed_text)
 
     def _fetch_signing_cert(self):
         self._signing_directory.write_file(
@@ -1105,7 +1108,7 @@ def app_factory(global_conf, **local_conf):
 
 
 # NOTE(jamielennox): Maintained here for public API compatibility.
-InvalidToken = exc.InvalidToken
-ServiceError = exc.ServiceError
-ConfigurationError = exc.ConfigurationError
-RevocationListError = exc.RevocationListError
+InvalidToken = ksm_exceptions.InvalidToken
+ServiceError = ksm_exceptions.ServiceError
+ConfigurationError = ksm_exceptions.ConfigurationError
+RevocationListError = ksm_exceptions.RevocationListError
diff --git a/keystonemiddleware/auth_token/_identity.py b/keystonemiddleware/auth_token/_identity.py
index 6fbeac27..06216b64 100644
--- a/keystonemiddleware/auth_token/_identity.py
+++ b/keystonemiddleware/auth_token/_identity.py
@@ -14,13 +14,13 @@ import functools
 
 from keystoneclient import auth
 from keystoneclient import discover
-from keystoneclient import exceptions
+from keystoneclient import exceptions as ksc_exceptions
 from keystoneclient.v2_0 import client as v2_client
 from keystoneclient.v3 import client as v3_client
 from six.moves import urllib
 
 from keystonemiddleware.auth_token import _auth
-from keystonemiddleware.auth_token import _exceptions as exc
+from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
 from keystonemiddleware.i18n import _, _LE, _LI, _LW
 
 
@@ -29,8 +29,8 @@ def _convert_fetch_cert_exception(fetch_cert):
     def wrapper(self):
         try:
             text = fetch_cert(self)
-        except exceptions.HTTPError as e:
-            raise exceptions.CertificateConfigError(e.details)
+        except ksc_exceptions.HTTPError as e:
+            raise ksc_exceptions.CertificateConfigError(e.details)
         return text
 
     return wrapper
@@ -77,7 +77,7 @@ class _V2RequestStrategy(_RequestStrategy):
 
         if not auth_ref:
             msg = _('Failed to fetch token data from identity server')
-            raise exc.InvalidToken(msg)
+            raise ksm_exceptions.InvalidToken(msg)
 
         return {'access': auth_ref}
 
@@ -106,7 +106,7 @@ class _V3RequestStrategy(_RequestStrategy):
 
         if not auth_ref:
             msg = _('Failed to fetch token data from identity server')
-            raise exc.InvalidToken(msg)
+            raise ksm_exceptions.InvalidToken(msg)
 
         return {'token': auth_ref}
 
@@ -194,7 +194,7 @@ class IdentityServer(object):
                         ', '.join(versions))
 
         msg = _('No compatible apis supported by server')
-        raise exc.ServiceError(msg)
+        raise ksm_exceptions.ServiceError(msg)
 
     def verify_token(self, user_token, retry=True):
         """Authenticate user token with identity server.
@@ -211,11 +211,11 @@ class IdentityServer(object):
         """
         try:
             auth_ref = self._request_strategy.verify_token(user_token)
-        except exceptions.NotFound as e:
+        except ksc_exceptions.NotFound as e:
             self._LOG.warning(_LW('Authorization failed for token'))
             self._LOG.warning(_LW('Identity response: %s'), e.response.text)
-            raise exc.InvalidToken(_('Token authorization failed'))
-        except exceptions.Unauthorized as e:
+            raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
+        except ksc_exceptions.Unauthorized as e:
             self._LOG.info(_LI('Identity server rejected authorization'))
             self._LOG.warning(_LW('Identity response: %s'), e.response.text)
             if retry:
@@ -223,26 +223,26 @@ class IdentityServer(object):
                 return self.verify_token(user_token, False)
             msg = _('Identity server rejected authorization necessary to '
                     'fetch token data')
-            raise exc.ServiceError(msg)
-        except exceptions.HttpError as e:
+            raise ksm_exceptions.ServiceError(msg)
+        except ksc_exceptions.HttpError as e:
             self._LOG.error(
                 _LE('Bad response code while validating token: %s'),
                 e.http_status)
             self._LOG.warning(_LW('Identity response: %s'), e.response.text)
             msg = _('Failed to fetch token data from identity server')
-            raise exc.ServiceError(msg)
+            raise ksm_exceptions.ServiceError(msg)
         else:
             return auth_ref
 
     def fetch_revocation_list(self):
         try:
             data = self._request_strategy.fetch_revocation_list()
-        except exceptions.HTTPError as e:
+        except ksc_exceptions.HTTPError as e:
             msg = _('Failed to fetch token revocation list: %d')
-            raise exc.RevocationListError(msg % e.http_status)
+            raise ksm_exceptions.RevocationListError(msg % e.http_status)
         if 'signed' not in data:
             msg = _('Revocation list improperly formatted.')
-            raise exc.RevocationListError(msg)
+            raise ksm_exceptions.RevocationListError(msg)
         return data['signed']
 
     def fetch_signing_cert(self):
diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
index 9d60bc68..016673a2 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
@@ -25,7 +25,7 @@ import uuid
 import fixtures
 from keystoneclient import auth
 from keystoneclient.common import cms
-from keystoneclient import exceptions
+from keystoneclient import exceptions as ksc_exceptions
 from keystoneclient import fixture
 from keystoneclient import session
 import mock
@@ -42,7 +42,7 @@ import webob.dec
 
 from keystonemiddleware import auth_token
 from keystonemiddleware.auth_token import _base
-from keystonemiddleware.auth_token import _exceptions as exc
+from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
 from keystonemiddleware.auth_token import _revocations
 from keystonemiddleware.openstack.common import memorycache
 from keystonemiddleware.tests.unit.auth_token import base
@@ -512,7 +512,7 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
         conf = {
             'include_service_catalog': '123',
         }
-        self.assertRaises(exc.ConfigurationError,
+        self.assertRaises(ksm_exceptions.ConfigurationError,
                           auth_token.AuthProtocol, self.fake_app, conf)
 
     def test_auth_region_name(self):
@@ -656,7 +656,7 @@ class CommonAuthTokenMiddlewareTest(object):
         # test the case where that retrieval fails
         self.middleware._revocations._fetched_time = datetime.datetime.min
         with mock.patch.object(self.middleware._revocations, '_fetch',
-                               side_effect=exc.RevocationListError):
+                               side_effect=ksm_exceptions.RevocationListError):
             self.call_middleware(headers={'X-Auth-Token': token},
                                  expected_status=503)
 
@@ -797,7 +797,7 @@ class CommonAuthTokenMiddlewareTest(object):
     def test_verify_signed_token_raises_exception_for_revoked_token(self):
         self.middleware._revocations._list = (
             self.get_revocation_list_json())
-        self.assertRaises(exc.InvalidToken,
+        self.assertRaises(ksm_exceptions.InvalidToken,
                           self.middleware._verify_signed_token,
                           self.token_dict['revoked_token'],
                           [self.token_dict['revoked_token_hash']])
@@ -807,7 +807,7 @@ class CommonAuthTokenMiddlewareTest(object):
         self.set_middleware()
         self.middleware._revocations._list = (
             self.get_revocation_list_json(mode='sha256'))
-        self.assertRaises(exc.InvalidToken,
+        self.assertRaises(ksm_exceptions.InvalidToken,
                           self.middleware._verify_signed_token,
                           self.token_dict['revoked_token'],
                           [self.token_dict['revoked_token_hash_sha256'],
@@ -816,7 +816,7 @@ class CommonAuthTokenMiddlewareTest(object):
     def test_verify_signed_token_raises_exception_for_revoked_pkiz_token(self):
         self.middleware._revocations._list = (
             self.examples.REVOKED_TOKEN_PKIZ_LIST_JSON)
-        self.assertRaises(exc.InvalidToken,
+        self.assertRaises(ksm_exceptions.InvalidToken,
                           self.middleware._verify_pkiz_token,
                           self.token_dict['revoked_token_pkiz'],
                           [self.token_dict['revoked_token_pkiz_hash']])
@@ -912,7 +912,7 @@ class CommonAuthTokenMiddlewareTest(object):
 
     def test_invalid_revocation_list_raises_error(self):
         self.requests_mock.get(self.revocation_url, json={})
-        self.assertRaises(exc.RevocationListError,
+        self.assertRaises(ksm_exceptions.RevocationListError,
                           self.middleware._revocations._fetch)
 
     def test_fetch_revocation_list(self):
@@ -983,7 +983,8 @@ class CommonAuthTokenMiddlewareTest(object):
         token = 'invalid-token'
         self.call_middleware(headers={'X-Auth-Token': token},
                              expected_status=401)
-        self.assertRaises(exc.InvalidToken, self._get_cached_token, token)
+        self.assertRaises(ksm_exceptions.InvalidToken,
+                          self._get_cached_token, token)
 
     def test_memcache_set_expired(self, extra_conf={}, extra_environ={}):
         token_cache_time = 10
@@ -1319,7 +1320,7 @@ class V2CertDownloadMiddlewareTest(BaseAuthTokenMiddlewareTest,
                                status_code=404)
         self.requests_mock.get('%s%s' % (BASE_URI, self.signing_path),
                                status_code=404)
-        self.assertRaises(exceptions.CertificateConfigError,
+        self.assertRaises(ksc_exceptions.CertificateConfigError,
                           self.middleware._verify_signed_token,
                           self.examples.SIGNED_TOKEN_SCOPED,
                           [self.examples.SIGNED_TOKEN_SCOPED_HASH])
@@ -1411,7 +1412,7 @@ class V3CertDownloadMiddlewareTest(V2CertDownloadMiddlewareTest):
 
 
 def network_error_response(request, context):
-    raise exceptions.ConnectionRefused("Network connection refused.")
+    raise ksc_exceptions.ConnectionRefused("Network connection refused.")
 
 
 class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
@@ -1680,7 +1681,8 @@ class v3AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
         self.assertEqual(auth_id, FAKE_ADMIN_TOKEN_ID)
 
         if token_id == ERROR_TOKEN:
-            raise exceptions.ConnectionRefused("Network connection refused.")
+            msg = "Network connection refused."
+            raise ksc_exceptions.ConnectionRefused(msg)
 
         try:
             response = self.examples.JSON_TOKEN_RESPONSES[token_id]
@@ -2131,7 +2133,8 @@ class v3CompositeAuthTests(BaseAuthTokenMiddlewareTest,
         response = ""
 
         if token_id == ERROR_TOKEN:
-            raise exceptions.ConnectionRefused("Network connection refused.")
+            msg = "Network connection refused."
+            raise ksc_exceptions.ConnectionRefused(msg)
 
         try:
             response = self.examples.JSON_TOKEN_RESPONSES[token_id]
@@ -2281,7 +2284,7 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest):
                         group=_base.AUTHTOKEN_GROUP)
 
         self.assertRaises(
-            exceptions.NoMatchingPlugin,
+            ksc_exceptions.NoMatchingPlugin,
             self.create_simple_middleware)
 
     def test_plugin_loading_mixed_opts(self):