Incorrect use of translation _()
Keystone uses translated strings both in logging an exceptions. This is incorrect. All strings that are passed to logging should remain un-translated. This patch addresses above issue. Change-Id: Idf4f0bc1bd63eb8dc6dc61d8a49a9e2a93320474 Closes-Bug: #1777671
This commit is contained in:
Vishakha Agarwal
parent
177c0e6101
commit
67435147ec
@ -254,9 +254,10 @@ class Auth(controller.V3Controller):
|
||||
raise exception.AdditionalAuthRequired(auth_response)
|
||||
|
||||
if 'user_id' not in auth_context:
|
||||
msg = _('User not found by auth plugin; authentication failed')
|
||||
msg = 'User not found by auth plugin; authentication failed'
|
||||
tr_msg = _('User not found by auth plugin; authentication failed')
|
||||
LOG.warning(msg)
|
||||
raise exception.Unauthorized(msg)
|
||||
raise exception.Unauthorized(tr_msg)
|
||||
|
||||
@controller.protected()
|
||||
def check_token(self, request):
|
||||
|
||||
@ -167,9 +167,11 @@ class AuthInfo(provider_api.ProviderAPIMixin, object):
|
||||
if domain_name:
|
||||
if (CONF.resource.domain_name_url_safe == 'strict' and
|
||||
utils.is_not_url_safe(domain_name)):
|
||||
msg = _('Domain name cannot contain reserved characters.')
|
||||
msg = 'Domain name cannot contain reserved characters.'
|
||||
tr_msg = _('Domain name cannot contain reserved '
|
||||
'characters.')
|
||||
LOG.warning(msg)
|
||||
raise exception.Unauthorized(message=msg)
|
||||
raise exception.Unauthorized(message=tr_msg)
|
||||
domain_ref = PROVIDERS.resource_api.get_domain_by_name(
|
||||
domain_name)
|
||||
else:
|
||||
@ -187,9 +189,11 @@ class AuthInfo(provider_api.ProviderAPIMixin, object):
|
||||
if project_name:
|
||||
if (CONF.resource.project_name_url_safe == 'strict' and
|
||||
utils.is_not_url_safe(project_name)):
|
||||
msg = _('Project name cannot contain reserved characters.')
|
||||
msg = 'Project name cannot contain reserved characters.'
|
||||
tr_msg = _('Project name cannot contain reserved '
|
||||
'characters.')
|
||||
LOG.warning(msg)
|
||||
raise exception.Unauthorized(message=msg)
|
||||
raise exception.Unauthorized(message=tr_msg)
|
||||
if 'domain' not in project_info:
|
||||
raise exception.ValidationError(attribute='domain',
|
||||
target='project')
|
||||
@ -249,8 +253,9 @@ class AuthInfo(provider_api.ProviderAPIMixin, object):
|
||||
user_id, hints)
|
||||
if len(app_creds) != 1:
|
||||
message = "Could not find application credential: %s" % name
|
||||
tr_message = _("Could not find application credential: %s") % name
|
||||
LOG.warning(six.text_type(message))
|
||||
raise exception.Unauthorized(message)
|
||||
raise exception.Unauthorized(tr_message)
|
||||
return app_creds[0]
|
||||
|
||||
def _set_scope_from_app_cred(self, app_cred_info):
|
||||
|
||||
@ -545,9 +545,11 @@ class V3Controller(provider_api.ProviderAPIMixin, wsgi.Application):
|
||||
elif token.project_scoped:
|
||||
return token.project_domain['id']
|
||||
else:
|
||||
msg = _('No domain information specified as part of list request')
|
||||
msg = 'No domain information specified as part of list request'
|
||||
tr_msg = _('No domain information specified as part of list '
|
||||
'request')
|
||||
LOG.warning(msg)
|
||||
raise exception.Unauthorized(msg)
|
||||
raise exception.Unauthorized(tr_msg)
|
||||
|
||||
def _get_domain_id_from_token(self, request):
|
||||
"""Get the domain_id for a v3 create call.
|
||||
|
||||
@ -90,13 +90,18 @@ class Request(webob.Request):
|
||||
def assert_authenticated(self):
|
||||
"""Ensure that the current request has been authenticated."""
|
||||
if not self.context:
|
||||
msg = _('An authenticated call was made and there is '
|
||||
msg = ('An authenticated call was made and there is '
|
||||
'no request.context. This means the '
|
||||
'auth_context middleware is not in place. You '
|
||||
'must have this middleware in your pipeline '
|
||||
'to perform authenticated calls')
|
||||
tr_msg = _('An authenticated call was made and there is '
|
||||
'no request.context. This means the '
|
||||
'auth_context middleware is not in place. You '
|
||||
'must have this middleware in your pipeline '
|
||||
'to perform authenticated calls')
|
||||
LOG.warning(msg)
|
||||
raise exception.Unauthorized(msg)
|
||||
raise exception.Unauthorized(tr_msg)
|
||||
|
||||
if not self.context.authenticated:
|
||||
# auth_context didn't decode anything we can use
|
||||
|
||||
@ -85,9 +85,10 @@ class Provider(core.Provider):
|
||||
crypto.encrypt(credential.encode('utf-8')),
|
||||
primary_key_hash(keys))
|
||||
except (TypeError, ValueError) as e:
|
||||
msg = _('Credential could not be encrypted: %s') % str(e)
|
||||
msg = 'Credential could not be encrypted: %s' % str(e)
|
||||
tr_msg = _('Credential could not be encrypted: %s') % str(e)
|
||||
LOG.error(msg)
|
||||
raise exception.CredentialEncryptionError(msg)
|
||||
raise exception.CredentialEncryptionError(tr_msg)
|
||||
|
||||
def decrypt(self, credential):
|
||||
"""Attempt to decrypt a credential.
|
||||
@ -106,7 +107,9 @@ class Provider(core.Provider):
|
||||
credential = credential.encode('utf-8')
|
||||
return crypto.decrypt(credential).decode('utf-8')
|
||||
except (fernet.InvalidToken, TypeError, ValueError):
|
||||
msg = _('Credential could not be decrypted. Please contact the'
|
||||
' administrator')
|
||||
msg = ('Credential could not be decrypted. Please contact the '
|
||||
'administrator')
|
||||
tr_msg = _('Credential could not be decrypted. Please contact the '
|
||||
'administrator')
|
||||
LOG.error(msg)
|
||||
raise exception.CredentialEncryptionError(msg)
|
||||
raise exception.CredentialEncryptionError(tr_msg)
|
||||
|
||||
@ -279,9 +279,10 @@ class Auth(auth_controllers.Auth):
|
||||
origin = request.params.get('origin')
|
||||
|
||||
if not origin:
|
||||
msg = _('Request must have an origin query parameter')
|
||||
msg = 'Request must have an origin query parameter'
|
||||
tr_msg = _('Request must have an origin query parameter')
|
||||
LOG.error(msg)
|
||||
raise exception.ValidationError(msg)
|
||||
raise exception.ValidationError(tr_msg)
|
||||
|
||||
host = urllib.parse.unquote_plus(origin)
|
||||
|
||||
@ -290,10 +291,11 @@ class Auth(auth_controllers.Auth):
|
||||
for trusted in CONF.federation.trusted_dashboard]
|
||||
|
||||
if host not in trusted_dashboards:
|
||||
msg = _('%(host)s is not a trusted dashboard host')
|
||||
msg = msg % {'host': host}
|
||||
msg = '%(host)s is not a trusted dashboard host' % {'host': host}
|
||||
tr_msg = _('%(host)s is not a trusted dashboard host') % {
|
||||
'host': host}
|
||||
LOG.error(msg)
|
||||
raise exception.Unauthorized(msg)
|
||||
raise exception.Unauthorized(tr_msg)
|
||||
|
||||
return host
|
||||
|
||||
@ -321,9 +323,10 @@ class Auth(auth_controllers.Auth):
|
||||
remote_id_name = utils.get_remote_id_parameter(protocol_id)
|
||||
remote_id = request.environ[remote_id_name]
|
||||
except KeyError:
|
||||
msg = _('Missing entity ID from environment')
|
||||
msg = 'Missing entity ID from environment'
|
||||
tr_msg = _('Missing entity ID from environment')
|
||||
LOG.error(msg)
|
||||
raise exception.Unauthorized(msg)
|
||||
raise exception.Unauthorized(tr_msg)
|
||||
|
||||
host = self._get_sso_origin_host(request)
|
||||
|
||||
|
||||
@ -408,10 +408,13 @@ def _verify_assertion_binary_is_installed():
|
||||
except subprocess.CalledProcessError:
|
||||
msg = (
|
||||
'Unable to locate %(binary)s binary on the system. Check to make '
|
||||
'sure it is installed.' % {'binary': CONF.saml.xmlsec1_binary}
|
||||
)
|
||||
'sure it is installed.') % {'binary': CONF.saml.xmlsec1_binary}
|
||||
tr_msg = _(
|
||||
'Unable to locate %(binary)s binary on the system. Check to'
|
||||
'make sure it is installed.') % {
|
||||
'binary': CONF.saml.xmlsec1_binary}
|
||||
LOG.error(msg)
|
||||
raise exception.SAMLSigningError(reason=msg)
|
||||
raise exception.SAMLSigningError(reason=tr_msg)
|
||||
|
||||
|
||||
def _sign_assertion(assertion):
|
||||
@ -482,7 +485,7 @@ def _sign_assertion(assertion):
|
||||
# parsing.
|
||||
stderr=subprocess.STDOUT)
|
||||
except Exception as e:
|
||||
msg = ('Error when signing assertion, reason: %(reason)s%(output)s')
|
||||
msg = 'Error when signing assertion, reason: %(reason)s%(output)s'
|
||||
LOG.error(msg,
|
||||
{'reason': e,
|
||||
'output': ' ' + e.output if hasattr(e, 'output') else ''})
|
||||
@ -528,11 +531,14 @@ class MetadataGenerator(object):
|
||||
try:
|
||||
return sigver.read_cert_from_file(CONF.saml.certfile, 'pem')
|
||||
except (IOError, sigver.CertificateError) as e:
|
||||
msg = _('Cannot open certificate %(cert_file)s. '
|
||||
'Reason: %(reason)s')
|
||||
msg = msg % {'cert_file': CONF.saml.certfile, 'reason': e}
|
||||
msg = ('Cannot open certificate %(cert_file)s.'
|
||||
'Reason: %(reason)s') % {
|
||||
'cert_file': CONF.saml.certfile, 'reason': e}
|
||||
tr_msg = _('Cannot open certificate %(cert_file)s.'
|
||||
'Reason: %(reason)s') % {
|
||||
'cert_file': CONF.saml.certfile, 'reason': e}
|
||||
LOG.error(msg)
|
||||
raise IOError(msg)
|
||||
raise IOError(tr_msg)
|
||||
|
||||
def key_descriptor():
|
||||
cert = get_cert()
|
||||
|
||||
@ -609,11 +609,14 @@ class RuleProcessor(object):
|
||||
# if mapping yield no valid identity values, we should bail right away
|
||||
# instead of continuing on with a normalized bogus user
|
||||
if not identity_values:
|
||||
msg = _("Could not map any federated user properties to identity "
|
||||
msg = ("Could not map any federated user properties to identity "
|
||||
"values. Check debug logs or the mapping used for "
|
||||
"additional details.")
|
||||
tr_msg = _("Could not map any federated user properties to "
|
||||
"identity values. Check debug logs or the mapping"
|
||||
"used for additional details.")
|
||||
LOG.warning(msg)
|
||||
raise exception.ValidationError(msg)
|
||||
raise exception.ValidationError(tr_msg)
|
||||
|
||||
for identity_value in identity_values:
|
||||
if 'user' in identity_value:
|
||||
@ -864,14 +867,18 @@ class RuleProcessor(object):
|
||||
def assert_enabled_identity_provider(federation_api, idp_id):
|
||||
identity_provider = federation_api.get_idp(idp_id)
|
||||
if identity_provider.get('enabled') is not True:
|
||||
msg = _('Identity Provider %(idp)s is disabled') % {'idp': idp_id}
|
||||
msg = 'Identity Provider %(idp)s is disabled' % {
|
||||
'idp': idp_id}
|
||||
tr_msg = _('Identity Provider %(idp)s is disabled') % {
|
||||
'idp': idp_id}
|
||||
LOG.debug(msg)
|
||||
raise exception.Forbidden(msg)
|
||||
raise exception.Forbidden(tr_msg)
|
||||
|
||||
|
||||
def assert_enabled_service_provider_object(service_provider):
|
||||
if service_provider.get('enabled') is not True:
|
||||
sp_id = service_provider['id']
|
||||
msg = _('Service Provider %(sp)s is disabled') % {'sp': sp_id}
|
||||
msg = 'Service Provider %(sp)s is disabled' % {'sp': sp_id}
|
||||
tr_msg = _('Service Provider %(sp)s is disabled') % {'sp': sp_id}
|
||||
LOG.debug(msg)
|
||||
raise exception.Forbidden(msg)
|
||||
raise exception.Forbidden(tr_msg)
|
||||
|
||||
@ -178,8 +178,8 @@ def convert_ldap_result(ldap_result):
|
||||
|
||||
py_result.append((utf8_decode(dn), ldap_attrs))
|
||||
if at_least_one_referral:
|
||||
LOG.debug(('Referrals were returned and ignored. Enable referral '
|
||||
'chasing in keystone.conf via [ldap] chase_referrals'))
|
||||
LOG.debug('Referrals were returned and ignored. Enable referral '
|
||||
'chasing in keystone.conf via [ldap] chase_referrals')
|
||||
|
||||
return py_result
|
||||
|
||||
|
||||
@ -30,7 +30,7 @@ from keystone.identity.backends.ldap import models
|
||||
CONF = keystone.conf.CONF
|
||||
LOG = log.getLogger(__name__)
|
||||
|
||||
_DEPRECATION_MSG = _('%s for the LDAP identity backend has been deprecated in '
|
||||
_DEPRECATION_MSG = ('%s for the LDAP identity backend has been deprecated in '
|
||||
'the Mitaka release in favor of read-only identity LDAP '
|
||||
'access. It will be removed in the "O" release.')
|
||||
|
||||
|
||||
@ -111,8 +111,7 @@ class DomainConfigs(provider_api.ProviderAPIMixin, dict):
|
||||
try:
|
||||
domain_ref = resource_api.get_domain_by_name(domain_name)
|
||||
except exception.DomainNotFound:
|
||||
LOG.warning(
|
||||
('Invalid domain name (%s) found in config file name'),
|
||||
LOG.warning('Invalid domain name (%s) found in config file name',
|
||||
domain_name)
|
||||
return
|
||||
|
||||
|
||||
@ -16,6 +16,7 @@ from oslo_log import log
|
||||
from keystone.common import driver_hints
|
||||
from keystone.common import provider_api
|
||||
from keystone import exception
|
||||
from keystone.i18n import _
|
||||
from keystone.limit.models import base
|
||||
|
||||
LOG = log.getLogger(__name__)
|
||||
@ -124,5 +125,17 @@ class StrictTwoLevelModel(base.ModelBase):
|
||||
'service_id': service_id,
|
||||
'region_id': region_id
|
||||
}
|
||||
tr_error = _("The resource limit (project_id: %(project_id)s, "
|
||||
"resource_name: %(resource_name)s, "
|
||||
"resource_limit: %(resource_limit)s, "
|
||||
"service_id: %(service_id)s, "
|
||||
"region_id: %(region_id)s) doesn't satisfy "
|
||||
"current hierarchy model.") % {
|
||||
'project_id': project_id,
|
||||
'resource_name': resource_name,
|
||||
'resource_limit': resource_limit,
|
||||
'service_id': service_id,
|
||||
'region_id': region_id
|
||||
}
|
||||
LOG.error(error)
|
||||
raise exception.InvalidLimit(reason=error)
|
||||
raise exception.InvalidLimit(reason=tr_error)
|
||||
|
||||
@ -431,15 +431,19 @@ class TokenModel(object):
|
||||
|
||||
def _validate_token_resources(self):
|
||||
if self.project and not self.project.get('enabled'):
|
||||
msg = _('Unable to validate token because project %(id)s is '
|
||||
msg = ('Unable to validate token because project %(id)s is '
|
||||
'disabled') % {'id': self.project_id}
|
||||
tr_msg = _('Unable to validate token because project %(id)s is'
|
||||
'disabled') % {'id': self.project_id}
|
||||
LOG.warning(msg)
|
||||
raise exception.ProjectNotFound(msg)
|
||||
raise exception.ProjectNotFound(tr_msg)
|
||||
if self.project and not self.project_domain.get('enabled'):
|
||||
msg = _('Unable to validate token because domain %(id)s is '
|
||||
msg = ('Unable to validate token because domain %(id)s is '
|
||||
'disabled') % {'id': self.project_domain['id']}
|
||||
tr_msg = _('Unable to validate token because domain %(id)s is '
|
||||
'disabled') % {'id': self.project_domain['id']}
|
||||
LOG.warning(msg)
|
||||
raise exception.DomainNotFound(msg)
|
||||
raise exception.DomainNotFound(tr_msg)
|
||||
|
||||
def _validate_token_user(self):
|
||||
if self.trust_scoped:
|
||||
@ -466,34 +470,43 @@ class TokenModel(object):
|
||||
raise exception.Forbidden(_('Trustor is disabled.'))
|
||||
|
||||
if not self.user_domain.get('enabled'):
|
||||
msg = _('Unable to validate token because domain %(id)s is '
|
||||
msg = ('Unable to validate token because domain %(id)s is '
|
||||
'disabled') % {'id': self.user_domain['id']}
|
||||
tr_msg = _('Unable to validate token because domain %(id)s is '
|
||||
'disabled') % {'id': self.user_domain['id']}
|
||||
LOG.warning(msg)
|
||||
raise exception.DomainNotFound(msg)
|
||||
raise exception.DomainNotFound(tr_msg)
|
||||
|
||||
def _validate_system_scope(self):
|
||||
if self.system_scoped and not self.roles:
|
||||
msg = _(
|
||||
'User %(user_id)s has no access to the system'
|
||||
msg = ('User %(user_id)s has no access to the system'
|
||||
) % {'user_id': self.user_id}
|
||||
tr_msg = _('User %(user_id)s has no access to the system'
|
||||
) % {'user_id': self.user_id}
|
||||
LOG.debug(msg)
|
||||
raise exception.Unauthorized(msg)
|
||||
raise exception.Unauthorized(tr_msg)
|
||||
|
||||
def _validate_domain_scope(self):
|
||||
if self.domain_scoped and not self.roles:
|
||||
msg = _(
|
||||
msg = (
|
||||
'User %(user_id)s has no access to domain %(domain_id)s'
|
||||
) % {'user_id': self.user_id, 'domain_id': self.domain_id}
|
||||
tr_msg = _(
|
||||
'User %(user_id)s has no access to domain %(domain_id)s'
|
||||
) % {'user_id': self.user_id, 'domain_id': self.domain_id}
|
||||
LOG.debug(msg)
|
||||
raise exception.Unauthorized(msg)
|
||||
raise exception.Unauthorized(tr_msg)
|
||||
|
||||
def _validate_project_scope(self):
|
||||
if self.project_scoped and not self.roles:
|
||||
msg = _(
|
||||
msg = (
|
||||
'User %(user_id)s has no access to project %(project_id)s'
|
||||
) % {'user_id': self.user_id, 'project_id': self.project_id}
|
||||
tr_msg = _(
|
||||
'User %(user_id)s has no access to project %(project_id)s'
|
||||
) % {'user_id': self.user_id, 'project_id': self.project_id}
|
||||
LOG.debug(msg)
|
||||
raise exception.Unauthorized(msg)
|
||||
raise exception.Unauthorized(tr_msg)
|
||||
|
||||
def _validate_trust_scope(self):
|
||||
trust_roles = []
|
||||
|
||||
@ -247,9 +247,10 @@ def register_event_callback(event, resource_type, callbacks):
|
||||
|
||||
for callback in callbacks:
|
||||
if not callable(callback):
|
||||
msg = _('Method not callable: %s') % callback
|
||||
msg = 'Method not callable: %s' % callback
|
||||
tr_msg = _('Method not callable: %s') % callback
|
||||
LOG.error(msg)
|
||||
raise TypeError(msg)
|
||||
raise TypeError(tr_msg)
|
||||
_SUBSCRIBERS.setdefault(event, {}).setdefault(resource_type, set())
|
||||
_SUBSCRIBERS[event][resource_type].add(callback)
|
||||
|
||||
|
||||
@ -89,17 +89,22 @@ def validate_oauth_params(query_string):
|
||||
params_fitered = {k: v for k, v in params if not k.startswith('oauth_')}
|
||||
if params_fitered:
|
||||
if 'error' in params_fitered:
|
||||
msg = _(
|
||||
msg = (
|
||||
'Validation failed with errors: %(error)s, detail '
|
||||
'message is: %(desc)s.') % {
|
||||
'error': params_fitered['error'],
|
||||
'desc': params_fitered['error_description']}
|
||||
tr_msg = _('Validation failed with errors: %(error)s, detail '
|
||||
'message is: %(desc)s.') % {
|
||||
'error': params_fitered['error'],
|
||||
'desc': params_fitered['error_description']}
|
||||
else:
|
||||
msg = _(
|
||||
'Unknown parameters found, '
|
||||
msg = ('Unknown parameters found,'
|
||||
'please provide only oauth parameters.')
|
||||
tr_msg = _('Unknown parameters found,'
|
||||
'please provide only oauth parameters.')
|
||||
LOG.warning(msg)
|
||||
raise exception.ValidationError(message=msg)
|
||||
raise exception.ValidationError(message=tr_msg)
|
||||
|
||||
|
||||
class Manager(manager.Manager):
|
||||
|
||||
Loading…
Reference in New Issue
Block a user