summaryrefslogtreecommitdiffstats
path: root/keystone/exception.py
Commit message (Collapse)AuthorAgeFilesLines
* Implement exception module i18n supportjiataotj2013-07-261-70/+58
| | | | | | | | | | | | | | | | | The doc string in exception.py of Keystone will be returned with __doc__ method, but cannot realize the internationalization.Change exception module to enable i18n support. Changes in the patch are: 1, useing class variable msg_fmt to replace class __doc__ 2, modify wsgi.render_exception function using unicode function to replace str function 3, modify/add UT test cases Fixes: bug # 1179425 Change-Id: I75c1229c905a2625d2f6961d1a8dd3958eac51a5
* Do not raise NEW exceptionsSergey Vilgelm2013-06-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | Raising NEW exception is bad practice, because we lose TraceBack. So all places like: except SomeException as e: raise e should be replaced by except SomeException: raise If we are doing some other actions before reraising we should store information about exception then do all actions and then reraise it. This is caused by eventlet bug. It lost information about exception if it switch threads. fixes bug 1191730 Change-Id: I8dffc36ba5780911dd57d7161d218d0324af60b3
* separate paste-deploy configuration from parametersAlan Pevec2013-05-261-0/+6
| | | | | | | | | | | | PasteDeploy configuration contains class names which might change between releases. Keeping it separate from user-configurable parameters allows deployers to move paste-deploy ini file out of configuration directory to a place where it can be safely overwritten on updates e.g. under /usr/share/ DocImpact Change-Id: I9292ca6226c8430b93565dedd45cc842742a23e2
* Cleanup docstrings (flake8 H401, H402, H403, H404)Dolph Mathews2013-05-241-20/+24
| | | | | | | | | - docstring should not start with a space (flake8 H401) - one line docstring needs punctuation (flake8 H402) - multi line docstring end on new line (flake8 H403) - multi line docstring should start with a summary (flake8 H404) Change-Id: I69b414395930bda739aa01b785ac619fa8bb7d9b
* Merge "Fix 403 status response"Jenkins2013-05-221-1/+1
|\
| * Fix 403 status responseSahdev Zala2013-05-021-1/+1
| | | | | | | | | | | | Fixes Bug1153082 Change-Id: I1305d885751d4fa746e49cd5a76100c1900a9a53
* | Enable unicode error messageLiang Chen2013-04-141-8/+4
|/ | | | | | | | | | | | Keystone exceptions could only take byte string message as the message arguments to construct exception instances because of the way its super class StandardError implements __unicode__. This patch can also make sure it would not unintentionally remove line breaks and indentation in a explicitly given message argument. Fixs bug #1168879 Change-Id: I7916efc87845cfc4dba705e9474125b275affc13
* Fix 401 status responseSahdev Zala2013-04-051-1/+1
| | | | | | Fixes Bug1153718 Change-Id: I18adefdc9cf6cadee6006e9352e872dfb4de7e1d
* Make versions aware of enabled pipelines.Dan Prince2013-03-211-0/+4
| | | | | | | | | | | | | | | | | | Updates to make our versions controller a bit smarter so that it only returns information on API versions which are actually running. With these changes a user can disable the v2.0 or v3 API versions in their pipeline, restart keystone, and then have versions return information only for the versions which are actually running. This is important because auth_token now uses info from the keystone versions controller (in some cases) to dynamically select an API version. Fixes LP Bug #1158470. Change-Id: I0fa8a82f08e7247c44fb7f4ff8dbb7d4ad58b9cc
* Wrap config module and require manual setup (bug 1143998)Dolph Mathews2013-03-201-3/+9
| | | | | | | | | | | | | | | | This moves keystone.config to keystone.common.config, which requires .configure() to be called manually in order for options to be registered. keystone.config preserves the existing behavior of automatically registering options when imported. keystone.middleware.auth_token and it's dependencies within keystone no longer cause config options to be automatically registered. This is an alternative to https://review.openstack.org/#/c/24251/ Change-Id: If9eb5799bf77595ecb71f2000f8b6d1610ea9700
* Ensure delete domain removes all owned entitiesHenry Nash2013-03-181-0/+4
| | | | | | | | | | | | | | | | | | | | | | | Deleting a domain should delete all Users, Groups and Projects that are owned by that domain. This is intertwined with making sure that deleting Users/Projects clean up their relevant Tokens and Credentials (raised as a separate bug, bug fixed here). To help avoid inadvertent deletion, we insist that a domain must be disabled before it can be deleted. In implementing this change, it was discovered that the exception CredentialNotFound is referenced in the identity backend, but never defined - this was needed here for the unit tests. This is raised as a separate bug, and fixed here. A further bug has been raised that this indicates we are lacking in negative testing for Credentials (not fixed in this change) Fixes Bug #1097995 Fixes Bug #1155921 Fixes Bug #1155924 Change-Id: Ibc926f8212fb9bd4426088339a21002a07c86984
* TrustsAdam Young2013-03-051-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Blueprint trusts creates a trust. Using a trust, one user (the trustee), can then create tokens with a subset of another user's (the trustor) roles and projects. If the impersonate flag in the trust is set, the token user_id is set to the trustor's user ID If the impersonate flag is not set, the token's user_is is set to the trustee's user ID check that both trustor and trustee are enabled prior to creating the trust token. sql and kvs backends sql upgrade scripts unit tests for backends, auth and v3 api modifications to the trust controller for creating tokens Authenticates that only user can be trustor in create Deleting a trust invalidates all tokens created from that trust Adds the trust id and the id of the trustee to the header of the token policy rules for trust This version has a workaround for testing against the KVS version of the Service catalog Change-Id: I5745f4d9a4180b59671a143a55ed87019e98ec76
* v3 token APIGuang Yee2013-02-201-0/+18
| | | | | | | | | | | | | | Also implemented the following: blueprint pluggable-identity-authentication-handlers blueprint stop-ids-in-uris blueprint multi-factor-authn (just the plumbing) What's missing? * domain scoping (will be implemented by Henry?) Change-Id: I191c0b2cb3367b2a5f8a2dc674c284bb13ea97e3
* Add size validations to token controller.Dan Prince2013-02-051-0/+13
| | | | | | | | | | | | | Updates token controller so that it explicitly checks the max size of userId, username, tenantId, tenantname, token, and password before continuing with a request. Previously, when used with the SQL keystone backend an unauthenticated user could send in *really* large requests which would ultimately log large SQL exceptions and could thus fill up keystone logs on the disk. Change-Id: Ie7e3a958829f99f080e66582bdf558cded70248c
* Tenant to Project in Back endsAdam Young2013-01-281-5/+1
| | | | | | | | | | | | A continuation of the process to convert the term tenant to project. These changes should only be visible in the error messages produced, but should otherwise be undetectable by calling programs. Removes the TenantNotFound exception which propagates changes through the code that calls the backends as well Change-Id: I998a44bfd6aa85f67d58904bd7af25a56c73d48a
* Limit the size of HTTP requests.Dan Prince2013-01-211-0/+6
| | | | | | | | | | | Adds a new RequestBodySizeLimiter middleware to guard against really large HTTP requests. The default max request size is 112k although this limit is configurable via the 'max_request_body_size' config parameter. Fixes LP Bug #1099025. Change-Id: Id51be3d9a0d829d63d55a92dca61a39a17629785
* Merge "add database string field length check"Jenkins2013-01-151-0/+5
|\
| * add database string field length checkTony NIU2013-01-151-0/+5
| | | | | | | | | | | | | | Added database string field length check, so when insert to a table, if the length of string field exceed the limit of column when, it will return a 400 error instead of truncating the string. Change-Id: I7216fe736ea6e5a23b5647b107fcb2699f1fa99d Fixes: bug #1090247
* | Add _FATAL_EXCEPTION_FORMAT_ERRORS global.Dan Prince2013-01-091-3/+9
| | | | | | | | | | | | | | | | Add a new global variable to control when exception format errors are fatal. The goal is to be able to use this at test time to detect incorrectly formatted exceptions. Change-Id: Ia015bc27a445757cb1d574cadc35698cca0de086
* | Keystone server support for user groupsHenry Nash2013-01-081-0/+4
|/ | | | | | | | | | | | | | | | | | | | | | | This implements the server side of groups of users. This set of code provides all the crud functionality for groups as well as the corresponding support for role assignments. blueprint user-groups The following deficiencies existing with the current version and will be corrected ahead of the final Grizzly release: 1) There is only placeholder support for LDAP (Bug #1092187) 2) Domain role grants are accepted but not yet honored (Bug #1093248) 3) Token invalidation does not occur with group changes (Bug #1093493) This update also fills in missing v3 grant unit testing and v3 grant support within the kvs backend. In addition, there is a fix for Bug #1092200 (uncaught exception when listing grants) DocImpact Change-Id: Ibd1783b04b2d7804eff90312e5ef591dca4d0695
* Merge "Expose authn/z failure info to API in debug mode"Jenkins2012-11-201-3/+36
|\
| * Expose authn/z failure info to API in debug modeDolph Mathews2012-11-151-3/+36
| | | | | | | | | | | | | | | | | | | | | | This allows us to raise exceptions with very specific messages: raise Unauthorized('User name not recognized') In debug mode, this feedback would be exposed to the API user; without debug mode, these details are suppressed. Change-Id: I05c5dce3b1e2ba1123450b302e10b8ba3c265557
* | v3 IdentityDolph Mathews2012-11-201-0/+8
|/ | | | | | | - v3 identity tests (bug 1023930) - v3 identity implementation (bug 1023937) Change-Id: Ic46575afe9760d9da85e262d0cf063ea002d9dcd
* Merge remote-tracking branch 'origin/feature/keystone-v3' into HEADDolph Mathews2012-11-021-0/+4
|\ | | | | | | | | | | | | | | Conflicts: keystone/catalog/core.py keystone/identity/core.py Change-Id: Id47b9dd9c4da811d13454b539f78b751d40ed87d
| * Identity API v3 Config, Routers, ControllersDolph Mathews2012-09-051-0/+4
| | | | | | | | | | | | | | | | | | Provides configuration to deploy the v3 API identically across both: http://[...]:5000/v3/ http://[...]:35357/v3/ Change-Id: I97c5a2f7a84e3fca0adaea020697f958e04f5753
* | Unparseable endpoint URL's should raise friendly errorStef T2012-10-061-0/+4
|/ | | | | | fixes bug #1058494 Change-Id: Id89c530e2f4e7dcf0db03515afb8b2a85fbf8077
* Refactor 404's into managers & drivers (bug 968519)Dolph Mathews2012-06-271-0/+6
| | | | | | | | | | | | | | | The goal is to move the responsibility of reference checks away from controllers and into the underlying managers & drivers, which can handle the task with equal or greater efficiency. - Tenant references from create_user/update_user are NOT tested due to inconsistencies between backends - Additional test coverage improvements Also fixes bug 999209, bug 999608, bug 1006029, bug 1006055, bug 1006287, bug 1006334, and bug 1006344. Change-Id: I7de592e7dd4518038436b9a9fdaab559b00a0537
* Misnamed exception attribute (bug 991936)Dolph Mathews2012-04-301-6/+6
| | | | | | | - exception.NotImplemented 'action' should have been 'title' - Automated test coverage of exceptions to catch this in the future Change-Id: I238e6bc8426ae009f570f0a04d2ea28501ae23fc
* endpoint-crud 404 (bug 963056)Dolph Mathews2012-03-271-1/+1
| | | | | | | endpoint-create endpoint-delete Change-Id: I70ae14ca385a0ed2d3438b8dc2f7ba93b91f400b
* Wrapped unexpected exceptions (bug 955411)Dolph Mathews2012-03-201-5/+45
| | | | | | | | | | | - Replaced all webob.exc's (outside of middleware) with keystone.exception's - Raised 409 Conflict when creating/updating existing user/tenant ID/names (bug 955464) - Raised 501 Not Implemented for user-role-add w/o tenant_id (bug 955548) Change-Id: I9f16cac502c20dd35a6b8da778e85bf3d9cfae49
* Fixes LP #954089 - Service list templated catalogJay Pipes2012-03-191-0/+4
| | | | | | | | | | | | | | | | | * Adds missing test cases for the TemplatedCatalog * Adds a base CatalogTest that different backends can use * Updates kvs.Catalog to raise ServiceNotFound where appropriate * Updates the tests.test_keystoneclient_sql to actually test the SQL catalog backend * Removes old test for incorrect endpoints listing * Removes the keystone.catalog.core.Driver.service_exists method since it was only implemented in the SQL driver and wasn't required now that get_service and delete_service properly raise ServiceNotFound exception. Change-Id: I35690cc147e56007be27bacf94eeff360e727e5d
* Properly return 501 for unsupported Catalog callsAdam Gandelman2012-03-141-0/+6
| | | | | | | | | | | | | | | | | Similar to the other APIs, this creates a Driver class that describes expected functionality of the catalog driver and raises NotImplemented accordingly. NotImplementedError()'s are caught and returned as proper 501s instead of AttributeErrors. Also fixes some inconsistent paramters names in the sql backend. Fixes bug 954087 Update: Convert usage of NotImplementedError() to new keystone.exception.NotImplemented() for all unimplemented driver actions. Change-Id: I69d8e21a6f651e69b724ec5ed5784645bad80c00
* Added Apache 2.0 License information.Monty Taylor2012-02-151-0/+15
| | | | | | Fixes bug 932819 Change-Id: I58e0c2ad704e2e8ff1924a01791694a5e02a154b
* Add TokenNotFound exceptionBrian Waldon2012-02-101-0/+4
| | | | | | * raise TokenNotFound from token backends on get/delete when token doesn't exist Change-Id: Ic9aba7911088c30c20fe62501a05d75232f2d8b9
* Friendly JSON exceptions (bug 928061, bug 928062)Dolph Mathews2012-02-081-0/+54
Example http://pastie.org/3338663 Change-Id: I26f53488c062ebfb6e49cfcf82e0b8179a683ea8
generated by cgit (git 2.34.1) at 2024-06-22 16:49:10 +0000