Merge "Straighten up exceptions imports"

keystonemiddleware/auth_token/__init__.py

@@ -215,7 +215,7 @@ from keystoneclient import adapter
 from keystoneclient import auth
 from keystoneclient.common import cms
 from keystoneclient import discover
-from keystoneclient import exceptions
+from keystoneclient import exceptions as ksc_exceptions
 from keystoneclient import session
 from oslo_config import cfg
 from oslo_serialization import jsonutils
@@ -226,7 +226,7 @@ import webob.dec
 from keystonemiddleware.auth_token import _auth
 from keystonemiddleware.auth_token import _base
 from keystonemiddleware.auth_token import _cache
-from keystonemiddleware.auth_token import _exceptions as exc
+from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
 from keystonemiddleware.auth_token import _identity
 from keystonemiddleware.auth_token import _request
 from keystonemiddleware.auth_token import _revocations
@@ -416,7 +416,7 @@ def _conf_values_type_convert(conf):
             # This option is not known to auth_token.
             pass
         except ValueError as e:
-            raise exc.ConfigurationError(
+            raise ksm_exceptions.ConfigurationError(
                 _('Unable to convert the value of %(key)s option into correct '
                   'type: %(ex)s') % {'key': k, 'ex': e})
         opts[dest] = v
@@ -480,7 +480,7 @@ class _BaseAuthProtocol(object):
                 data, user_auth_ref = self._do_fetch_token(request.user_token)
                 self._validate_token(user_auth_ref)
                 self._confirm_token_bind(user_auth_ref, request)
-            except exc.InvalidToken:
+            except ksm_exceptions.InvalidToken:
                 self.log.info(_LI('Invalid user token'))
                 request.user_token_valid = False
             else:
@@ -493,7 +493,7 @@ class _BaseAuthProtocol(object):
                 _, serv_auth_ref = self._do_fetch_token(request.service_token)
                 self._validate_token(serv_auth_ref)
                 self._confirm_token_bind(serv_auth_ref, request)
-            except exc.InvalidToken:
+            except ksm_exceptions.InvalidToken:
                 self.log.info(_LI('Invalid service token'))
                 request.service_token_valid = False
             else:
@@ -512,7 +512,7 @@ class _BaseAuthProtocol(object):
         """
         # 0 seconds of validity means it is invalid right now
         if auth_ref.will_expire_soon(stale_duration=0):
-            raise exc.InvalidToken(_('Token authorization failed'))
+            raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
 
     def _do_fetch_token(self, token):
         """Helper method to fetch a token and convert it into an AccessInfo"""
@@ -522,7 +522,7 @@ class _BaseAuthProtocol(object):
             return data, access.AccessInfo.factory(body=data, auth_token=token)
         except Exception:
             self.log.warning(_LW('Invalid token contents.'), exc_info=True)
-            raise exc.InvalidToken(_('Token authorization failed'))
+            raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
 
     def _fetch_token(self, token):
         """Fetch the token data based on the value in the header.
@@ -555,7 +555,7 @@ class _BaseAuthProtocol(object):
         if msg is False:
             msg = _('Token authorization failed')
 
-        raise exc.InvalidToken(msg)
+        raise ksm_exceptions.InvalidToken(msg)
 
     def _confirm_token_bind(self, auth_ref, req):
         if self._enforce_token_bind == _BIND_MODE.DISABLED:
@@ -848,11 +848,13 @@ class AuthProtocol(_BaseAuthProtocol):
 
                 self._token_cache.store(token_hashes[0], data)
 
-        except (exceptions.ConnectionRefused, exceptions.RequestTimeout,
+        except (ksc_exceptions.ConnectionRefused,
-                exc.RevocationListError, exc.ServiceError) as e:
+                ksc_exceptions.RequestTimeout,
+                ksm_exceptions.RevocationListError,
+                ksm_exceptions.ServiceError) as e:
             self.log.critical(_LC('Unable to validate token: %s'), e)
             raise webob.exc.HTTPServiceUnavailable()
-        except exc.InvalidToken:
+        except ksm_exceptions.InvalidToken:
             self.log.debug('Token validation failure.', exc_info=True)
             if token_hashes:
                 self._token_cache.store_invalid(token_hashes[0])
@@ -873,10 +875,10 @@ class AuthProtocol(_BaseAuthProtocol):
             else:
                 # Can't do offline validation for this type of token.
                 return
-        except exceptions.CertificateConfigError:
+        except ksc_exceptions.CertificateConfigError:
             self.log.warning(_LW('Fetch certificate config failed, '
                                  'fallback to online validation.'))
-        except exc.RevocationListError:
+        except ksm_exceptions.RevocationListError:
             self.log.warning(_LW('Fetch revocation list failed, '
                                  'fallback to online validation.'))
         else:
@@ -888,7 +890,7 @@ class AuthProtocol(_BaseAuthProtocol):
 
         if auth_ref.version == 'v2.0' and not auth_ref.project_id:
             msg = _('Unable to determine service tenancy.')
-            raise exc.InvalidToken(msg)
+            raise ksm_exceptions.InvalidToken(msg)
 
     def _cms_verify(self, data, inform=cms.PKI_ASN1_FORM):
         """Verifies the signature of the provided data's IAW CMS syntax.
@@ -905,14 +907,15 @@ class AuthProtocol(_BaseAuthProtocol):
                 return cms.cms_verify(data, signing_cert_path,
                                       signing_ca_path,
                                       inform=inform).decode('utf-8')
-            except (exceptions.CMSError,
+            except (ksc_exceptions.CMSError,
                     cms.subprocess.CalledProcessError) as err:
                 self.log.warning(_LW('Verify error: %s'), err)
-                raise exc.InvalidToken(_('Token authorization failed'))
+                msg = _('Token authorization failed')
+                raise ksm_exceptions.InvalidToken(msg)
 
         try:
             return verify()
-        except exceptions.CertificateConfigError:
+        except ksc_exceptions.CertificateConfigError:
             # the certs might be missing; unconditionally fetch to avoid racing
             self._fetch_signing_cert()
             self._fetch_ca_cert()
@@ -920,7 +923,7 @@ class AuthProtocol(_BaseAuthProtocol):
             try:
                 # retry with certs in place
                 return verify()
-            except exceptions.CertificateConfigError as err:
+            except ksc_exceptions.CertificateConfigError as err:
                 # if this is still occurring, something else is wrong and we
                 # need err.output to identify the problem
                 self.log.error(_LE('CMS Verify output: %s'), err.output)
@@ -942,7 +945,7 @@ class AuthProtocol(_BaseAuthProtocol):
         # TypeError If the signed_text is not zlib compressed
         # binascii.Error if signed_text has incorrect base64 padding (py34)
         except (TypeError, binascii.Error):
-            raise exc.InvalidToken(signed_text)
+            raise ksm_exceptions.InvalidToken(signed_text)
 
     def _fetch_signing_cert(self):
         self._signing_directory.write_file(
@@ -1105,7 +1108,7 @@ def app_factory(global_conf, **local_conf):
 
 
 # NOTE(jamielennox): Maintained here for public API compatibility.
-InvalidToken = exc.InvalidToken
+InvalidToken = ksm_exceptions.InvalidToken
-ServiceError = exc.ServiceError
+ServiceError = ksm_exceptions.ServiceError
-ConfigurationError = exc.ConfigurationError
+ConfigurationError = ksm_exceptions.ConfigurationError
-RevocationListError = exc.RevocationListError
+RevocationListError = ksm_exceptions.RevocationListError

keystonemiddleware/auth_token/_identity.py

@@ -14,13 +14,13 @@ import functools
 
 from keystoneclient import auth
 from keystoneclient import discover
-from keystoneclient import exceptions
+from keystoneclient import exceptions as ksc_exceptions
 from keystoneclient.v2_0 import client as v2_client
 from keystoneclient.v3 import client as v3_client
 from six.moves import urllib
 
 from keystonemiddleware.auth_token import _auth
-from keystonemiddleware.auth_token import _exceptions as exc
+from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
 from keystonemiddleware.i18n import _, _LE, _LI, _LW
 
 
@@ -29,8 +29,8 @@ def _convert_fetch_cert_exception(fetch_cert):
     def wrapper(self):
         try:
             text = fetch_cert(self)
-        except exceptions.HTTPError as e:
+        except ksc_exceptions.HTTPError as e:
-            raise exceptions.CertificateConfigError(e.details)
+            raise ksc_exceptions.CertificateConfigError(e.details)
         return text
 
     return wrapper
@@ -77,7 +77,7 @@ class _V2RequestStrategy(_RequestStrategy):
 
         if not auth_ref:
             msg = _('Failed to fetch token data from identity server')
-            raise exc.InvalidToken(msg)
+            raise ksm_exceptions.InvalidToken(msg)
 
         return {'access': auth_ref}
 
@@ -106,7 +106,7 @@ class _V3RequestStrategy(_RequestStrategy):
 
         if not auth_ref:
             msg = _('Failed to fetch token data from identity server')
-            raise exc.InvalidToken(msg)
+            raise ksm_exceptions.InvalidToken(msg)
 
         return {'token': auth_ref}
 
@@ -194,7 +194,7 @@ class IdentityServer(object):
                         ', '.join(versions))
 
         msg = _('No compatible apis supported by server')
-        raise exc.ServiceError(msg)
+        raise ksm_exceptions.ServiceError(msg)
 
     def verify_token(self, user_token, retry=True):
         """Authenticate user token with identity server.
@@ -211,11 +211,11 @@ class IdentityServer(object):
         """
         try:
             auth_ref = self._request_strategy.verify_token(user_token)
-        except exceptions.NotFound as e:
+        except ksc_exceptions.NotFound as e:
             self._LOG.warning(_LW('Authorization failed for token'))
             self._LOG.warning(_LW('Identity response: %s'), e.response.text)
-            raise exc.InvalidToken(_('Token authorization failed'))
+            raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
-        except exceptions.Unauthorized as e:
+        except ksc_exceptions.Unauthorized as e:
             self._LOG.info(_LI('Identity server rejected authorization'))
             self._LOG.warning(_LW('Identity response: %s'), e.response.text)
             if retry:
@@ -223,26 +223,26 @@ class IdentityServer(object):
                 return self.verify_token(user_token, False)
             msg = _('Identity server rejected authorization necessary to '
                     'fetch token data')
-            raise exc.ServiceError(msg)
+            raise ksm_exceptions.ServiceError(msg)
-        except exceptions.HttpError as e:
+        except ksc_exceptions.HttpError as e:
             self._LOG.error(
                 _LE('Bad response code while validating token: %s'),
                 e.http_status)
             self._LOG.warning(_LW('Identity response: %s'), e.response.text)
             msg = _('Failed to fetch token data from identity server')
-            raise exc.ServiceError(msg)
+            raise ksm_exceptions.ServiceError(msg)
         else:
             return auth_ref
 
     def fetch_revocation_list(self):
         try:
             data = self._request_strategy.fetch_revocation_list()
-        except exceptions.HTTPError as e:
+        except ksc_exceptions.HTTPError as e:
             msg = _('Failed to fetch token revocation list: %d')
-            raise exc.RevocationListError(msg % e.http_status)
+            raise ksm_exceptions.RevocationListError(msg % e.http_status)
         if 'signed' not in data:
             msg = _('Revocation list improperly formatted.')
-            raise exc.RevocationListError(msg)
+            raise ksm_exceptions.RevocationListError(msg)
         return data['signed']
 
     def fetch_signing_cert(self):

keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py

@@ -25,7 +25,7 @@ import uuid
 import fixtures
 from keystoneclient import auth
 from keystoneclient.common import cms
-from keystoneclient import exceptions
+from keystoneclient import exceptions as ksc_exceptions
 from keystoneclient import fixture
 from keystoneclient import session
 import mock
@@ -42,7 +42,7 @@ import webob.dec
 
 from keystonemiddleware import auth_token
 from keystonemiddleware.auth_token import _base
-from keystonemiddleware.auth_token import _exceptions as exc
+from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
 from keystonemiddleware.auth_token import _revocations
 from keystonemiddleware.openstack.common import memorycache
 from keystonemiddleware.tests.unit.auth_token import base
@@ -512,7 +512,7 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
         conf = {
             'include_service_catalog': '123',
         }
-        self.assertRaises(exc.ConfigurationError,
+        self.assertRaises(ksm_exceptions.ConfigurationError,
                           auth_token.AuthProtocol, self.fake_app, conf)
 
     def test_auth_region_name(self):
@@ -656,7 +656,7 @@ class CommonAuthTokenMiddlewareTest(object):
         # test the case where that retrieval fails
         self.middleware._revocations._fetched_time = datetime.datetime.min
         with mock.patch.object(self.middleware._revocations, '_fetch',
-                               side_effect=exc.RevocationListError):
+                               side_effect=ksm_exceptions.RevocationListError):
             self.call_middleware(headers={'X-Auth-Token': token},
                                  expected_status=503)
 
@@ -797,7 +797,7 @@ class CommonAuthTokenMiddlewareTest(object):
     def test_verify_signed_token_raises_exception_for_revoked_token(self):
         self.middleware._revocations._list = (
             self.get_revocation_list_json())
-        self.assertRaises(exc.InvalidToken,
+        self.assertRaises(ksm_exceptions.InvalidToken,
                           self.middleware._verify_signed_token,
                           self.token_dict['revoked_token'],
                           [self.token_dict['revoked_token_hash']])
@@ -807,7 +807,7 @@ class CommonAuthTokenMiddlewareTest(object):
         self.set_middleware()
         self.middleware._revocations._list = (
             self.get_revocation_list_json(mode='sha256'))
-        self.assertRaises(exc.InvalidToken,
+        self.assertRaises(ksm_exceptions.InvalidToken,
                           self.middleware._verify_signed_token,
                           self.token_dict['revoked_token'],
                           [self.token_dict['revoked_token_hash_sha256'],
@@ -816,7 +816,7 @@ class CommonAuthTokenMiddlewareTest(object):
     def test_verify_signed_token_raises_exception_for_revoked_pkiz_token(self):
         self.middleware._revocations._list = (
             self.examples.REVOKED_TOKEN_PKIZ_LIST_JSON)
-        self.assertRaises(exc.InvalidToken,
+        self.assertRaises(ksm_exceptions.InvalidToken,
                           self.middleware._verify_pkiz_token,
                           self.token_dict['revoked_token_pkiz'],
                           [self.token_dict['revoked_token_pkiz_hash']])
@@ -912,7 +912,7 @@ class CommonAuthTokenMiddlewareTest(object):
 
     def test_invalid_revocation_list_raises_error(self):
         self.requests_mock.get(self.revocation_url, json={})
-        self.assertRaises(exc.RevocationListError,
+        self.assertRaises(ksm_exceptions.RevocationListError,
                           self.middleware._revocations._fetch)
 
     def test_fetch_revocation_list(self):
@@ -983,7 +983,8 @@ class CommonAuthTokenMiddlewareTest(object):
         token = 'invalid-token'
         self.call_middleware(headers={'X-Auth-Token': token},
                              expected_status=401)
-        self.assertRaises(exc.InvalidToken, self._get_cached_token, token)
+        self.assertRaises(ksm_exceptions.InvalidToken,
+                          self._get_cached_token, token)
 
     def test_memcache_set_expired(self, extra_conf={}, extra_environ={}):
         token_cache_time = 10
@@ -1319,7 +1320,7 @@ class V2CertDownloadMiddlewareTest(BaseAuthTokenMiddlewareTest,
                                status_code=404)
         self.requests_mock.get('%s%s' % (BASE_URI, self.signing_path),
                                status_code=404)
-        self.assertRaises(exceptions.CertificateConfigError,
+        self.assertRaises(ksc_exceptions.CertificateConfigError,
                           self.middleware._verify_signed_token,
                           self.examples.SIGNED_TOKEN_SCOPED,
                           [self.examples.SIGNED_TOKEN_SCOPED_HASH])
@@ -1411,7 +1412,7 @@ class V3CertDownloadMiddlewareTest(V2CertDownloadMiddlewareTest):
 
 
 def network_error_response(request, context):
-    raise exceptions.ConnectionRefused("Network connection refused.")
+    raise ksc_exceptions.ConnectionRefused("Network connection refused.")
 
 
 class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
@@ -1680,7 +1681,8 @@ class v3AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
         self.assertEqual(auth_id, FAKE_ADMIN_TOKEN_ID)
 
         if token_id == ERROR_TOKEN:
-            raise exceptions.ConnectionRefused("Network connection refused.")
+            msg = "Network connection refused."
+            raise ksc_exceptions.ConnectionRefused(msg)
 
         try:
             response = self.examples.JSON_TOKEN_RESPONSES[token_id]
@@ -2131,7 +2133,8 @@ class v3CompositeAuthTests(BaseAuthTokenMiddlewareTest,
         response = ""
 
         if token_id == ERROR_TOKEN:
-            raise exceptions.ConnectionRefused("Network connection refused.")
+            msg = "Network connection refused."
+            raise ksc_exceptions.ConnectionRefused(msg)
 
         try:
             response = self.examples.JSON_TOKEN_RESPONSES[token_id]
@@ -2281,7 +2284,7 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest):
                         group=_base.AUTHTOKEN_GROUP)
 
         self.assertRaises(
-            exceptions.NoMatchingPlugin,
+            ksc_exceptions.NoMatchingPlugin,
             self.create_simple_middleware)
 
     def test_plugin_loading_mixed_opts(self):