diff options
author | Jenkins <jenkins@review.openstack.org> | 2012-11-20 20:35:09 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2012-11-20 20:35:09 +0000 |
commit | 4c0f9a6ec2f05b11bce29f2c865b01dc9ae2d8b1 (patch) | |
tree | 09cefd7b25812fef2ea50e644f280e6f0d23365e /keystone/exception.py | |
parent | 715a17b71d065efe93a39721a40a4d58508d0cb6 (diff) | |
parent | c7066a9fed611dc32e7c5fb490c61121cc5b68a5 (diff) | |
download | keystone-4c0f9a6ec2f05b11bce29f2c865b01dc9ae2d8b1.tar.gz keystone-4c0f9a6ec2f05b11bce29f2c865b01dc9ae2d8b1.tar.xz keystone-4c0f9a6ec2f05b11bce29f2c865b01dc9ae2d8b1.zip |
Merge "Expose authn/z failure info to API in debug mode"
Diffstat (limited to 'keystone/exception.py')
-rw-r--r-- | keystone/exception.py | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/keystone/exception.py b/keystone/exception.py index 4b9721cf..96caf322 100644 --- a/keystone/exception.py +++ b/keystone/exception.py @@ -15,6 +15,13 @@ # under the License. import re +from keystone.common import logging +from keystone import config + + +CONF = config.CONF +LOG = logging.getLogger(__name__) + class Error(StandardError): """Base error class. @@ -27,9 +34,24 @@ class Error(StandardError): def __init__(self, message=None, **kwargs): """Use the doc string as the error message by default.""" - message = message or self.__doc__ % kwargs + + try: + message = self._build_message(message, **kwargs) + except KeyError: + # if you see this warning in your logs, please raise a bug report + LOG.warning('missing expected exception kwargs (programmer error)') + message = self.__doc__ + super(Error, self).__init__(message) + def _build_message(self, message, **kwargs): + """Builds and returns an exception message. + + :raises: KeyError given insufficient kwargs + + """ + return message or self.__doc__ % kwargs + def __str__(self): """Cleans up line breaks and indentation from doc strings.""" string = super(Error, self).__str__() @@ -51,13 +73,24 @@ class ValidationError(Error): title = 'Bad Request' -class Unauthorized(Error): +class SecurityError(Error): + """Avoids exposing details of security failures, unless in debug mode.""" + + def _build_message(self, message, **kwargs): + """Only returns detailed messages in debug mode.""" + if CONF.debug: + return message or self.__doc__ % kwargs + else: + return self.__doc__ % kwargs + + +class Unauthorized(SecurityError): """The request you have made requires authentication.""" code = 401 title = 'Not Authorized' -class Forbidden(Error): +class Forbidden(SecurityError): """You are not authorized to perform the requested action.""" code = 403 title = 'Not Authorized' |