Merge "Remove log translations"
This commit is contained in:
commit
712438ebf9
|
@ -36,7 +36,6 @@ import webob.dec
|
||||||
from keystonemiddleware._common import config
|
from keystonemiddleware._common import config
|
||||||
from keystonemiddleware.audit import _api
|
from keystonemiddleware.audit import _api
|
||||||
from keystonemiddleware.audit import _notifier
|
from keystonemiddleware.audit import _notifier
|
||||||
from keystonemiddleware.i18n import _LE
|
|
||||||
|
|
||||||
|
|
||||||
_LOG = None
|
_LOG = None
|
||||||
|
@ -68,8 +67,8 @@ def _log_and_ignore_error(fn):
|
||||||
try:
|
try:
|
||||||
return fn(*args, **kwargs)
|
return fn(*args, **kwargs)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
_LOG.exception(_LE('An exception occurred processing '
|
_LOG.exception('An exception occurred processing '
|
||||||
'the API call: %s '), e)
|
'the API call: %s ', e)
|
||||||
return wrapper
|
return wrapper
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -28,9 +28,6 @@ import six
|
||||||
from six.moves import configparser
|
from six.moves import configparser
|
||||||
from six.moves.urllib import parse as urlparse
|
from six.moves.urllib import parse as urlparse
|
||||||
|
|
||||||
from keystonemiddleware.i18n import _LW
|
|
||||||
|
|
||||||
|
|
||||||
# NOTE(blk-u): Compatibility for Python 2. SafeConfigParser and
|
# NOTE(blk-u): Compatibility for Python 2. SafeConfigParser and
|
||||||
# SafeConfigParser.readfp are deprecated in Python 3. Remove this when we drop
|
# SafeConfigParser.readfp are deprecated in Python 3. Remove this when we drop
|
||||||
# support for Python 2.
|
# support for Python 2.
|
||||||
|
@ -253,14 +250,14 @@ class OpenStackAuditApi(object):
|
||||||
try:
|
try:
|
||||||
catalog = jsonutils.loads(req.environ['HTTP_X_SERVICE_CATALOG'])
|
catalog = jsonutils.loads(req.environ['HTTP_X_SERVICE_CATALOG'])
|
||||||
except KeyError:
|
except KeyError:
|
||||||
msg = _LW('Unable to discover target information because '
|
self._log.warning(
|
||||||
|
'Unable to discover target information because '
|
||||||
'service catalog is missing. Either the incoming '
|
'service catalog is missing. Either the incoming '
|
||||||
'request does not contain an auth token or auth '
|
'request does not contain an auth token or auth '
|
||||||
'token does not contain a service catalog. For '
|
'token does not contain a service catalog. For '
|
||||||
'the latter, please make sure the '
|
'the latter, please make sure the '
|
||||||
'"include_service_catalog" property in '
|
'"include_service_catalog" property in '
|
||||||
'auth_token middleware is set to "True"')
|
'auth_token middleware is set to "True"')
|
||||||
self._log.warning(msg)
|
|
||||||
|
|
||||||
default_endpoint = None
|
default_endpoint = None
|
||||||
for endp in catalog:
|
for endp in catalog:
|
||||||
|
|
|
@ -18,8 +18,6 @@ try:
|
||||||
except ImportError:
|
except ImportError:
|
||||||
oslo_messaging = None
|
oslo_messaging = None
|
||||||
|
|
||||||
from keystonemiddleware.i18n import _LI
|
|
||||||
|
|
||||||
|
|
||||||
class _LogNotifier(object):
|
class _LogNotifier(object):
|
||||||
|
|
||||||
|
@ -27,8 +25,8 @@ class _LogNotifier(object):
|
||||||
self._log = log
|
self._log = log
|
||||||
|
|
||||||
def notify(self, context, event_type, payload):
|
def notify(self, context, event_type, payload):
|
||||||
self._log.info(_LI('Event type: %(event_type)s, Context: %(context)s, '
|
self._log.info('Event type: %(event_type)s, Context: %(context)s, '
|
||||||
'Payload: %(payload)s'), {'context': context,
|
'Payload: %(payload)s', {'context': context,
|
||||||
'event_type': event_type,
|
'event_type': event_type,
|
||||||
'payload': payload})
|
'payload': payload})
|
||||||
|
|
||||||
|
|
|
@ -241,7 +241,7 @@ from keystonemiddleware.auth_token import _request
|
||||||
from keystonemiddleware.auth_token import _revocations
|
from keystonemiddleware.auth_token import _revocations
|
||||||
from keystonemiddleware.auth_token import _signing_dir
|
from keystonemiddleware.auth_token import _signing_dir
|
||||||
from keystonemiddleware.auth_token import _user_plugin
|
from keystonemiddleware.auth_token import _user_plugin
|
||||||
from keystonemiddleware.i18n import _, _LC, _LE, _LI, _LW
|
from keystonemiddleware.i18n import _
|
||||||
|
|
||||||
|
|
||||||
_LOG = logging.getLogger(__name__)
|
_LOG = logging.getLogger(__name__)
|
||||||
|
@ -362,7 +362,7 @@ class BaseAuthProtocol(object):
|
||||||
self._validate_token(serv_auth_ref)
|
self._validate_token(serv_auth_ref)
|
||||||
self._confirm_token_bind(serv_auth_ref, request)
|
self._confirm_token_bind(serv_auth_ref, request)
|
||||||
except ksm_exceptions.InvalidToken:
|
except ksm_exceptions.InvalidToken:
|
||||||
self.log.info(_LI('Invalid service token'))
|
self.log.info('Invalid service token')
|
||||||
request.service_token_valid = False
|
request.service_token_valid = False
|
||||||
else:
|
else:
|
||||||
# FIXME(jamielennox): The new behaviour for service tokens is
|
# FIXME(jamielennox): The new behaviour for service tokens is
|
||||||
|
@ -383,12 +383,12 @@ class BaseAuthProtocol(object):
|
||||||
request.service_token_valid = role_check_passed
|
request.service_token_valid = role_check_passed
|
||||||
else:
|
else:
|
||||||
if not self._service_token_warning_emitted:
|
if not self._service_token_warning_emitted:
|
||||||
self.log.warning(_LW('A valid token was submitted as '
|
self.log.warning('A valid token was submitted as '
|
||||||
'a service token, but it was not '
|
'a service token, but it was not '
|
||||||
'a valid service token. This is '
|
'a valid service token. This is '
|
||||||
'incorrect but backwards '
|
'incorrect but backwards '
|
||||||
'compatible behaviour. This will '
|
'compatible behaviour. This will '
|
||||||
'be removed in future releases.'))
|
'be removed in future releases.')
|
||||||
# prevent log spam on every single request
|
# prevent log spam on every single request
|
||||||
self._service_token_warning_emitted = True
|
self._service_token_warning_emitted = True
|
||||||
|
|
||||||
|
@ -408,7 +408,7 @@ class BaseAuthProtocol(object):
|
||||||
if not request.service_token:
|
if not request.service_token:
|
||||||
self._confirm_token_bind(user_auth_ref, request)
|
self._confirm_token_bind(user_auth_ref, request)
|
||||||
except ksm_exceptions.InvalidToken:
|
except ksm_exceptions.InvalidToken:
|
||||||
self.log.info(_LI('Invalid user token'))
|
self.log.info('Invalid user token')
|
||||||
request.user_token_valid = False
|
request.user_token_valid = False
|
||||||
else:
|
else:
|
||||||
request.user_token_valid = True
|
request.user_token_valid = True
|
||||||
|
@ -443,7 +443,7 @@ class BaseAuthProtocol(object):
|
||||||
try:
|
try:
|
||||||
return data, access.create(body=data, auth_token=token)
|
return data, access.create(body=data, auth_token=token)
|
||||||
except Exception:
|
except Exception:
|
||||||
self.log.warning(_LW('Invalid token contents.'), exc_info=True)
|
self.log.warning('Invalid token contents.', exc_info=True)
|
||||||
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
|
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
|
||||||
|
|
||||||
def fetch_token(self, token, **kwargs):
|
def fetch_token(self, token, **kwargs):
|
||||||
|
@ -496,7 +496,7 @@ class BaseAuthProtocol(object):
|
||||||
# no bind provided and none required
|
# no bind provided and none required
|
||||||
return
|
return
|
||||||
else:
|
else:
|
||||||
self.log.info(_LI('No bind information present in token.'))
|
self.log.info('No bind information present in token.')
|
||||||
self._invalid_user_token()
|
self._invalid_user_token()
|
||||||
|
|
||||||
# get the named mode if bind_mode is not one of the predefined
|
# get the named mode if bind_mode is not one of the predefined
|
||||||
|
@ -506,20 +506,20 @@ class BaseAuthProtocol(object):
|
||||||
name = self._enforce_token_bind
|
name = self._enforce_token_bind
|
||||||
|
|
||||||
if name and name not in auth_ref.bind:
|
if name and name not in auth_ref.bind:
|
||||||
self.log.info(_LI('Named bind mode %s not in bind information'),
|
self.log.info('Named bind mode %s not in bind information',
|
||||||
name)
|
name)
|
||||||
self._invalid_user_token()
|
self._invalid_user_token()
|
||||||
|
|
||||||
for bind_type, identifier in six.iteritems(auth_ref.bind):
|
for bind_type, identifier in six.iteritems(auth_ref.bind):
|
||||||
if bind_type == _BIND_MODE.KERBEROS:
|
if bind_type == _BIND_MODE.KERBEROS:
|
||||||
if req.auth_type != 'negotiate':
|
if req.auth_type != 'negotiate':
|
||||||
self.log.info(_LI('Kerberos credentials required and '
|
self.log.info('Kerberos credentials required and '
|
||||||
'not present.'))
|
'not present.')
|
||||||
self._invalid_user_token()
|
self._invalid_user_token()
|
||||||
|
|
||||||
if req.remote_user != identifier:
|
if req.remote_user != identifier:
|
||||||
self.log.info(_LI('Kerberos credentials do not match '
|
self.log.info('Kerberos credentials do not match '
|
||||||
'those in bind.'))
|
'those in bind.')
|
||||||
self._invalid_user_token()
|
self._invalid_user_token()
|
||||||
|
|
||||||
self.log.debug('Kerberos bind authentication successful.')
|
self.log.debug('Kerberos bind authentication successful.')
|
||||||
|
@ -532,8 +532,8 @@ class BaseAuthProtocol(object):
|
||||||
|
|
||||||
else:
|
else:
|
||||||
self.log.info(
|
self.log.info(
|
||||||
_LI('Couldn`t verify unknown bind: %(bind_type)s: '
|
'Couldn`t verify unknown bind: %(bind_type)s: '
|
||||||
'%(identifier)s.'),
|
'%(identifier)s.',
|
||||||
{'bind_type': bind_type, 'identifier': identifier})
|
{'bind_type': bind_type, 'identifier': identifier})
|
||||||
self._invalid_user_token()
|
self._invalid_user_token()
|
||||||
|
|
||||||
|
@ -548,7 +548,7 @@ class AuthProtocol(BaseAuthProtocol):
|
||||||
|
|
||||||
def __init__(self, app, conf):
|
def __init__(self, app, conf):
|
||||||
log = logging.getLogger(conf.get('log_name', __name__))
|
log = logging.getLogger(conf.get('log_name', __name__))
|
||||||
log.info(_LI('Starting Keystone auth_token middleware'))
|
log.info('Starting Keystone auth_token middleware')
|
||||||
|
|
||||||
self._conf = config.Config('auth_token',
|
self._conf = config.Config('auth_token',
|
||||||
_base.AUTHTOKEN_GROUP,
|
_base.AUTHTOKEN_GROUP,
|
||||||
|
@ -558,10 +558,10 @@ class AuthProtocol(BaseAuthProtocol):
|
||||||
token_roles_required = self._conf.get('service_token_roles_required')
|
token_roles_required = self._conf.get('service_token_roles_required')
|
||||||
|
|
||||||
if not token_roles_required:
|
if not token_roles_required:
|
||||||
log.warning(_LW('AuthToken middleware is set with '
|
log.warning('AuthToken middleware is set with '
|
||||||
'keystone_authtoken.service_token_roles_required '
|
'keystone_authtoken.service_token_roles_required '
|
||||||
'set to False. This is backwards compatible but '
|
'set to False. This is backwards compatible but '
|
||||||
'deprecated behaviour. Please set this to True.'))
|
'deprecated behaviour. Please set this to True.')
|
||||||
|
|
||||||
super(AuthProtocol, self).__init__(
|
super(AuthProtocol, self).__init__(
|
||||||
app,
|
app,
|
||||||
|
@ -584,9 +584,9 @@ class AuthProtocol(BaseAuthProtocol):
|
||||||
self._auth_uri = self._conf.get('auth_uri')
|
self._auth_uri = self._conf.get('auth_uri')
|
||||||
if not self._auth_uri:
|
if not self._auth_uri:
|
||||||
self.log.warning(
|
self.log.warning(
|
||||||
_LW('Configuring auth_uri to point to the public identity '
|
'Configuring auth_uri to point to the public identity '
|
||||||
'endpoint is required; clients may not be able to '
|
'endpoint is required; clients may not be able to '
|
||||||
'authenticate against an admin endpoint'))
|
'authenticate against an admin endpoint')
|
||||||
|
|
||||||
# FIXME(dolph): drop support for this fallback behavior as
|
# FIXME(dolph): drop support for this fallback behavior as
|
||||||
# documented in bug 1207517.
|
# documented in bug 1207517.
|
||||||
|
@ -640,7 +640,7 @@ class AuthProtocol(BaseAuthProtocol):
|
||||||
if self._delay_auth_decision:
|
if self._delay_auth_decision:
|
||||||
self.log.debug('Deferring reject downstream')
|
self.log.debug('Deferring reject downstream')
|
||||||
else:
|
else:
|
||||||
self.log.info(_LI('Rejecting request'))
|
self.log.info('Rejecting request')
|
||||||
message = _('The request you have made requires '
|
message = _('The request you have made requires '
|
||||||
'authentication.')
|
'authentication.')
|
||||||
body = {'error': {
|
body = {'error': {
|
||||||
|
@ -767,14 +767,14 @@ class AuthProtocol(BaseAuthProtocol):
|
||||||
ksa_exceptions.RequestTimeout,
|
ksa_exceptions.RequestTimeout,
|
||||||
ksm_exceptions.RevocationListError,
|
ksm_exceptions.RevocationListError,
|
||||||
ksm_exceptions.ServiceError) as e:
|
ksm_exceptions.ServiceError) as e:
|
||||||
self.log.critical(_LC('Unable to validate token: %s'), e)
|
self.log.critical('Unable to validate token: %s', e)
|
||||||
raise webob.exc.HTTPServiceUnavailable()
|
raise webob.exc.HTTPServiceUnavailable()
|
||||||
except ksm_exceptions.InvalidToken:
|
except ksm_exceptions.InvalidToken:
|
||||||
self.log.debug('Token validation failure.', exc_info=True)
|
self.log.debug('Token validation failure.', exc_info=True)
|
||||||
if token_hashes:
|
if token_hashes:
|
||||||
self._token_cache.set(token_hashes[0],
|
self._token_cache.set(token_hashes[0],
|
||||||
_CACHE_INVALID_INDICATOR)
|
_CACHE_INVALID_INDICATOR)
|
||||||
self.log.warning(_LW('Authorization failed for token'))
|
self.log.warning('Authorization failed for token')
|
||||||
raise
|
raise
|
||||||
|
|
||||||
return data
|
return data
|
||||||
|
@ -794,11 +794,11 @@ class AuthProtocol(BaseAuthProtocol):
|
||||||
self._revocations.check(token_hashes)
|
self._revocations.check(token_hashes)
|
||||||
verified = self._cms_verify(token_data, inform)
|
verified = self._cms_verify(token_data, inform)
|
||||||
except ksc_exceptions.CertificateConfigError:
|
except ksc_exceptions.CertificateConfigError:
|
||||||
self.log.warning(_LW('Fetch certificate config failed, '
|
self.log.warning('Fetch certificate config failed, '
|
||||||
'fallback to online validation.'))
|
'fallback to online validation.')
|
||||||
except ksm_exceptions.RevocationListError:
|
except ksm_exceptions.RevocationListError:
|
||||||
self.log.warning(_LW('Fetch revocation list failed, '
|
self.log.warning('Fetch revocation list failed, '
|
||||||
'fallback to online validation.'))
|
'fallback to online validation.')
|
||||||
else:
|
else:
|
||||||
data = jsonutils.loads(verified)
|
data = jsonutils.loads(verified)
|
||||||
|
|
||||||
|
@ -839,7 +839,7 @@ class AuthProtocol(BaseAuthProtocol):
|
||||||
inform=inform).decode('utf-8')
|
inform=inform).decode('utf-8')
|
||||||
except (ksc_exceptions.CMSError,
|
except (ksc_exceptions.CMSError,
|
||||||
cms.subprocess.CalledProcessError) as err:
|
cms.subprocess.CalledProcessError) as err:
|
||||||
self.log.warning(_LW('Verify error: %s'), err)
|
self.log.warning('Verify error: %s', err)
|
||||||
msg = _('Token authorization failed')
|
msg = _('Token authorization failed')
|
||||||
raise ksm_exceptions.InvalidToken(msg)
|
raise ksm_exceptions.InvalidToken(msg)
|
||||||
|
|
||||||
|
@ -856,7 +856,7 @@ class AuthProtocol(BaseAuthProtocol):
|
||||||
except ksc_exceptions.CertificateConfigError as err:
|
except ksc_exceptions.CertificateConfigError as err:
|
||||||
# if this is still occurring, something else is wrong and we
|
# if this is still occurring, something else is wrong and we
|
||||||
# need err.output to identify the problem
|
# need err.output to identify the problem
|
||||||
self.log.error(_LE('CMS Verify output: %s'), err.output)
|
self.log.error('CMS Verify output: %s', err.output)
|
||||||
raise
|
raise
|
||||||
|
|
||||||
def _fetch_signing_cert(self):
|
def _fetch_signing_cert(self):
|
||||||
|
|
|
@ -17,7 +17,7 @@ from keystoneauth1 import token_endpoint
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
|
||||||
from keystonemiddleware.auth_token import _base
|
from keystonemiddleware.auth_token import _base
|
||||||
from keystonemiddleware.i18n import _, _LW
|
from keystonemiddleware.i18n import _
|
||||||
|
|
||||||
|
|
||||||
class AuthTokenPlugin(plugin.BaseAuthPlugin):
|
class AuthTokenPlugin(plugin.BaseAuthPlugin):
|
||||||
|
@ -26,22 +26,22 @@ class AuthTokenPlugin(plugin.BaseAuthPlugin):
|
||||||
admin_user, admin_password, admin_tenant_name, admin_token,
|
admin_user, admin_password, admin_tenant_name, admin_token,
|
||||||
identity_uri, log):
|
identity_uri, log):
|
||||||
|
|
||||||
log.warning(_LW(
|
log.warning(
|
||||||
"Use of the auth_admin_prefix, auth_host, auth_port, "
|
"Use of the auth_admin_prefix, auth_host, auth_port, "
|
||||||
"auth_protocol, identity_uri, admin_token, admin_user, "
|
"auth_protocol, identity_uri, admin_token, admin_user, "
|
||||||
"admin_password, and admin_tenant_name configuration options was "
|
"admin_password, and admin_tenant_name configuration options was "
|
||||||
"deprecated in the Mitaka release in favor of an auth_plugin and "
|
"deprecated in the Mitaka release in favor of an auth_plugin and "
|
||||||
"its related options. This class may be removed in a future "
|
"its related options. This class may be removed in a future "
|
||||||
"release."))
|
"release.")
|
||||||
|
|
||||||
# NOTE(jamielennox): it does appear here that our default arguments
|
# NOTE(jamielennox): it does appear here that our default arguments
|
||||||
# are backwards. We need to do it this way so that we can handle the
|
# are backwards. We need to do it this way so that we can handle the
|
||||||
# same deprecation strategy for CONF and the conf variable.
|
# same deprecation strategy for CONF and the conf variable.
|
||||||
if not identity_uri:
|
if not identity_uri:
|
||||||
log.warning(_LW('Configuring admin URI using auth fragments was '
|
log.warning('Configuring admin URI using auth fragments was '
|
||||||
'deprecated in the Kilo release, and will be '
|
'deprecated in the Kilo release, and will be '
|
||||||
'removed in the Newton release, '
|
'removed in the Newton release, '
|
||||||
'use \'identity_uri\ instead.'))
|
'use \'identity_uri\ instead.')
|
||||||
|
|
||||||
if ':' in auth_host:
|
if ':' in auth_host:
|
||||||
# Note(dzyu) it is an IPv6 address, so it needs to be wrapped
|
# Note(dzyu) it is an IPv6 address, so it needs to be wrapped
|
||||||
|
@ -66,10 +66,10 @@ class AuthTokenPlugin(plugin.BaseAuthPlugin):
|
||||||
auth_url = '%s/v2.0' % self._identity_uri
|
auth_url = '%s/v2.0' % self._identity_uri
|
||||||
|
|
||||||
if admin_token:
|
if admin_token:
|
||||||
log.warning(_LW(
|
log.warning(
|
||||||
"The admin_token option in auth_token middleware was "
|
"The admin_token option in auth_token middleware was "
|
||||||
"deprecated in the Kilo release, and will be removed in the "
|
"deprecated in the Kilo release, and will be removed in the "
|
||||||
"Newton release, use admin_user and admin_password instead."))
|
"Newton release, use admin_user and admin_password instead.")
|
||||||
self._plugin = token_endpoint.Token(auth_url, admin_token)
|
self._plugin = token_endpoint.Token(auth_url, admin_token)
|
||||||
else:
|
else:
|
||||||
self._plugin = v2.Password(auth_url,
|
self._plugin = v2.Password(auth_url,
|
||||||
|
|
|
@ -20,7 +20,7 @@ import six
|
||||||
from keystonemiddleware.auth_token import _exceptions as exc
|
from keystonemiddleware.auth_token import _exceptions as exc
|
||||||
from keystonemiddleware.auth_token import _memcache_crypt as memcache_crypt
|
from keystonemiddleware.auth_token import _memcache_crypt as memcache_crypt
|
||||||
from keystonemiddleware.auth_token import _memcache_pool as memcache_pool
|
from keystonemiddleware.auth_token import _memcache_pool as memcache_pool
|
||||||
from keystonemiddleware.i18n import _, _LE, _LW
|
from keystonemiddleware.i18n import _
|
||||||
|
|
||||||
|
|
||||||
def _hash_key(key):
|
def _hash_key(key):
|
||||||
|
@ -57,7 +57,7 @@ class _CachePool(list):
|
||||||
def __init__(self, memcached_servers, log):
|
def __init__(self, memcached_servers, log):
|
||||||
self._memcached_servers = memcached_servers
|
self._memcached_servers = memcached_servers
|
||||||
if not self._memcached_servers:
|
if not self._memcached_servers:
|
||||||
log.warning(_LW(
|
log.warning(
|
||||||
"Using the in-process token cache is deprecated as of the "
|
"Using the in-process token cache is deprecated as of the "
|
||||||
"4.2.0 release and may be removed in the 5.0.0 release or "
|
"4.2.0 release and may be removed in the 5.0.0 release or "
|
||||||
"the 'O' development cycle. The in-process cache causes "
|
"the 'O' development cycle. The in-process cache causes "
|
||||||
|
@ -65,7 +65,7 @@ class _CachePool(list):
|
||||||
"is removed the auth_token middleware will not cache tokens "
|
"is removed the auth_token middleware will not cache tokens "
|
||||||
"by default which may result in performance issues. It is "
|
"by default which may result in performance issues. It is "
|
||||||
"recommended to use memcache for the auth_token token cache "
|
"recommended to use memcache for the auth_token token cache "
|
||||||
"by setting the memcached_servers option."))
|
"by setting the memcached_servers option.")
|
||||||
|
|
||||||
@contextlib.contextmanager
|
@contextlib.contextmanager
|
||||||
def reserve(self):
|
def reserve(self):
|
||||||
|
@ -274,7 +274,7 @@ class SecureTokenCache(TokenCache):
|
||||||
# unprotect_data will return None if raw_cached is None
|
# unprotect_data will return None if raw_cached is None
|
||||||
return memcache_crypt.unprotect_data(context, data)
|
return memcache_crypt.unprotect_data(context, data)
|
||||||
except Exception:
|
except Exception:
|
||||||
msg = _LE('Failed to decrypt/verify cache data')
|
msg = 'Failed to decrypt/verify cache data'
|
||||||
self._LOG.exception(msg)
|
self._LOG.exception(msg)
|
||||||
|
|
||||||
# this should have the same effect as data not
|
# this should have the same effect as data not
|
||||||
|
|
|
@ -22,7 +22,7 @@ from six.moves import urllib
|
||||||
|
|
||||||
from keystonemiddleware.auth_token import _auth
|
from keystonemiddleware.auth_token import _auth
|
||||||
from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
|
from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
|
||||||
from keystonemiddleware.i18n import _, _LE, _LI, _LW
|
from keystonemiddleware.i18n import _
|
||||||
|
|
||||||
|
|
||||||
def _convert_fetch_cert_exception(fetch_cert):
|
def _convert_fetch_cert_exception(fetch_cert):
|
||||||
|
@ -193,7 +193,7 @@ class IdentityServer(object):
|
||||||
return klass
|
return klass
|
||||||
|
|
||||||
versions = ['v%d.%d' % s.AUTH_VERSION for s in _REQUEST_STRATEGIES]
|
versions = ['v%d.%d' % s.AUTH_VERSION for s in _REQUEST_STRATEGIES]
|
||||||
self._LOG.error(_LE('No attempted versions [%s] supported by server'),
|
self._LOG.error('No attempted versions [%s] supported by server',
|
||||||
', '.join(versions))
|
', '.join(versions))
|
||||||
|
|
||||||
msg = _('No compatible apis supported by server')
|
msg = _('No compatible apis supported by server')
|
||||||
|
@ -218,23 +218,23 @@ class IdentityServer(object):
|
||||||
user_token,
|
user_token,
|
||||||
allow_expired=allow_expired)
|
allow_expired=allow_expired)
|
||||||
except ksa_exceptions.NotFound as e:
|
except ksa_exceptions.NotFound as e:
|
||||||
self._LOG.warning(_LW('Authorization failed for token'))
|
self._LOG.warning('Authorization failed for token')
|
||||||
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
|
self._LOG.warning('Identity response: %s', e.response.text)
|
||||||
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
|
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
|
||||||
except ksa_exceptions.Unauthorized as e:
|
except ksa_exceptions.Unauthorized as e:
|
||||||
self._LOG.info(_LI('Identity server rejected authorization'))
|
self._LOG.info('Identity server rejected authorization')
|
||||||
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
|
self._LOG.warning('Identity response: %s', e.response.text)
|
||||||
if retry:
|
if retry:
|
||||||
self._LOG.info(_LI('Retrying validation'))
|
self._LOG.info('Retrying validation')
|
||||||
return self.verify_token(user_token, False)
|
return self.verify_token(user_token, False)
|
||||||
msg = _('Identity server rejected authorization necessary to '
|
msg = _('Identity server rejected authorization necessary to '
|
||||||
'fetch token data')
|
'fetch token data')
|
||||||
raise ksm_exceptions.ServiceError(msg)
|
raise ksm_exceptions.ServiceError(msg)
|
||||||
except ksa_exceptions.HttpError as e:
|
except ksa_exceptions.HttpError as e:
|
||||||
self._LOG.error(
|
self._LOG.error(
|
||||||
_LE('Bad response code while validating token: %s'),
|
'Bad response code while validating token: %s',
|
||||||
e.http_status)
|
e.http_status)
|
||||||
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
|
self._LOG.warning('Identity response: %s', e.response.text)
|
||||||
msg = _('Failed to fetch token data from identity server')
|
msg = _('Failed to fetch token data from identity server')
|
||||||
raise ksm_exceptions.ServiceError(msg)
|
raise ksm_exceptions.ServiceError(msg)
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -26,9 +26,6 @@ import time
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
from six.moves import queue
|
from six.moves import queue
|
||||||
|
|
||||||
from keystonemiddleware.i18n import _LC
|
|
||||||
|
|
||||||
|
|
||||||
_PoolItem = collections.namedtuple('_PoolItem', ['ttl', 'connection'])
|
_PoolItem = collections.namedtuple('_PoolItem', ['ttl', 'connection'])
|
||||||
|
|
||||||
|
|
||||||
|
@ -77,8 +74,8 @@ class ConnectionPool(queue.Queue):
|
||||||
try:
|
try:
|
||||||
conn = self.get(timeout=self._connection_get_timeout)
|
conn = self.get(timeout=self._connection_get_timeout)
|
||||||
except queue.Empty:
|
except queue.Empty:
|
||||||
self._LOG.critical(_LC('Unable to get a connection from pool id '
|
self._LOG.critical('Unable to get a connection from pool id '
|
||||||
'%(id)s after %(seconds)s seconds.'),
|
'%(id)s after %(seconds)s seconds.',
|
||||||
{'id': id(self),
|
{'id': id(self),
|
||||||
'seconds': self._connection_get_timeout})
|
'seconds': self._connection_get_timeout})
|
||||||
raise ConnectionGetTimeoutException()
|
raise ConnectionGetTimeoutException()
|
||||||
|
|
|
@ -18,7 +18,7 @@ from oslo_log import log as logging
|
||||||
import six
|
import six
|
||||||
|
|
||||||
from keystonemiddleware.auth_token import _exceptions as exc
|
from keystonemiddleware.auth_token import _exceptions as exc
|
||||||
from keystonemiddleware.i18n import _, _LI, _LW
|
from keystonemiddleware.i18n import _
|
||||||
|
|
||||||
_LOG = logging.getLogger(__name__)
|
_LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
@ -31,7 +31,7 @@ class SigningDirectory(object):
|
||||||
self._directory_name = directory_name
|
self._directory_name = directory_name
|
||||||
if self._directory_name:
|
if self._directory_name:
|
||||||
self._log.info(
|
self._log.info(
|
||||||
_LI('Using %s as cache directory for signing certificate'),
|
'Using %s as cache directory for signing certificate',
|
||||||
self._directory_name)
|
self._directory_name)
|
||||||
self._verify_signing_dir()
|
self._verify_signing_dir()
|
||||||
|
|
||||||
|
@ -68,7 +68,7 @@ class SigningDirectory(object):
|
||||||
if self._directory_name is None:
|
if self._directory_name is None:
|
||||||
self._directory_name = tempfile.mkdtemp(prefix='keystone-signing-')
|
self._directory_name = tempfile.mkdtemp(prefix='keystone-signing-')
|
||||||
self._log.info(
|
self._log.info(
|
||||||
_LI('Using %s as cache directory for signing certificate'),
|
'Using %s as cache directory for signing certificate',
|
||||||
self._directory_name)
|
self._directory_name)
|
||||||
self._verify_signing_dir()
|
self._verify_signing_dir()
|
||||||
|
|
||||||
|
@ -80,11 +80,11 @@ class SigningDirectory(object):
|
||||||
self._directory_name)
|
self._directory_name)
|
||||||
uid = os.getuid()
|
uid = os.getuid()
|
||||||
if os.stat(self._directory_name).st_uid != uid:
|
if os.stat(self._directory_name).st_uid != uid:
|
||||||
self._log.warning(_LW('signing_dir is not owned by %s'), uid)
|
self._log.warning('signing_dir is not owned by %s', uid)
|
||||||
current_mode = stat.S_IMODE(os.stat(self._directory_name).st_mode)
|
current_mode = stat.S_IMODE(os.stat(self._directory_name).st_mode)
|
||||||
if current_mode != stat.S_IRWXU:
|
if current_mode != stat.S_IRWXU:
|
||||||
self._log.warning(
|
self._log.warning(
|
||||||
_LW('signing_dir mode is %(mode)s instead of %(need)s'),
|
'signing_dir mode is %(mode)s instead of %(need)s',
|
||||||
{'mode': oct(current_mode), 'need': oct(stat.S_IRWXU)})
|
{'mode': oct(current_mode), 'need': oct(stat.S_IRWXU)})
|
||||||
else:
|
else:
|
||||||
os.makedirs(self._directory_name, stat.S_IRWXU)
|
os.makedirs(self._directory_name, stat.S_IRWXU)
|
||||||
|
|
|
@ -25,13 +25,3 @@ _translators = i18n.TranslatorFactory(domain='keystonemiddleware')
|
||||||
|
|
||||||
# The primary translation function using the well-known name "_"
|
# The primary translation function using the well-known name "_"
|
||||||
_ = _translators.primary
|
_ = _translators.primary
|
||||||
|
|
||||||
# Translators for log levels.
|
|
||||||
#
|
|
||||||
# The abbreviated names are meant to reflect the usual use of a short
|
|
||||||
# name like '_'. The "L" is for "log" and the other letter comes from
|
|
||||||
# the level.
|
|
||||||
_LI = _translators.log_info
|
|
||||||
_LW = _translators.log_warning
|
|
||||||
_LE = _translators.log_error
|
|
||||||
_LC = _translators.log_critical
|
|
||||||
|
|
|
@ -39,9 +39,6 @@ from oslo_utils import strutils
|
||||||
import requests
|
import requests
|
||||||
import six
|
import six
|
||||||
|
|
||||||
from keystonemiddleware.i18n import _LI, _LW
|
|
||||||
|
|
||||||
|
|
||||||
PROTOCOL_NAME = 'S3 Token Authentication'
|
PROTOCOL_NAME = 'S3 Token Authentication'
|
||||||
|
|
||||||
|
|
||||||
|
@ -62,11 +59,11 @@ class S3Token(object):
|
||||||
|
|
||||||
self._request_uri = conf.get('auth_uri')
|
self._request_uri = conf.get('auth_uri')
|
||||||
if not self._request_uri:
|
if not self._request_uri:
|
||||||
self._logger.warning(_LW(
|
self._logger.warning(
|
||||||
"Use of the auth_host, auth_port, and auth_protocol "
|
"Use of the auth_host, auth_port, and auth_protocol "
|
||||||
"configuration options was deprecated in the Newton release "
|
"configuration options was deprecated in the Newton release "
|
||||||
"in favor of auth_uri. These options may be removed in a "
|
"in favor of auth_uri. These options may be removed in a "
|
||||||
"future release."))
|
"future release.")
|
||||||
auth_host = conf.get('auth_host')
|
auth_host = conf.get('auth_host')
|
||||||
auth_port = int(conf.get('auth_port', 35357))
|
auth_port = int(conf.get('auth_port', 35357))
|
||||||
auth_protocol = conf.get('auth_protocol', 'https')
|
auth_protocol = conf.get('auth_protocol', 'https')
|
||||||
|
@ -111,7 +108,7 @@ class S3Token(object):
|
||||||
headers=headers, data=creds_json,
|
headers=headers, data=creds_json,
|
||||||
verify=self._verify)
|
verify=self._verify)
|
||||||
except requests.exceptions.RequestException as e:
|
except requests.exceptions.RequestException as e:
|
||||||
self._logger.info(_LI('HTTP connection exception: %s'), e)
|
self._logger.info('HTTP connection exception: %s', e)
|
||||||
resp = self._deny_request('InvalidURI')
|
resp = self._deny_request('InvalidURI')
|
||||||
raise ServiceError(resp)
|
raise ServiceError(resp)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue