Merge "Adds missing log hints for level E/I/W"

keystone/assignment/controllers.py

@@ -28,7 +28,7 @@ from keystone.common import dependency
 from keystone.common import validation
 from keystone import config
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _, _LW
 from keystone.models import token_model
 from keystone.openstack.common import log
 
@@ -74,7 +74,7 @@ class Tenant(controller.V2Controller):
             token_ref = token_model.KeystoneToken(token_id=context['token_id'],
                                                   token_data=token_data)
         except exception.NotFound as e:
-            LOG.warning(_('Authentication failed: %s'), e)
+            LOG.warning(_LW('Authentication failed: %s'), e)
             raise exception.Unauthorized(e)
 
         tenant_refs = (
@@ -709,10 +709,10 @@ class RoleAssignmentV3(controller.V3Controller):
                 if 'role' in ref and 'id' in ref['role']:
                     role_id = ref['role']['id']
                 LOG.warning(
-                    _('Group %(group)s not found for role-assignment - '
+                    _LW('Group %(group)s not found for role-assignment - '
-                      '%(target)s with Role: %(role)s'), {
+                        '%(target)s with Role: %(role)s'), {
-                          'group': ref['group']['id'], 'target': target,
+                            'group': ref['group']['id'], 'target': target,
-                          'role': role_id})
+                            'role': role_id})
             return members
 
         def _build_user_assignment_equivalent_of_group(

keystone/auth/controllers.py

@@ -28,7 +28,7 @@ from keystone.common import wsgi
 from keystone import config
 from keystone.contrib import federation
 from keystone import exception
-from keystone.i18n import _, _LI
+from keystone.i18n import _, _LI, _LW
 from keystone.openstack.common import log
 
 
@@ -438,25 +438,26 @@ class Auth(controller.V3Controller):
                         user_ref['id'], default_project_id):
                     auth_info.set_scope(project_id=default_project_id)
                 else:
-                    msg = _("User %(user_id)s doesn't have access to"
+                    msg = _LW("User %(user_id)s doesn't have access to"
-                            " default project %(project_id)s. The token will"
+                              " default project %(project_id)s. The token"
-                            " be unscoped rather than scoped to the project.")
+                              " will be unscoped rather than scoped to the"
+                              " project.")
                     LOG.warning(msg,
                                 {'user_id': user_ref['id'],
                                  'project_id': default_project_id})
             else:
-                msg = _("User %(user_id)s's default project %(project_id)s is"
+                msg = _LW("User %(user_id)s's default project %(project_id)s"
-                        " disabled. The token will be unscoped rather than"
+                          " is disabled. The token will be unscoped rather"
-                        " scoped to the project.")
+                          " than scoped to the project.")
                 LOG.warning(msg,
                             {'user_id': user_ref['id'],
                              'project_id': default_project_id})
         except (exception.ProjectNotFound, exception.DomainNotFound):
             # default project or default project domain doesn't exist,
             # will issue unscoped token instead
-            msg = _("User %(user_id)s's default project %(project_id)s not"
+            msg = _LW("User %(user_id)s's default project %(project_id)s not"
-                    " found. The token will be unscoped rather than"
+                      " found. The token will be unscoped rather than"
-                    " scoped to the project.")
+                      " scoped to the project.")
             LOG.warning(msg, {'user_id': user_ref['id'],
                               'project_id': default_project_id})
 

keystone/catalog/core.py

@@ -53,7 +53,7 @@ def format_url(url, substitutions):
     try:
         result = url.replace('$(', '%(') % substitutions
     except AttributeError:
-        LOG.error(_('Malformed endpoint - %(url)r is not a string'),
+        LOG.error(_LE('Malformed endpoint - %(url)r is not a string'),
                   {"url": url})
         raise exception.MalformedEndpoint(endpoint=url)
     except KeyError as e:

keystone/cli.py

@@ -25,7 +25,7 @@ from keystone.common import sql
 from keystone.common.sql import migration_helpers
 from keystone.common import utils
 from keystone import config
-from keystone.i18n import _
+from keystone.i18n import _, _LW
 from keystone import identity
 from keystone.openstack.common import log
 from keystone import token
@@ -141,9 +141,8 @@ class PKISetup(BaseCertificateSetup):
 
     @classmethod
     def main(cls):
-        msg = _('keystone-manage pki_setup is not recommended for production '
+        LOG.warn(_LW('keystone-manage pki_setup is not recommended for '
-                'use.')
+                     'production use.'))
-        LOG.warn(msg)
         keystone_user_id, keystone_group_id = cls.get_user_group()
         conf_pki = openssl.ConfigurePKI(keystone_user_id, keystone_group_id,
                                         rebuild=CONF.command.rebuild)
@@ -161,9 +160,8 @@ class SSLSetup(BaseCertificateSetup):
 
     @classmethod
     def main(cls):
-        msg = _('keystone-manage ssl_setup is not recommended for production '
+        LOG.warn(_LW('keystone-manage ssl_setup is not recommended for '
-                'use.')
+                     'production use.'))
-        LOG.warn(msg)
         keystone_user_id, keystone_group_id = cls.get_user_group()
         conf_ssl = openssl.ConfigureSSL(keystone_user_id, keystone_group_id,
                                         rebuild=CONF.command.rebuild)

keystone/common/authorization.py

@@ -17,7 +17,7 @@
 #    under the License.
 
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _, _LW
 from keystone.models import token_model
 from keystone.openstack.common import log
 
@@ -51,7 +51,7 @@ def token_to_auth_context(token):
     try:
         auth_context['user_id'] = token.user_id
     except KeyError:
-        LOG.warning(_('RBAC: Invalid user data in token'))
+        LOG.warning(_LW('RBAC: Invalid user data in token'))
         raise exception.Unauthorized()
 
     if token.project_scoped:

keystone/common/cache/backends/mongo.py

@@ -22,7 +22,7 @@ from oslo.utils import timeutils
 import six
 
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _, _LW
 from keystone.openstack.common import log
 
 
@@ -400,10 +400,10 @@ class MongoApi(object):
                 existing_value = index_data['expireAfterSeconds']
                 fld_present = 'doc_date' in index_data['key'][0]
                 if fld_present and existing_value > -1 and ttl_seconds < 1:
-                    msg = _('TTL index already exists on db collection '
+                    msg = _LW('TTL index already exists on db collection '
-                            '<%(c_name)s>, remove index <%(indx_name)s> first'
+                              '<%(c_name)s>, remove index <%(indx_name)s> '
-                            ' to make updated mongo_ttl_seconds value to be '
+                              'first to make updated mongo_ttl_seconds value '
-                            ' effective')
+                              'to be  effective')
                     LOG.warn(msg, {'c_name': coll_name,
                                    'indx_name': indx_name})
 

keystone/common/cache/core.py

@@ -21,7 +21,7 @@ from oslo.utils import importutils
 
 from keystone import config
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _, _LE
 from keystone.openstack.common import log
 
 
@@ -97,8 +97,8 @@ def build_cache_config():
         try:
             (argname, argvalue) = argument.split(':', 1)
         except ValueError:
-            msg = _('Unable to build cache config-key. Expected format '
+            msg = _LE('Unable to build cache config-key. Expected format '
-                    '"<argname>:<value>". Skipping unknown format: %s')
+                      '"<argname>:<value>". Skipping unknown format: %s')
             LOG.error(msg, argument)
             continue
 

keystone/common/controller.py

@@ -22,7 +22,7 @@ from keystone.common import utils
 from keystone.common import wsgi
 from keystone import config
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _, _LW
 from keystone.models import token_model
 from keystone.openstack.common import log
 
@@ -74,7 +74,7 @@ def _build_policy_check_credentials(self, action, context, kwargs):
         # backing store.
         wsgi.validate_token_bind(context, token_ref)
     except exception.TokenNotFound:
-        LOG.warning(_('RBAC: Invalid token'))
+        LOG.warning(_LW('RBAC: Invalid token'))
         raise exception.Unauthorized()
 
     auth_context = authorization.token_to_auth_context(token_ref)
@@ -99,7 +99,7 @@ def protected(callback=None):
         @functools.wraps(f)
         def inner(self, context, *args, **kwargs):
             if 'is_admin' in context and context['is_admin']:
-                LOG.warning(_('RBAC: Bypassing authorization'))
+                LOG.warning(_LW('RBAC: Bypassing authorization'))
             elif callback is not None:
                 prep_info = {'f_name': f.__name__,
                              'input_attr': kwargs}
@@ -196,7 +196,7 @@ def filterprotected(*filters):
 
                 LOG.debug('RBAC: Authorization granted')
             else:
-                LOG.warning(_('RBAC: Bypassing authorization'))
+                LOG.warning(_LW('RBAC: Bypassing authorization'))
             return f(self, context, filters, **kwargs)
         return wrapper
     return _filterprotected
@@ -585,15 +585,15 @@ class V3Controller(wsgi.Application):
                 _('domain_id is required as part of entity'))
         except (exception.TokenNotFound,
                 exception.UnsupportedTokenVersionException):
-            LOG.warning(_('Invalid token found while getting domain ID '
+            LOG.warning(_LW('Invalid token found while getting domain ID '
-                          'for list request'))
+                            'for list request'))
             raise exception.Unauthorized()
 
         if token_ref.domain_scoped:
             return token_ref.domain_id
         else:
             LOG.warning(
-                _('No domain information specified as part of list request'))
+                _LW('No domain information specified as part of list request'))
             raise exception.Unauthorized()
 
     def _get_domain_id_from_token(self, context):
@@ -620,8 +620,8 @@ class V3Controller(wsgi.Application):
                 _('A domain-scoped token must be used'))
         except (exception.TokenNotFound,
                 exception.UnsupportedTokenVersionException):
-            LOG.warning(_('Invalid token found while getting domain ID '
+            LOG.warning(_LW('Invalid token found while getting domain ID '
-                          'for list request'))
+                            'for list request'))
             raise exception.Unauthorized()
 
         if token_ref.domain_scoped:
@@ -656,7 +656,7 @@ class V3Controller(wsgi.Application):
 
          """
         if 'is_admin' in context and context['is_admin']:
-            LOG.warning(_('RBAC: Bypassing authorization'))
+            LOG.warning(_LW('RBAC: Bypassing authorization'))
         else:
             action = 'identity:%s' % prep_info['f_name']
             # TODO(henry-nash) need to log the target attributes as well

keystone/common/environment/eventlet_server.py

@@ -26,9 +26,7 @@ import eventlet
 import eventlet.wsgi
 import greenlet
 
-from keystone.i18n import _
+from keystone.i18n import _LE, _LI
-from keystone.i18n import _LE
-from keystone.i18n import _LI
 from keystone.openstack.common import log
 
 
@@ -184,5 +182,5 @@ class Server(object):
             # Wait until all servers have completed running
             pass
         except Exception:
-            LOG.exception(_('Server error'))
+            LOG.exception(_LE('Server error'))
             raise

keystone/common/ldap/core.py

@@ -1650,8 +1650,8 @@ class BaseLdap(object):
                         not_deleted_nodes.append(node_dn)
 
         if not_deleted_nodes:
-            LOG.warn(_("When deleting entries for %(search_base)s, could not"
+            LOG.warn(_LW("When deleting entries for %(search_base)s, could not"
-                       " delete nonexistent entries %(entries)s%(dots)s"),
+                         " delete nonexistent entries %(entries)s%(dots)s"),
                      {'search_base': search_base,
                       'entries': not_deleted_nodes[:3],
                       'dots': '...' if len(not_deleted_nodes) > 3 else ''})

keystone/common/utils.py

@@ -32,7 +32,7 @@ from six import moves
 from keystone.common import config
 from keystone.common import environment
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _, _LE, _LW
 from keystone.openstack.common import log
 
 
@@ -101,8 +101,8 @@ def verify_length_and_trunc_password(password):
                 raise exception.PasswordVerificationError(size=max_length)
             else:
                 LOG.warning(
-                    _('Truncating user password to '
+                    _LW('Truncating user password to '
-                      '%d characters.'), max_length)
+                        '%d characters.'), max_length)
                 return password[:max_length]
         else:
             return password
@@ -278,7 +278,7 @@ def setup_remote_pydev_debug():
                             stderrToServer=True)
             return True
         except Exception:
-            LOG.exception(_(
+            LOG.exception(_LE(
                 'Error setting up the debug environment. Verify that the '
                 'option --debug-url has the format <host>:<port> and that a '
                 'debugger processes is listening on that port.'))

keystone/contrib/example/core.py

@@ -16,7 +16,7 @@
 from keystone.common import dependency
 from keystone.common import manager
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _LI
 from keystone import notifications
 from keystone.openstack.common import log
 
@@ -61,18 +61,18 @@ class ExampleManager(manager.Manager):
     def project_deleted_callback(self, service, resource_type, operation,
                                  payload):
         # The code below is merely an example.
-        msg = _('Received the following notification: service %(service)s, '
+        msg = _LI('Received the following notification: service %(service)s, '
-                'resource_type: %(resource_type)s, operation %(operation)s '
+                  'resource_type: %(resource_type)s, operation %(operation)s '
-                'payload %(payload)s')
+                  'payload %(payload)s')
         LOG.info(msg, {'service': service, 'resource_type': resource_type,
                        'operation': operation, 'payload': payload})
 
     def project_created_callback(self, service, resource_type, operation,
                                  payload):
         # The code below is merely an example.
-        msg = _('Received the following notification: service %(service)s, '
+        msg = _LI('Received the following notification: service %(service)s, '
-                'resource_type: %(resource_type)s, operation %(operation)s '
+                  'resource_type: %(resource_type)s, operation %(operation)s '
-                'payload %(payload)s')
+                  'payload %(payload)s')
         LOG.info(msg, {'service': service, 'resource_type': resource_type,
                        'operation': operation, 'payload': payload})
 

keystone/contrib/federation/utils.py

@@ -20,7 +20,7 @@ import six
 
 from keystone.common import config
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _, _LW
 from keystone.openstack.common import log
 
 
@@ -255,7 +255,7 @@ class RuleProcessor(object):
             if 'user' in identity_value:
                 # if a mapping outputs more than one user name, log it
                 if user_name is not None:
-                    LOG.warning(_('Ignoring user name %s'),
+                    LOG.warning(_LW('Ignoring user name %s'),
                                 identity_value['user']['name'])
                 else:
                     user_name = identity_value['user']['name']

keystone/exception.py

@@ -16,7 +16,7 @@ from oslo.utils import encodeutils
 import six
 
 from keystone.common import config
-from keystone.i18n import _
+from keystone.i18n import _, _LW
 from keystone.openstack.common import log
 
 
@@ -46,7 +46,7 @@ class Error(Exception):
             if _FATAL_EXCEPTION_FORMAT_ERRORS:
                 raise
             else:
-                LOG.warning(_('missing exception kwargs (programmer error)'))
+                LOG.warning(_LW('missing exception kwargs (programmer error)'))
                 message = self.message_format
 
         super(Error, self).__init__(message)

keystone/identity/controllers.py

@@ -18,7 +18,7 @@ from keystone.common import controller
 from keystone.common import dependency
 from keystone import config
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _, _LW
 from keystone.openstack.common import log
 
 
@@ -134,8 +134,8 @@ class User(controller.V2Controller):
                         # old tenant.  This could occur if roles aren't found
                         # or if the project is invalid or if there are no roles
                         # for the user on that project.
-                        msg = _('Unable to remove user %(user)s from '
+                        msg = _LW('Unable to remove user %(user)s from '
-                                '%(tenant)s.')
+                                  '%(tenant)s.')
                         LOG.warning(msg, {'user': user_id,
                                           'tenant': old_user_ref['tenantId']})
 
@@ -153,7 +153,7 @@ class User(controller.V2Controller):
                         # that the project is invalid or roles are some how
                         # incorrect.  This shouldn't prevent the return of the
                         # new ref.
-                        msg = _('Unable to add user %(user)s to %(tenant)s.')
+                        msg = _LW('Unable to add user %(user)s to %(tenant)s.')
                         LOG.warning(msg, {'user': user_id,
                                           'tenant': user_ref['tenantId']})
 

keystone/identity/core.py

@@ -29,7 +29,7 @@ from keystone.common import driver_hints
 from keystone.common import manager
 from keystone import config
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _, _LW
 from keystone.identity.mapping_backends import mapping
 from keystone import notifications
 from keystone.openstack.common import log
@@ -115,7 +115,7 @@ class DomainConfigs(dict):
             domain_ref = assignment_api.get_domain_by_name(domain_name)
         except exception.DomainNotFound:
             LOG.warning(
-                _('Invalid domain name (%s) found in config file name'),
+                _LW('Invalid domain name (%s) found in config file name'),
                 domain_name)
             return
 
@@ -141,7 +141,7 @@ class DomainConfigs(dict):
 
         conf_dir = CONF.identity.domain_config_dir
         if not os.path.exists(conf_dir):
-            LOG.warning(_('Unable to locate domain config directory: %s'),
+            LOG.warning(_LW('Unable to locate domain config directory: %s'),
                         conf_dir)
             return
 

keystone/middleware/core.py

@@ -22,7 +22,7 @@ from keystone.common import serializer
 from keystone.common import utils
 from keystone.common import wsgi
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _LW
 from keystone.models import token_model
 from keystone.openstack.common import log
 from keystone.openstack.common import versionutils
@@ -262,7 +262,7 @@ class AuthContextMiddleware(wsgi.Middleware):
             wsgi.validate_token_bind(context, token_ref)
             return authorization.token_to_auth_context(token_ref)
         except exception.TokenNotFound:
-            LOG.warning(_('RBAC: Invalid token'))
+            LOG.warning(_LW('RBAC: Invalid token'))
             raise exception.Unauthorized()
 
     def process_request(self, request):
@@ -272,7 +272,7 @@ class AuthContextMiddleware(wsgi.Middleware):
             return
 
         if authorization.AUTH_CONTEXT_ENV in request.environ:
-            msg = _('Auth context already exists in the request environment')
+            msg = _LW('Auth context already exists in the request environment')
             LOG.warning(msg)
             return
 

keystone/notifications.py

@@ -28,7 +28,7 @@ from pycadf import credential
 from pycadf import eventfactory
 from pycadf import resource
 
-from keystone.i18n import _
+from keystone.i18n import _, _LE
 from keystone.openstack.common import log
 
 
@@ -220,7 +220,7 @@ def _get_notifier():
             transport = messaging.get_transport(CONF)
             _notifier = messaging.Notifier(transport, "identity.%s" % host)
         except Exception:
-            LOG.exception(_("Failed to construct notifier"))
+            LOG.exception(_LE("Failed to construct notifier"))
             _notifier = False
 
     return _notifier
@@ -264,7 +264,7 @@ def _send_notification(operation, resource_type, resource_id, public=True):
             try:
                 notifier.info(context, event_type, payload)
             except Exception:
-                LOG.exception(_(
+                LOG.exception(_LE(
                     'Failed to send %(res_id)s %(event_type)s notification'),
                     {'res_id': resource_id, 'event_type': event_type})
 
@@ -452,7 +452,7 @@ def _send_audit_notification(action, initiator, outcome, **kwargs):
         except Exception:
             # diaper defense: any exception that occurs while emitting the
             # notification should not interfere with the API request
-            LOG.exception(_(
+            LOG.exception(_LE(
                 'Failed to send %(action)s %(event_type)s notification'),
                 {'action': action, 'event_type': event_type})
 

keystone/tests/core.py

@@ -49,7 +49,7 @@ from keystone.common import utils as common_utils
 from keystone import config
 from keystone import controllers
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _LW
 from keystone import notifications
 from keystone.openstack.common import log
 from keystone import service
@@ -143,7 +143,7 @@ def checkout_vendor(repo, rev):
         with open(modcheck, 'w') as fd:
             fd.write('1')
     except environment.subprocess.CalledProcessError:
-        LOG.warning(_('Failed to checkout %s'), repo)
+        LOG.warning(_LW('Failed to checkout %s'), repo)
     os.chdir(working_dir)
     return revdir
 

keystone/token/persistence/backends/kvs.py

@@ -22,7 +22,7 @@ import six
 from keystone.common import kvs
 from keystone import config
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _, _LE, _LW
 from keystone.openstack.common import log
 from keystone import token
 from keystone.token import provider
@@ -54,12 +54,12 @@ class Token(token.persistence.Driver):
         if self.__class__ == Token:
             # NOTE(morganfainberg): Only warn if the base KVS implementation
             # is instantiated.
-            LOG.warn(_('It is recommended to only use the base '
+            LOG.warn(_LW('It is recommended to only use the base '
-                       'key-value-store implementation for the token driver '
+                         'key-value-store implementation for the token driver '
-                       'for testing purposes. Please use '
+                         'for testing purposes. Please use '
-                       'keystone.token.persistence.backends.memcache.Token '
+                         'keystone.token.persistence.backends.memcache.Token '
-                       'or keystone.token.persistence.backends.sql.Token '
+                         'or keystone.token.persistence.backends.sql.Token '
-                       'instead.'))
+                         'instead.'))
 
     def _prefix_token_id(self, token_id):
         return 'token-%s' % token_id.encode('utf-8')
@@ -203,8 +203,8 @@ class Token(token.persistence.Driver):
         expires = timeutils.normalize_time(expires)
 
         if expires < current_time:
-            LOG.warning(_('Token `%s` is expired, not adding to the '
+            LOG.warning(_LW('Token `%s` is expired, not adding to the '
-                          'revocation list.'), data['id'])
+                            'revocation list.'), data['id'])
             return
 
         revoked_token_data['expires'] = timeutils.isotime(expires,
@@ -223,10 +223,10 @@ class Token(token.persistence.Driver):
             # be recoverable. Keystone cannot control external applications
             # from changing a key in some backends, however, it is possible to
             # gracefully handle and notify of this event.
-            LOG.error(_('Reinitializing revocation list due to error '
+            LOG.error(_LE('Reinitializing revocation list due to error '
-                        'in loading revocation list from backend.  '
+                          'in loading revocation list from backend.  '
-                        'Expected `list` type got `%(type)s`. Old '
+                          'Expected `list` type got `%(type)s`. Old '
-                        'revocation list data: %(list)r'),
+                          'revocation list data: %(list)r'),
                       {'type': type(token_list), 'list': token_list})
             token_list = []
 
@@ -237,8 +237,8 @@ class Token(token.persistence.Driver):
                 expires_at = timeutils.normalize_time(
                     timeutils.parse_isotime(token_data['expires']))
             except ValueError:
-                LOG.warning(_('Removing `%s` from revocation list due to '
+                LOG.warning(_LW('Removing `%s` from revocation list due to '
-                              'invalid expires data in revocation list.'),
+                                'invalid expires data in revocation list.'),
                             token_data.get('id', 'INVALID_TOKEN_DATA'))
                 continue
             if expires_at > current_time:

keystone/token/provider.py

@@ -29,7 +29,7 @@ from keystone.common import dependency
 from keystone.common import manager
 from keystone import config
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _, _LE, _LW
 from keystone.models import token_model
 from keystone import notifications
 from keystone.openstack.common import log
@@ -131,9 +131,9 @@ class Manager(manager.Manager):
         """
 
         if CONF.signing.token_format:
-            LOG.warn(_('[signing] token_format is deprecated. '
+            LOG.warn(_LW('[signing] token_format is deprecated. '
-                       'Please change to setting the [token] provider '
+                         'Please change to setting the [token] provider '
-                       'configuration value instead'))
+                         'configuration value instead'))
             try:
 
                 mapped = _FORMAT_TO_PROVIDER[CONF.signing.token_format]
@@ -349,8 +349,8 @@ class Manager(manager.Manager):
             expiry = timeutils.normalize_time(
                 timeutils.parse_isotime(expires_at))
         except Exception:
-            LOG.exception(_('Unexpected error or malformed token determining '
+            LOG.exception(_LE('Unexpected error or malformed token '
-                            'token expiry: %s'), token)
+                              'determining token expiry: %s'), token)
             raise exception.TokenNotFound(_('Failed to validate token'))
 
         if current_time < expiry:

keystone/token/providers/common.py

@@ -21,7 +21,7 @@ from keystone.common import dependency
 from keystone import config
 from keystone.contrib import federation
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _, _LE
 from keystone.openstack.common import log
 from keystone import token
 from keystone.token import provider
@@ -341,10 +341,10 @@ class V3TokenDataHelper(object):
         elif isinstance(audit_info, list):
             token_data['audit_ids'] = audit_info
         else:
-            msg = _('Invalid audit info data type: %(data)s (%(type)s)')
+            msg = (_('Invalid audit info data type: %(data)s (%(type)s)') %
-            msg_subst = {'data': audit_info, 'type': type(audit_info)}
+                   {'data': audit_info, 'type': type(audit_info)})
-            LOG.error(msg, msg_subst)
+            LOG.error(msg)
-            raise exception.UnexpectedError(msg % msg_subst)
+            raise exception.UnexpectedError(msg)
 
     def get_token_data(self, user_id, method_names, extras,
                        domain_id=None, project_id=None, expires=None,
@@ -577,7 +577,7 @@ class BaseProvider(provider.Provider):
                     token_ref, roles_ref, catalog_ref, trust_ref)
             return token_data
         except exception.ValidationError as e:
-            LOG.exception(_('Failed to validate token'))
+            LOG.exception(_LE('Failed to validate token'))
             raise exception.TokenNotFound(e)
 
     def validate_v3_token(self, token_ref):

keystone/token/providers/pki.py

@@ -21,7 +21,7 @@ from keystone.common import environment
 from keystone.common import utils
 from keystone import config
 from keystone import exception
-from keystone.i18n import _
+from keystone.i18n import _, _LE
 from keystone.openstack.common import log
 from keystone.token.providers import common
 
@@ -44,6 +44,6 @@ class Provider(common.BaseProvider):
                                               CONF.signing.keyfile))
             return token_id
         except environment.subprocess.CalledProcessError:
-            LOG.exception(_('Unable to sign token'))
+            LOG.exception(_LE('Unable to sign token'))
             raise exception.UnexpectedError(_(
                 'Unable to sign token.'))