summaryrefslogtreecommitdiffstats
path: root/nova/auth
diff options
context:
space:
mode:
Diffstat (limited to 'nova/auth')
-rw-r--r--nova/auth/dbdriver.py20
-rw-r--r--nova/auth/fakeldap.py2
-rw-r--r--nova/auth/ldapdriver.py69
-rw-r--r--nova/auth/manager.py30
4 files changed, 64 insertions, 57 deletions
diff --git a/nova/auth/dbdriver.py b/nova/auth/dbdriver.py
index a1584322b..47e435cb6 100644
--- a/nova/auth/dbdriver.py
+++ b/nova/auth/dbdriver.py
@@ -37,7 +37,6 @@ class DbDriver(object):
def __init__(self):
"""Imports the LDAP module"""
pass
- db
def __enter__(self):
return self
@@ -83,7 +82,7 @@ class DbDriver(object):
user_ref = db.user_create(context.get_admin_context(), values)
return self._db_user_to_auth_user(user_ref)
except exception.Duplicate, e:
- raise exception.Duplicate('User %s already exists' % name)
+ raise exception.Duplicate(_('User %s already exists') % name)
def _db_user_to_auth_user(self, user_ref):
return {'id': user_ref['id'],
@@ -105,8 +104,9 @@ class DbDriver(object):
"""Create a project"""
manager = db.user_get(context.get_admin_context(), manager_uid)
if not manager:
- raise exception.NotFound("Project can't be created because "
- "manager %s doesn't exist" % manager_uid)
+ raise exception.NotFound(_("Project can't be created because "
+ "manager %s doesn't exist")
+ % manager_uid)
# description is a required attribute
if description is None:
@@ -133,8 +133,8 @@ class DbDriver(object):
try:
project = db.project_create(context.get_admin_context(), values)
except exception.Duplicate:
- raise exception.Duplicate("Project can't be created because "
- "project %s already exists" % name)
+ raise exception.Duplicate(_("Project can't be created because "
+ "project %s already exists") % name)
for member in members:
db.project_add_member(context.get_admin_context(),
@@ -155,8 +155,8 @@ class DbDriver(object):
if manager_uid:
manager = db.user_get(context.get_admin_context(), manager_uid)
if not manager:
- raise exception.NotFound("Project can't be modified because "
- "manager %s doesn't exist" %
+ raise exception.NotFound(_("Project can't be modified because "
+ "manager %s doesn't exist") %
manager_uid)
values['project_manager'] = manager['id']
if description:
@@ -243,8 +243,8 @@ class DbDriver(object):
def _validate_user_and_project(self, user_id, project_id):
user = db.user_get(context.get_admin_context(), user_id)
if not user:
- raise exception.NotFound('User "%s" not found' % user_id)
+ raise exception.NotFound(_('User "%s" not found') % user_id)
project = db.project_get(context.get_admin_context(), project_id)
if not project:
- raise exception.NotFound('Project "%s" not found' % project_id)
+ raise exception.NotFound(_('Project "%s" not found') % project_id)
return user, project
diff --git a/nova/auth/fakeldap.py b/nova/auth/fakeldap.py
index 1ac579dbd..33cd03430 100644
--- a/nova/auth/fakeldap.py
+++ b/nova/auth/fakeldap.py
@@ -30,7 +30,7 @@ import json
class Store(object):
def __init__(self):
if hasattr(self.__class__, '_instance'):
- raise Exception('Attempted to instantiate singleton')
+ raise Exception(_('Attempted to instantiate singleton'))
@classmethod
def instance(cls):
diff --git a/nova/auth/ldapdriver.py b/nova/auth/ldapdriver.py
index c10939d74..e289ea5a2 100644
--- a/nova/auth/ldapdriver.py
+++ b/nova/auth/ldapdriver.py
@@ -159,7 +159,7 @@ class LdapDriver(object):
self.conn.modify_s(self.__uid_to_dn(name), attr)
return self.get_user(name)
else:
- raise exception.NotFound("LDAP object for %s doesn't exist"
+ raise exception.NotFound(_("LDAP object for %s doesn't exist")
% name)
else:
attr = [
@@ -182,11 +182,12 @@ class LdapDriver(object):
description=None, member_uids=None):
"""Create a project"""
if self.__project_exists(name):
- raise exception.Duplicate("Project can't be created because "
- "project %s already exists" % name)
+ raise exception.Duplicate(_("Project can't be created because "
+ "project %s already exists") % name)
if not self.__user_exists(manager_uid):
- raise exception.NotFound("Project can't be created because "
- "manager %s doesn't exist" % manager_uid)
+ raise exception.NotFound(_("Project can't be created because "
+ "manager %s doesn't exist")
+ % manager_uid)
manager_dn = self.__uid_to_dn(manager_uid)
# description is a required attribute
if description is None:
@@ -195,8 +196,8 @@ class LdapDriver(object):
if member_uids is not None:
for member_uid in member_uids:
if not self.__user_exists(member_uid):
- raise exception.NotFound("Project can't be created "
- "because user %s doesn't exist"
+ raise exception.NotFound(_("Project can't be created "
+ "because user %s doesn't exist")
% member_uid)
members.append(self.__uid_to_dn(member_uid))
# always add the manager as a member because members is required
@@ -218,9 +219,9 @@ class LdapDriver(object):
attr = []
if manager_uid:
if not self.__user_exists(manager_uid):
- raise exception.NotFound("Project can't be modified because "
- "manager %s doesn't exist" %
- manager_uid)
+ raise exception.NotFound(_("Project can't be modified because "
+ "manager %s doesn't exist")
+ % manager_uid)
manager_dn = self.__uid_to_dn(manager_uid)
attr.append((self.ldap.MOD_REPLACE, 'projectManager', manager_dn))
if description:
@@ -416,8 +417,9 @@ class LdapDriver(object):
if member_uids is not None:
for member_uid in member_uids:
if not self.__user_exists(member_uid):
- raise exception.NotFound("Group can't be created "
- "because user %s doesn't exist" % member_uid)
+ raise exception.NotFound(_("Group can't be created "
+ "because user %s doesn't exist")
+ % member_uid)
members.append(self.__uid_to_dn(member_uid))
dn = self.__uid_to_dn(uid)
if not dn in members:
@@ -432,8 +434,9 @@ class LdapDriver(object):
def __is_in_group(self, uid, group_dn):
"""Check if user is in group"""
if not self.__user_exists(uid):
- raise exception.NotFound("User %s can't be searched in group "
- "becuase the user doesn't exist" % (uid,))
+ raise exception.NotFound(_("User %s can't be searched in group "
+ "because the user doesn't exist")
+ % uid)
if not self.__group_exists(group_dn):
return False
res = self.__find_object(group_dn,
@@ -444,28 +447,30 @@ class LdapDriver(object):
def __add_to_group(self, uid, group_dn):
"""Add user to group"""
if not self.__user_exists(uid):
- raise exception.NotFound("User %s can't be added to the group "
- "becuase the user doesn't exist" % (uid,))
+ raise exception.NotFound(_("User %s can't be added to the group "
+ "because the user doesn't exist")
+ % uid)
if not self.__group_exists(group_dn):
- raise exception.NotFound("The group at dn %s doesn't exist" %
- (group_dn,))
+ raise exception.NotFound(_("The group at dn %s doesn't exist")
+ % group_dn)
if self.__is_in_group(uid, group_dn):
- raise exception.Duplicate("User %s is already a member of "
- "the group %s" % (uid, group_dn))
+ raise exception.Duplicate(_("User %s is already a member of "
+ "the group %s") % (uid, group_dn))
attr = [(self.ldap.MOD_ADD, 'member', self.__uid_to_dn(uid))]
self.conn.modify_s(group_dn, attr)
def __remove_from_group(self, uid, group_dn):
"""Remove user from group"""
if not self.__group_exists(group_dn):
- raise exception.NotFound("The group at dn %s doesn't exist" %
- (group_dn,))
+ raise exception.NotFound(_("The group at dn %s doesn't exist")
+ % group_dn)
if not self.__user_exists(uid):
- raise exception.NotFound("User %s can't be removed from the "
- "group because the user doesn't exist" % (uid,))
+ raise exception.NotFound(_("User %s can't be removed from the "
+ "group because the user doesn't exist")
+ % uid)
if not self.__is_in_group(uid, group_dn):
- raise exception.NotFound("User %s is not a member of the group" %
- (uid,))
+ raise exception.NotFound(_("User %s is not a member of the group")
+ % uid)
# NOTE(vish): remove user from group and any sub_groups
sub_dns = self.__find_group_dns_with_member(
group_dn, uid)
@@ -479,15 +484,16 @@ class LdapDriver(object):
try:
self.conn.modify_s(group_dn, attr)
except self.ldap.OBJECT_CLASS_VIOLATION:
- logging.debug("Attempted to remove the last member of a group. "
- "Deleting the group at %s instead.", group_dn)
+ logging.debug(_("Attempted to remove the last member of a group. "
+ "Deleting the group at %s instead."), group_dn)
self.__delete_group(group_dn)
def __remove_from_all(self, uid):
"""Remove user from all roles and projects"""
if not self.__user_exists(uid):
- raise exception.NotFound("User %s can't be removed from all "
- "because the user doesn't exist" % (uid,))
+ raise exception.NotFound(_("User %s can't be removed from all "
+ "because the user doesn't exist")
+ % uid)
role_dns = self.__find_group_dns_with_member(
FLAGS.role_project_subtree, uid)
for role_dn in role_dns:
@@ -500,7 +506,8 @@ class LdapDriver(object):
def __delete_group(self, group_dn):
"""Delete Group"""
if not self.__group_exists(group_dn):
- raise exception.NotFound("Group at dn %s doesn't exist" % group_dn)
+ raise exception.NotFound(_("Group at dn %s doesn't exist")
+ % group_dn)
self.conn.delete_s(group_dn)
def __delete_roles(self, project_dn):
diff --git a/nova/auth/manager.py b/nova/auth/manager.py
index 11c3bd6df..417f2b76d 100644
--- a/nova/auth/manager.py
+++ b/nova/auth/manager.py
@@ -257,12 +257,12 @@ class AuthManager(object):
# TODO(vish): check for valid timestamp
(access_key, _sep, project_id) = access.partition(':')
- logging.info('Looking up user: %r', access_key)
+ logging.info(_('Looking up user: %r'), access_key)
user = self.get_user_from_access_key(access_key)
logging.info('user: %r', user)
if user == None:
- raise exception.NotFound('No user found for access key %s' %
- access_key)
+ raise exception.NotFound(_('No user found for access key %s')
+ % access_key)
# NOTE(vish): if we stop using project name as id we need better
# logic to find a default project for user
@@ -271,12 +271,12 @@ class AuthManager(object):
project = self.get_project(project_id)
if project == None:
- raise exception.NotFound('No project called %s could be found' %
- project_id)
+ raise exception.NotFound(_('No project called %s could be found')
+ % project_id)
if not self.is_admin(user) and not self.is_project_member(user,
project):
- raise exception.NotFound('User %s is not a member of project %s' %
- (user.id, project.id))
+ raise exception.NotFound(_('User %s is not a member of project %s')
+ % (user.id, project.id))
if check_type == 's3':
sign = signer.Signer(user.secret.encode())
expected_signature = sign.s3_authorization(headers, verb, path)
@@ -284,7 +284,7 @@ class AuthManager(object):
logging.debug('expected_signature: %s', expected_signature)
logging.debug('signature: %s', signature)
if signature != expected_signature:
- raise exception.NotAuthorized('Signature does not match')
+ raise exception.NotAuthorized(_('Signature does not match'))
elif check_type == 'ec2':
# NOTE(vish): hmac can't handle unicode, so encode ensures that
# secret isn't unicode
@@ -294,7 +294,7 @@ class AuthManager(object):
logging.debug('expected_signature: %s', expected_signature)
logging.debug('signature: %s', signature)
if signature != expected_signature:
- raise exception.NotAuthorized('Signature does not match')
+ raise exception.NotAuthorized(_('Signature does not match'))
return (user, project)
def get_access_key(self, user, project):
@@ -364,7 +364,7 @@ class AuthManager(object):
with self.driver() as drv:
if role == 'projectmanager':
if not project:
- raise exception.Error("Must specify project")
+ raise exception.Error(_("Must specify project"))
return self.is_project_manager(user, project)
global_role = drv.has_role(User.safe_id(user),
@@ -398,9 +398,9 @@ class AuthManager(object):
@param project: Project in which to add local role.
"""
if role not in FLAGS.allowed_roles:
- raise exception.NotFound("The %s role can not be found" % role)
+ raise exception.NotFound(_("The %s role can not be found") % role)
if project is not None and role in FLAGS.global_roles:
- raise exception.NotFound("The %s role is global only" % role)
+ raise exception.NotFound(_("The %s role is global only") % role)
with self.driver() as drv:
drv.add_role(User.safe_id(user), role, Project.safe_id(project))
@@ -546,7 +546,8 @@ class AuthManager(object):
Project.safe_id(project))
if not network_ref['vpn_public_port']:
- raise exception.NotFound('project network data has not been set')
+ raise exception.NotFound(_('project network data has not '
+ 'been set'))
return (network_ref['vpn_public_address'],
network_ref['vpn_public_port'])
@@ -659,8 +660,7 @@ class AuthManager(object):
port=vpn_port)
zippy.writestr(FLAGS.credential_vpn_file, config)
else:
- logging.warn("No vpn data for project %s" %
- pid)
+ logging.warn(_("No vpn data for project %s"), pid)
zippy.writestr(FLAGS.ca_file, crypto.fetch_ca(user.id))
zippy.close()
generated by cgit (git 2.34.1) at 2026-04-28 23:16:01 +0000