From 67435147ec4fc9762743c9474a17999a500fda07 Mon Sep 17 00:00:00 2001 From: Vishakha Agarwal Date: Mon, 27 Aug 2018 15:39:23 +0530 Subject: [PATCH] Incorrect use of translation _() Keystone uses translated strings both in logging an exceptions. This is incorrect. All strings that are passed to logging should remain un-translated. This patch addresses above issue. Change-Id: Idf4f0bc1bd63eb8dc6dc61d8a49a9e2a93320474 Closes-Bug: #1777671 --- keystone/auth/controllers.py | 5 ++- keystone/auth/core.py | 15 ++++--- keystone/common/controller.py | 6 ++- keystone/common/request.py | 17 ++++--- keystone/credential/providers/fernet/core.py | 13 +++--- keystone/federation/controllers.py | 17 ++++--- keystone/federation/idp.py | 22 +++++---- keystone/federation/utils.py | 23 ++++++---- keystone/identity/backends/ldap/common.py | 4 +- keystone/identity/backends/ldap/core.py | 6 +-- keystone/identity/core.py | 5 +-- keystone/limit/models/strict_two_level.py | 15 ++++++- keystone/models/token_model.py | 47 +++++++++++++------- keystone/notifications.py | 5 ++- keystone/oauth1/core.py | 15 ++++--- 15 files changed, 139 insertions(+), 76 deletions(-) diff --git a/keystone/auth/controllers.py b/keystone/auth/controllers.py index 65f7c9faf8..b1872b725a 100644 --- a/keystone/auth/controllers.py +++ b/keystone/auth/controllers.py @@ -254,9 +254,10 @@ class Auth(controller.V3Controller): raise exception.AdditionalAuthRequired(auth_response) if 'user_id' not in auth_context: - msg = _('User not found by auth plugin; authentication failed') + msg = 'User not found by auth plugin; authentication failed' + tr_msg = _('User not found by auth plugin; authentication failed') LOG.warning(msg) - raise exception.Unauthorized(msg) + raise exception.Unauthorized(tr_msg) @controller.protected() def check_token(self, request): diff --git a/keystone/auth/core.py b/keystone/auth/core.py index ccd40d4691..5fdbaab2ee 100644 --- a/keystone/auth/core.py +++ b/keystone/auth/core.py @@ -167,9 +167,11 @@ class AuthInfo(provider_api.ProviderAPIMixin, object): if domain_name: if (CONF.resource.domain_name_url_safe == 'strict' and utils.is_not_url_safe(domain_name)): - msg = _('Domain name cannot contain reserved characters.') + msg = 'Domain name cannot contain reserved characters.' + tr_msg = _('Domain name cannot contain reserved ' + 'characters.') LOG.warning(msg) - raise exception.Unauthorized(message=msg) + raise exception.Unauthorized(message=tr_msg) domain_ref = PROVIDERS.resource_api.get_domain_by_name( domain_name) else: @@ -187,9 +189,11 @@ class AuthInfo(provider_api.ProviderAPIMixin, object): if project_name: if (CONF.resource.project_name_url_safe == 'strict' and utils.is_not_url_safe(project_name)): - msg = _('Project name cannot contain reserved characters.') + msg = 'Project name cannot contain reserved characters.' + tr_msg = _('Project name cannot contain reserved ' + 'characters.') LOG.warning(msg) - raise exception.Unauthorized(message=msg) + raise exception.Unauthorized(message=tr_msg) if 'domain' not in project_info: raise exception.ValidationError(attribute='domain', target='project') @@ -249,8 +253,9 @@ class AuthInfo(provider_api.ProviderAPIMixin, object): user_id, hints) if len(app_creds) != 1: message = "Could not find application credential: %s" % name + tr_message = _("Could not find application credential: %s") % name LOG.warning(six.text_type(message)) - raise exception.Unauthorized(message) + raise exception.Unauthorized(tr_message) return app_creds[0] def _set_scope_from_app_cred(self, app_cred_info): diff --git a/keystone/common/controller.py b/keystone/common/controller.py index 2fe1f06724..63e4cc56ec 100644 --- a/keystone/common/controller.py +++ b/keystone/common/controller.py @@ -545,9 +545,11 @@ class V3Controller(provider_api.ProviderAPIMixin, wsgi.Application): elif token.project_scoped: return token.project_domain['id'] else: - msg = _('No domain information specified as part of list request') + msg = 'No domain information specified as part of list request' + tr_msg = _('No domain information specified as part of list ' + 'request') LOG.warning(msg) - raise exception.Unauthorized(msg) + raise exception.Unauthorized(tr_msg) def _get_domain_id_from_token(self, request): """Get the domain_id for a v3 create call. diff --git a/keystone/common/request.py b/keystone/common/request.py index 4b32c5f01c..f5be61be9b 100644 --- a/keystone/common/request.py +++ b/keystone/common/request.py @@ -90,13 +90,18 @@ class Request(webob.Request): def assert_authenticated(self): """Ensure that the current request has been authenticated.""" if not self.context: - msg = _('An authenticated call was made and there is ' - 'no request.context. This means the ' - 'auth_context middleware is not in place. You ' - 'must have this middleware in your pipeline ' - 'to perform authenticated calls') + msg = ('An authenticated call was made and there is ' + 'no request.context. This means the ' + 'auth_context middleware is not in place. You ' + 'must have this middleware in your pipeline ' + 'to perform authenticated calls') + tr_msg = _('An authenticated call was made and there is ' + 'no request.context. This means the ' + 'auth_context middleware is not in place. You ' + 'must have this middleware in your pipeline ' + 'to perform authenticated calls') LOG.warning(msg) - raise exception.Unauthorized(msg) + raise exception.Unauthorized(tr_msg) if not self.context.authenticated: # auth_context didn't decode anything we can use diff --git a/keystone/credential/providers/fernet/core.py b/keystone/credential/providers/fernet/core.py index 11fd95676e..0c2d5a3b0e 100644 --- a/keystone/credential/providers/fernet/core.py +++ b/keystone/credential/providers/fernet/core.py @@ -85,9 +85,10 @@ class Provider(core.Provider): crypto.encrypt(credential.encode('utf-8')), primary_key_hash(keys)) except (TypeError, ValueError) as e: - msg = _('Credential could not be encrypted: %s') % str(e) + msg = 'Credential could not be encrypted: %s' % str(e) + tr_msg = _('Credential could not be encrypted: %s') % str(e) LOG.error(msg) - raise exception.CredentialEncryptionError(msg) + raise exception.CredentialEncryptionError(tr_msg) def decrypt(self, credential): """Attempt to decrypt a credential. @@ -106,7 +107,9 @@ class Provider(core.Provider): credential = credential.encode('utf-8') return crypto.decrypt(credential).decode('utf-8') except (fernet.InvalidToken, TypeError, ValueError): - msg = _('Credential could not be decrypted. Please contact the' - ' administrator') + msg = ('Credential could not be decrypted. Please contact the ' + 'administrator') + tr_msg = _('Credential could not be decrypted. Please contact the ' + 'administrator') LOG.error(msg) - raise exception.CredentialEncryptionError(msg) + raise exception.CredentialEncryptionError(tr_msg) diff --git a/keystone/federation/controllers.py b/keystone/federation/controllers.py index 717f6dcb21..86bb259284 100644 --- a/keystone/federation/controllers.py +++ b/keystone/federation/controllers.py @@ -279,9 +279,10 @@ class Auth(auth_controllers.Auth): origin = request.params.get('origin') if not origin: - msg = _('Request must have an origin query parameter') + msg = 'Request must have an origin query parameter' + tr_msg = _('Request must have an origin query parameter') LOG.error(msg) - raise exception.ValidationError(msg) + raise exception.ValidationError(tr_msg) host = urllib.parse.unquote_plus(origin) @@ -290,10 +291,11 @@ class Auth(auth_controllers.Auth): for trusted in CONF.federation.trusted_dashboard] if host not in trusted_dashboards: - msg = _('%(host)s is not a trusted dashboard host') - msg = msg % {'host': host} + msg = '%(host)s is not a trusted dashboard host' % {'host': host} + tr_msg = _('%(host)s is not a trusted dashboard host') % { + 'host': host} LOG.error(msg) - raise exception.Unauthorized(msg) + raise exception.Unauthorized(tr_msg) return host @@ -321,9 +323,10 @@ class Auth(auth_controllers.Auth): remote_id_name = utils.get_remote_id_parameter(protocol_id) remote_id = request.environ[remote_id_name] except KeyError: - msg = _('Missing entity ID from environment') + msg = 'Missing entity ID from environment' + tr_msg = _('Missing entity ID from environment') LOG.error(msg) - raise exception.Unauthorized(msg) + raise exception.Unauthorized(tr_msg) host = self._get_sso_origin_host(request) diff --git a/keystone/federation/idp.py b/keystone/federation/idp.py index f8a7d24d0f..36ebb44a5e 100644 --- a/keystone/federation/idp.py +++ b/keystone/federation/idp.py @@ -408,10 +408,13 @@ def _verify_assertion_binary_is_installed(): except subprocess.CalledProcessError: msg = ( 'Unable to locate %(binary)s binary on the system. Check to make ' - 'sure it is installed.' % {'binary': CONF.saml.xmlsec1_binary} - ) + 'sure it is installed.') % {'binary': CONF.saml.xmlsec1_binary} + tr_msg = _( + 'Unable to locate %(binary)s binary on the system. Check to' + 'make sure it is installed.') % { + 'binary': CONF.saml.xmlsec1_binary} LOG.error(msg) - raise exception.SAMLSigningError(reason=msg) + raise exception.SAMLSigningError(reason=tr_msg) def _sign_assertion(assertion): @@ -482,7 +485,7 @@ def _sign_assertion(assertion): # parsing. stderr=subprocess.STDOUT) except Exception as e: - msg = ('Error when signing assertion, reason: %(reason)s%(output)s') + msg = 'Error when signing assertion, reason: %(reason)s%(output)s' LOG.error(msg, {'reason': e, 'output': ' ' + e.output if hasattr(e, 'output') else ''}) @@ -528,11 +531,14 @@ class MetadataGenerator(object): try: return sigver.read_cert_from_file(CONF.saml.certfile, 'pem') except (IOError, sigver.CertificateError) as e: - msg = _('Cannot open certificate %(cert_file)s. ' - 'Reason: %(reason)s') - msg = msg % {'cert_file': CONF.saml.certfile, 'reason': e} + msg = ('Cannot open certificate %(cert_file)s.' + 'Reason: %(reason)s') % { + 'cert_file': CONF.saml.certfile, 'reason': e} + tr_msg = _('Cannot open certificate %(cert_file)s.' + 'Reason: %(reason)s') % { + 'cert_file': CONF.saml.certfile, 'reason': e} LOG.error(msg) - raise IOError(msg) + raise IOError(tr_msg) def key_descriptor(): cert = get_cert() diff --git a/keystone/federation/utils.py b/keystone/federation/utils.py index 48ae6b3d49..3a3235131a 100644 --- a/keystone/federation/utils.py +++ b/keystone/federation/utils.py @@ -609,11 +609,14 @@ class RuleProcessor(object): # if mapping yield no valid identity values, we should bail right away # instead of continuing on with a normalized bogus user if not identity_values: - msg = _("Could not map any federated user properties to identity " - "values. Check debug logs or the mapping used for " - "additional details.") + msg = ("Could not map any federated user properties to identity " + "values. Check debug logs or the mapping used for " + "additional details.") + tr_msg = _("Could not map any federated user properties to " + "identity values. Check debug logs or the mapping" + "used for additional details.") LOG.warning(msg) - raise exception.ValidationError(msg) + raise exception.ValidationError(tr_msg) for identity_value in identity_values: if 'user' in identity_value: @@ -864,14 +867,18 @@ class RuleProcessor(object): def assert_enabled_identity_provider(federation_api, idp_id): identity_provider = federation_api.get_idp(idp_id) if identity_provider.get('enabled') is not True: - msg = _('Identity Provider %(idp)s is disabled') % {'idp': idp_id} + msg = 'Identity Provider %(idp)s is disabled' % { + 'idp': idp_id} + tr_msg = _('Identity Provider %(idp)s is disabled') % { + 'idp': idp_id} LOG.debug(msg) - raise exception.Forbidden(msg) + raise exception.Forbidden(tr_msg) def assert_enabled_service_provider_object(service_provider): if service_provider.get('enabled') is not True: sp_id = service_provider['id'] - msg = _('Service Provider %(sp)s is disabled') % {'sp': sp_id} + msg = 'Service Provider %(sp)s is disabled' % {'sp': sp_id} + tr_msg = _('Service Provider %(sp)s is disabled') % {'sp': sp_id} LOG.debug(msg) - raise exception.Forbidden(msg) + raise exception.Forbidden(tr_msg) diff --git a/keystone/identity/backends/ldap/common.py b/keystone/identity/backends/ldap/common.py index 8d632aab74..f8785e9c14 100644 --- a/keystone/identity/backends/ldap/common.py +++ b/keystone/identity/backends/ldap/common.py @@ -178,8 +178,8 @@ def convert_ldap_result(ldap_result): py_result.append((utf8_decode(dn), ldap_attrs)) if at_least_one_referral: - LOG.debug(('Referrals were returned and ignored. Enable referral ' - 'chasing in keystone.conf via [ldap] chase_referrals')) + LOG.debug('Referrals were returned and ignored. Enable referral ' + 'chasing in keystone.conf via [ldap] chase_referrals') return py_result diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py index 32cd97602f..b6b87185f6 100644 --- a/keystone/identity/backends/ldap/core.py +++ b/keystone/identity/backends/ldap/core.py @@ -30,9 +30,9 @@ from keystone.identity.backends.ldap import models CONF = keystone.conf.CONF LOG = log.getLogger(__name__) -_DEPRECATION_MSG = _('%s for the LDAP identity backend has been deprecated in ' - 'the Mitaka release in favor of read-only identity LDAP ' - 'access. It will be removed in the "O" release.') +_DEPRECATION_MSG = ('%s for the LDAP identity backend has been deprecated in ' + 'the Mitaka release in favor of read-only identity LDAP ' + 'access. It will be removed in the "O" release.') READ_ONLY_LDAP_ERROR_MESSAGE = _("LDAP does not support write operations") diff --git a/keystone/identity/core.py b/keystone/identity/core.py index 5cfe9d3d75..dfd17cd0ee 100644 --- a/keystone/identity/core.py +++ b/keystone/identity/core.py @@ -111,9 +111,8 @@ class DomainConfigs(provider_api.ProviderAPIMixin, dict): try: domain_ref = resource_api.get_domain_by_name(domain_name) except exception.DomainNotFound: - LOG.warning( - ('Invalid domain name (%s) found in config file name'), - domain_name) + LOG.warning('Invalid domain name (%s) found in config file name', + domain_name) return # Create a new entry in the domain config dict, which contains diff --git a/keystone/limit/models/strict_two_level.py b/keystone/limit/models/strict_two_level.py index 95085bed99..99ad637843 100644 --- a/keystone/limit/models/strict_two_level.py +++ b/keystone/limit/models/strict_two_level.py @@ -16,6 +16,7 @@ from oslo_log import log from keystone.common import driver_hints from keystone.common import provider_api from keystone import exception +from keystone.i18n import _ from keystone.limit.models import base LOG = log.getLogger(__name__) @@ -124,5 +125,17 @@ class StrictTwoLevelModel(base.ModelBase): 'service_id': service_id, 'region_id': region_id } + tr_error = _("The resource limit (project_id: %(project_id)s, " + "resource_name: %(resource_name)s, " + "resource_limit: %(resource_limit)s, " + "service_id: %(service_id)s, " + "region_id: %(region_id)s) doesn't satisfy " + "current hierarchy model.") % { + 'project_id': project_id, + 'resource_name': resource_name, + 'resource_limit': resource_limit, + 'service_id': service_id, + 'region_id': region_id + } LOG.error(error) - raise exception.InvalidLimit(reason=error) + raise exception.InvalidLimit(reason=tr_error) diff --git a/keystone/models/token_model.py b/keystone/models/token_model.py index 937e97ab3f..37cc56342e 100644 --- a/keystone/models/token_model.py +++ b/keystone/models/token_model.py @@ -431,15 +431,19 @@ class TokenModel(object): def _validate_token_resources(self): if self.project and not self.project.get('enabled'): - msg = _('Unable to validate token because project %(id)s is ' - 'disabled') % {'id': self.project_id} + msg = ('Unable to validate token because project %(id)s is ' + 'disabled') % {'id': self.project_id} + tr_msg = _('Unable to validate token because project %(id)s is' + 'disabled') % {'id': self.project_id} LOG.warning(msg) - raise exception.ProjectNotFound(msg) + raise exception.ProjectNotFound(tr_msg) if self.project and not self.project_domain.get('enabled'): - msg = _('Unable to validate token because domain %(id)s is ' - 'disabled') % {'id': self.project_domain['id']} + msg = ('Unable to validate token because domain %(id)s is ' + 'disabled') % {'id': self.project_domain['id']} + tr_msg = _('Unable to validate token because domain %(id)s is ' + 'disabled') % {'id': self.project_domain['id']} LOG.warning(msg) - raise exception.DomainNotFound(msg) + raise exception.DomainNotFound(tr_msg) def _validate_token_user(self): if self.trust_scoped: @@ -466,34 +470,43 @@ class TokenModel(object): raise exception.Forbidden(_('Trustor is disabled.')) if not self.user_domain.get('enabled'): - msg = _('Unable to validate token because domain %(id)s is ' - 'disabled') % {'id': self.user_domain['id']} + msg = ('Unable to validate token because domain %(id)s is ' + 'disabled') % {'id': self.user_domain['id']} + tr_msg = _('Unable to validate token because domain %(id)s is ' + 'disabled') % {'id': self.user_domain['id']} LOG.warning(msg) - raise exception.DomainNotFound(msg) + raise exception.DomainNotFound(tr_msg) def _validate_system_scope(self): if self.system_scoped and not self.roles: - msg = _( - 'User %(user_id)s has no access to the system' - ) % {'user_id': self.user_id} + msg = ('User %(user_id)s has no access to the system' + ) % {'user_id': self.user_id} + tr_msg = _('User %(user_id)s has no access to the system' + ) % {'user_id': self.user_id} LOG.debug(msg) - raise exception.Unauthorized(msg) + raise exception.Unauthorized(tr_msg) def _validate_domain_scope(self): if self.domain_scoped and not self.roles: - msg = _( + msg = ( + 'User %(user_id)s has no access to domain %(domain_id)s' + ) % {'user_id': self.user_id, 'domain_id': self.domain_id} + tr_msg = _( 'User %(user_id)s has no access to domain %(domain_id)s' ) % {'user_id': self.user_id, 'domain_id': self.domain_id} LOG.debug(msg) - raise exception.Unauthorized(msg) + raise exception.Unauthorized(tr_msg) def _validate_project_scope(self): if self.project_scoped and not self.roles: - msg = _( + msg = ( + 'User %(user_id)s has no access to project %(project_id)s' + ) % {'user_id': self.user_id, 'project_id': self.project_id} + tr_msg = _( 'User %(user_id)s has no access to project %(project_id)s' ) % {'user_id': self.user_id, 'project_id': self.project_id} LOG.debug(msg) - raise exception.Unauthorized(msg) + raise exception.Unauthorized(tr_msg) def _validate_trust_scope(self): trust_roles = [] diff --git a/keystone/notifications.py b/keystone/notifications.py index e87bf09103..5ec5f371ce 100644 --- a/keystone/notifications.py +++ b/keystone/notifications.py @@ -247,9 +247,10 @@ def register_event_callback(event, resource_type, callbacks): for callback in callbacks: if not callable(callback): - msg = _('Method not callable: %s') % callback + msg = 'Method not callable: %s' % callback + tr_msg = _('Method not callable: %s') % callback LOG.error(msg) - raise TypeError(msg) + raise TypeError(tr_msg) _SUBSCRIBERS.setdefault(event, {}).setdefault(resource_type, set()) _SUBSCRIBERS[event][resource_type].add(callback) diff --git a/keystone/oauth1/core.py b/keystone/oauth1/core.py index d49652cf8e..a693e25f5d 100644 --- a/keystone/oauth1/core.py +++ b/keystone/oauth1/core.py @@ -89,17 +89,22 @@ def validate_oauth_params(query_string): params_fitered = {k: v for k, v in params if not k.startswith('oauth_')} if params_fitered: if 'error' in params_fitered: - msg = _( + msg = ( 'Validation failed with errors: %(error)s, detail ' 'message is: %(desc)s.') % { 'error': params_fitered['error'], 'desc': params_fitered['error_description']} + tr_msg = _('Validation failed with errors: %(error)s, detail ' + 'message is: %(desc)s.') % { + 'error': params_fitered['error'], + 'desc': params_fitered['error_description']} else: - msg = _( - 'Unknown parameters found, ' - 'please provide only oauth parameters.') + msg = ('Unknown parameters found,' + 'please provide only oauth parameters.') + tr_msg = _('Unknown parameters found,' + 'please provide only oauth parameters.') LOG.warning(msg) - raise exception.ValidationError(message=msg) + raise exception.ValidationError(message=tr_msg) class Manager(manager.Manager):