Merge "Straighten up exceptions imports"
This commit is contained in:
commit
de6b98fd5c
@ -215,7 +215,7 @@ from keystoneclient import adapter
|
||||
from keystoneclient import auth
|
||||
from keystoneclient.common import cms
|
||||
from keystoneclient import discover
|
||||
from keystoneclient import exceptions
|
||||
from keystoneclient import exceptions as ksc_exceptions
|
||||
from keystoneclient import session
|
||||
from oslo_config import cfg
|
||||
from oslo_serialization import jsonutils
|
||||
@ -226,7 +226,7 @@ import webob.dec
|
||||
from keystonemiddleware.auth_token import _auth
|
||||
from keystonemiddleware.auth_token import _base
|
||||
from keystonemiddleware.auth_token import _cache
|
||||
from keystonemiddleware.auth_token import _exceptions as exc
|
||||
from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
|
||||
from keystonemiddleware.auth_token import _identity
|
||||
from keystonemiddleware.auth_token import _request
|
||||
from keystonemiddleware.auth_token import _revocations
|
||||
@ -416,7 +416,7 @@ def _conf_values_type_convert(conf):
|
||||
# This option is not known to auth_token.
|
||||
pass
|
||||
except ValueError as e:
|
||||
raise exc.ConfigurationError(
|
||||
raise ksm_exceptions.ConfigurationError(
|
||||
_('Unable to convert the value of %(key)s option into correct '
|
||||
'type: %(ex)s') % {'key': k, 'ex': e})
|
||||
opts[dest] = v
|
||||
@ -480,7 +480,7 @@ class _BaseAuthProtocol(object):
|
||||
data, user_auth_ref = self._do_fetch_token(request.user_token)
|
||||
self._validate_token(user_auth_ref)
|
||||
self._confirm_token_bind(user_auth_ref, request)
|
||||
except exc.InvalidToken:
|
||||
except ksm_exceptions.InvalidToken:
|
||||
self.log.info(_LI('Invalid user token'))
|
||||
request.user_token_valid = False
|
||||
else:
|
||||
@ -493,7 +493,7 @@ class _BaseAuthProtocol(object):
|
||||
_, serv_auth_ref = self._do_fetch_token(request.service_token)
|
||||
self._validate_token(serv_auth_ref)
|
||||
self._confirm_token_bind(serv_auth_ref, request)
|
||||
except exc.InvalidToken:
|
||||
except ksm_exceptions.InvalidToken:
|
||||
self.log.info(_LI('Invalid service token'))
|
||||
request.service_token_valid = False
|
||||
else:
|
||||
@ -512,7 +512,7 @@ class _BaseAuthProtocol(object):
|
||||
"""
|
||||
# 0 seconds of validity means it is invalid right now
|
||||
if auth_ref.will_expire_soon(stale_duration=0):
|
||||
raise exc.InvalidToken(_('Token authorization failed'))
|
||||
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
|
||||
|
||||
def _do_fetch_token(self, token):
|
||||
"""Helper method to fetch a token and convert it into an AccessInfo"""
|
||||
@ -522,7 +522,7 @@ class _BaseAuthProtocol(object):
|
||||
return data, access.AccessInfo.factory(body=data, auth_token=token)
|
||||
except Exception:
|
||||
self.log.warning(_LW('Invalid token contents.'), exc_info=True)
|
||||
raise exc.InvalidToken(_('Token authorization failed'))
|
||||
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
|
||||
|
||||
def _fetch_token(self, token):
|
||||
"""Fetch the token data based on the value in the header.
|
||||
@ -555,7 +555,7 @@ class _BaseAuthProtocol(object):
|
||||
if msg is False:
|
||||
msg = _('Token authorization failed')
|
||||
|
||||
raise exc.InvalidToken(msg)
|
||||
raise ksm_exceptions.InvalidToken(msg)
|
||||
|
||||
def _confirm_token_bind(self, auth_ref, req):
|
||||
if self._enforce_token_bind == _BIND_MODE.DISABLED:
|
||||
@ -848,11 +848,13 @@ class AuthProtocol(_BaseAuthProtocol):
|
||||
|
||||
self._token_cache.store(token_hashes[0], data)
|
||||
|
||||
except (exceptions.ConnectionRefused, exceptions.RequestTimeout,
|
||||
exc.RevocationListError, exc.ServiceError) as e:
|
||||
except (ksc_exceptions.ConnectionRefused,
|
||||
ksc_exceptions.RequestTimeout,
|
||||
ksm_exceptions.RevocationListError,
|
||||
ksm_exceptions.ServiceError) as e:
|
||||
self.log.critical(_LC('Unable to validate token: %s'), e)
|
||||
raise webob.exc.HTTPServiceUnavailable()
|
||||
except exc.InvalidToken:
|
||||
except ksm_exceptions.InvalidToken:
|
||||
self.log.debug('Token validation failure.', exc_info=True)
|
||||
if token_hashes:
|
||||
self._token_cache.store_invalid(token_hashes[0])
|
||||
@ -873,10 +875,10 @@ class AuthProtocol(_BaseAuthProtocol):
|
||||
else:
|
||||
# Can't do offline validation for this type of token.
|
||||
return
|
||||
except exceptions.CertificateConfigError:
|
||||
except ksc_exceptions.CertificateConfigError:
|
||||
self.log.warning(_LW('Fetch certificate config failed, '
|
||||
'fallback to online validation.'))
|
||||
except exc.RevocationListError:
|
||||
except ksm_exceptions.RevocationListError:
|
||||
self.log.warning(_LW('Fetch revocation list failed, '
|
||||
'fallback to online validation.'))
|
||||
else:
|
||||
@ -888,7 +890,7 @@ class AuthProtocol(_BaseAuthProtocol):
|
||||
|
||||
if auth_ref.version == 'v2.0' and not auth_ref.project_id:
|
||||
msg = _('Unable to determine service tenancy.')
|
||||
raise exc.InvalidToken(msg)
|
||||
raise ksm_exceptions.InvalidToken(msg)
|
||||
|
||||
def _cms_verify(self, data, inform=cms.PKI_ASN1_FORM):
|
||||
"""Verifies the signature of the provided data's IAW CMS syntax.
|
||||
@ -905,14 +907,15 @@ class AuthProtocol(_BaseAuthProtocol):
|
||||
return cms.cms_verify(data, signing_cert_path,
|
||||
signing_ca_path,
|
||||
inform=inform).decode('utf-8')
|
||||
except (exceptions.CMSError,
|
||||
except (ksc_exceptions.CMSError,
|
||||
cms.subprocess.CalledProcessError) as err:
|
||||
self.log.warning(_LW('Verify error: %s'), err)
|
||||
raise exc.InvalidToken(_('Token authorization failed'))
|
||||
msg = _('Token authorization failed')
|
||||
raise ksm_exceptions.InvalidToken(msg)
|
||||
|
||||
try:
|
||||
return verify()
|
||||
except exceptions.CertificateConfigError:
|
||||
except ksc_exceptions.CertificateConfigError:
|
||||
# the certs might be missing; unconditionally fetch to avoid racing
|
||||
self._fetch_signing_cert()
|
||||
self._fetch_ca_cert()
|
||||
@ -920,7 +923,7 @@ class AuthProtocol(_BaseAuthProtocol):
|
||||
try:
|
||||
# retry with certs in place
|
||||
return verify()
|
||||
except exceptions.CertificateConfigError as err:
|
||||
except ksc_exceptions.CertificateConfigError as err:
|
||||
# if this is still occurring, something else is wrong and we
|
||||
# need err.output to identify the problem
|
||||
self.log.error(_LE('CMS Verify output: %s'), err.output)
|
||||
@ -942,7 +945,7 @@ class AuthProtocol(_BaseAuthProtocol):
|
||||
# TypeError If the signed_text is not zlib compressed
|
||||
# binascii.Error if signed_text has incorrect base64 padding (py34)
|
||||
except (TypeError, binascii.Error):
|
||||
raise exc.InvalidToken(signed_text)
|
||||
raise ksm_exceptions.InvalidToken(signed_text)
|
||||
|
||||
def _fetch_signing_cert(self):
|
||||
self._signing_directory.write_file(
|
||||
@ -1105,7 +1108,7 @@ def app_factory(global_conf, **local_conf):
|
||||
|
||||
|
||||
# NOTE(jamielennox): Maintained here for public API compatibility.
|
||||
InvalidToken = exc.InvalidToken
|
||||
ServiceError = exc.ServiceError
|
||||
ConfigurationError = exc.ConfigurationError
|
||||
RevocationListError = exc.RevocationListError
|
||||
InvalidToken = ksm_exceptions.InvalidToken
|
||||
ServiceError = ksm_exceptions.ServiceError
|
||||
ConfigurationError = ksm_exceptions.ConfigurationError
|
||||
RevocationListError = ksm_exceptions.RevocationListError
|
||||
|
@ -14,13 +14,13 @@ import functools
|
||||
|
||||
from keystoneclient import auth
|
||||
from keystoneclient import discover
|
||||
from keystoneclient import exceptions
|
||||
from keystoneclient import exceptions as ksc_exceptions
|
||||
from keystoneclient.v2_0 import client as v2_client
|
||||
from keystoneclient.v3 import client as v3_client
|
||||
from six.moves import urllib
|
||||
|
||||
from keystonemiddleware.auth_token import _auth
|
||||
from keystonemiddleware.auth_token import _exceptions as exc
|
||||
from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
|
||||
from keystonemiddleware.i18n import _, _LE, _LI, _LW
|
||||
|
||||
|
||||
@ -29,8 +29,8 @@ def _convert_fetch_cert_exception(fetch_cert):
|
||||
def wrapper(self):
|
||||
try:
|
||||
text = fetch_cert(self)
|
||||
except exceptions.HTTPError as e:
|
||||
raise exceptions.CertificateConfigError(e.details)
|
||||
except ksc_exceptions.HTTPError as e:
|
||||
raise ksc_exceptions.CertificateConfigError(e.details)
|
||||
return text
|
||||
|
||||
return wrapper
|
||||
@ -77,7 +77,7 @@ class _V2RequestStrategy(_RequestStrategy):
|
||||
|
||||
if not auth_ref:
|
||||
msg = _('Failed to fetch token data from identity server')
|
||||
raise exc.InvalidToken(msg)
|
||||
raise ksm_exceptions.InvalidToken(msg)
|
||||
|
||||
return {'access': auth_ref}
|
||||
|
||||
@ -106,7 +106,7 @@ class _V3RequestStrategy(_RequestStrategy):
|
||||
|
||||
if not auth_ref:
|
||||
msg = _('Failed to fetch token data from identity server')
|
||||
raise exc.InvalidToken(msg)
|
||||
raise ksm_exceptions.InvalidToken(msg)
|
||||
|
||||
return {'token': auth_ref}
|
||||
|
||||
@ -194,7 +194,7 @@ class IdentityServer(object):
|
||||
', '.join(versions))
|
||||
|
||||
msg = _('No compatible apis supported by server')
|
||||
raise exc.ServiceError(msg)
|
||||
raise ksm_exceptions.ServiceError(msg)
|
||||
|
||||
def verify_token(self, user_token, retry=True):
|
||||
"""Authenticate user token with identity server.
|
||||
@ -211,11 +211,11 @@ class IdentityServer(object):
|
||||
"""
|
||||
try:
|
||||
auth_ref = self._request_strategy.verify_token(user_token)
|
||||
except exceptions.NotFound as e:
|
||||
except ksc_exceptions.NotFound as e:
|
||||
self._LOG.warning(_LW('Authorization failed for token'))
|
||||
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
|
||||
raise exc.InvalidToken(_('Token authorization failed'))
|
||||
except exceptions.Unauthorized as e:
|
||||
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
|
||||
except ksc_exceptions.Unauthorized as e:
|
||||
self._LOG.info(_LI('Identity server rejected authorization'))
|
||||
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
|
||||
if retry:
|
||||
@ -223,26 +223,26 @@ class IdentityServer(object):
|
||||
return self.verify_token(user_token, False)
|
||||
msg = _('Identity server rejected authorization necessary to '
|
||||
'fetch token data')
|
||||
raise exc.ServiceError(msg)
|
||||
except exceptions.HttpError as e:
|
||||
raise ksm_exceptions.ServiceError(msg)
|
||||
except ksc_exceptions.HttpError as e:
|
||||
self._LOG.error(
|
||||
_LE('Bad response code while validating token: %s'),
|
||||
e.http_status)
|
||||
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
|
||||
msg = _('Failed to fetch token data from identity server')
|
||||
raise exc.ServiceError(msg)
|
||||
raise ksm_exceptions.ServiceError(msg)
|
||||
else:
|
||||
return auth_ref
|
||||
|
||||
def fetch_revocation_list(self):
|
||||
try:
|
||||
data = self._request_strategy.fetch_revocation_list()
|
||||
except exceptions.HTTPError as e:
|
||||
except ksc_exceptions.HTTPError as e:
|
||||
msg = _('Failed to fetch token revocation list: %d')
|
||||
raise exc.RevocationListError(msg % e.http_status)
|
||||
raise ksm_exceptions.RevocationListError(msg % e.http_status)
|
||||
if 'signed' not in data:
|
||||
msg = _('Revocation list improperly formatted.')
|
||||
raise exc.RevocationListError(msg)
|
||||
raise ksm_exceptions.RevocationListError(msg)
|
||||
return data['signed']
|
||||
|
||||
def fetch_signing_cert(self):
|
||||
|
@ -25,7 +25,7 @@ import uuid
|
||||
import fixtures
|
||||
from keystoneclient import auth
|
||||
from keystoneclient.common import cms
|
||||
from keystoneclient import exceptions
|
||||
from keystoneclient import exceptions as ksc_exceptions
|
||||
from keystoneclient import fixture
|
||||
from keystoneclient import session
|
||||
import mock
|
||||
@ -42,7 +42,7 @@ import webob.dec
|
||||
|
||||
from keystonemiddleware import auth_token
|
||||
from keystonemiddleware.auth_token import _base
|
||||
from keystonemiddleware.auth_token import _exceptions as exc
|
||||
from keystonemiddleware.auth_token import _exceptions as ksm_exceptions
|
||||
from keystonemiddleware.auth_token import _revocations
|
||||
from keystonemiddleware.openstack.common import memorycache
|
||||
from keystonemiddleware.tests.unit.auth_token import base
|
||||
@ -512,7 +512,7 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
|
||||
conf = {
|
||||
'include_service_catalog': '123',
|
||||
}
|
||||
self.assertRaises(exc.ConfigurationError,
|
||||
self.assertRaises(ksm_exceptions.ConfigurationError,
|
||||
auth_token.AuthProtocol, self.fake_app, conf)
|
||||
|
||||
def test_auth_region_name(self):
|
||||
@ -656,7 +656,7 @@ class CommonAuthTokenMiddlewareTest(object):
|
||||
# test the case where that retrieval fails
|
||||
self.middleware._revocations._fetched_time = datetime.datetime.min
|
||||
with mock.patch.object(self.middleware._revocations, '_fetch',
|
||||
side_effect=exc.RevocationListError):
|
||||
side_effect=ksm_exceptions.RevocationListError):
|
||||
self.call_middleware(headers={'X-Auth-Token': token},
|
||||
expected_status=503)
|
||||
|
||||
@ -797,7 +797,7 @@ class CommonAuthTokenMiddlewareTest(object):
|
||||
def test_verify_signed_token_raises_exception_for_revoked_token(self):
|
||||
self.middleware._revocations._list = (
|
||||
self.get_revocation_list_json())
|
||||
self.assertRaises(exc.InvalidToken,
|
||||
self.assertRaises(ksm_exceptions.InvalidToken,
|
||||
self.middleware._verify_signed_token,
|
||||
self.token_dict['revoked_token'],
|
||||
[self.token_dict['revoked_token_hash']])
|
||||
@ -807,7 +807,7 @@ class CommonAuthTokenMiddlewareTest(object):
|
||||
self.set_middleware()
|
||||
self.middleware._revocations._list = (
|
||||
self.get_revocation_list_json(mode='sha256'))
|
||||
self.assertRaises(exc.InvalidToken,
|
||||
self.assertRaises(ksm_exceptions.InvalidToken,
|
||||
self.middleware._verify_signed_token,
|
||||
self.token_dict['revoked_token'],
|
||||
[self.token_dict['revoked_token_hash_sha256'],
|
||||
@ -816,7 +816,7 @@ class CommonAuthTokenMiddlewareTest(object):
|
||||
def test_verify_signed_token_raises_exception_for_revoked_pkiz_token(self):
|
||||
self.middleware._revocations._list = (
|
||||
self.examples.REVOKED_TOKEN_PKIZ_LIST_JSON)
|
||||
self.assertRaises(exc.InvalidToken,
|
||||
self.assertRaises(ksm_exceptions.InvalidToken,
|
||||
self.middleware._verify_pkiz_token,
|
||||
self.token_dict['revoked_token_pkiz'],
|
||||
[self.token_dict['revoked_token_pkiz_hash']])
|
||||
@ -912,7 +912,7 @@ class CommonAuthTokenMiddlewareTest(object):
|
||||
|
||||
def test_invalid_revocation_list_raises_error(self):
|
||||
self.requests_mock.get(self.revocation_url, json={})
|
||||
self.assertRaises(exc.RevocationListError,
|
||||
self.assertRaises(ksm_exceptions.RevocationListError,
|
||||
self.middleware._revocations._fetch)
|
||||
|
||||
def test_fetch_revocation_list(self):
|
||||
@ -983,7 +983,8 @@ class CommonAuthTokenMiddlewareTest(object):
|
||||
token = 'invalid-token'
|
||||
self.call_middleware(headers={'X-Auth-Token': token},
|
||||
expected_status=401)
|
||||
self.assertRaises(exc.InvalidToken, self._get_cached_token, token)
|
||||
self.assertRaises(ksm_exceptions.InvalidToken,
|
||||
self._get_cached_token, token)
|
||||
|
||||
def test_memcache_set_expired(self, extra_conf={}, extra_environ={}):
|
||||
token_cache_time = 10
|
||||
@ -1319,7 +1320,7 @@ class V2CertDownloadMiddlewareTest(BaseAuthTokenMiddlewareTest,
|
||||
status_code=404)
|
||||
self.requests_mock.get('%s%s' % (BASE_URI, self.signing_path),
|
||||
status_code=404)
|
||||
self.assertRaises(exceptions.CertificateConfigError,
|
||||
self.assertRaises(ksc_exceptions.CertificateConfigError,
|
||||
self.middleware._verify_signed_token,
|
||||
self.examples.SIGNED_TOKEN_SCOPED,
|
||||
[self.examples.SIGNED_TOKEN_SCOPED_HASH])
|
||||
@ -1411,7 +1412,7 @@ class V3CertDownloadMiddlewareTest(V2CertDownloadMiddlewareTest):
|
||||
|
||||
|
||||
def network_error_response(request, context):
|
||||
raise exceptions.ConnectionRefused("Network connection refused.")
|
||||
raise ksc_exceptions.ConnectionRefused("Network connection refused.")
|
||||
|
||||
|
||||
class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
|
||||
@ -1680,7 +1681,8 @@ class v3AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
|
||||
self.assertEqual(auth_id, FAKE_ADMIN_TOKEN_ID)
|
||||
|
||||
if token_id == ERROR_TOKEN:
|
||||
raise exceptions.ConnectionRefused("Network connection refused.")
|
||||
msg = "Network connection refused."
|
||||
raise ksc_exceptions.ConnectionRefused(msg)
|
||||
|
||||
try:
|
||||
response = self.examples.JSON_TOKEN_RESPONSES[token_id]
|
||||
@ -2131,7 +2133,8 @@ class v3CompositeAuthTests(BaseAuthTokenMiddlewareTest,
|
||||
response = ""
|
||||
|
||||
if token_id == ERROR_TOKEN:
|
||||
raise exceptions.ConnectionRefused("Network connection refused.")
|
||||
msg = "Network connection refused."
|
||||
raise ksc_exceptions.ConnectionRefused(msg)
|
||||
|
||||
try:
|
||||
response = self.examples.JSON_TOKEN_RESPONSES[token_id]
|
||||
@ -2281,7 +2284,7 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest):
|
||||
group=_base.AUTHTOKEN_GROUP)
|
||||
|
||||
self.assertRaises(
|
||||
exceptions.NoMatchingPlugin,
|
||||
ksc_exceptions.NoMatchingPlugin,
|
||||
self.create_simple_middleware)
|
||||
|
||||
def test_plugin_loading_mixed_opts(self):
|
||||
|
Loading…
Reference in New Issue
Block a user