Codebase list python-castellan / 0be6648
Standardize Barbican error messages Wrap Barbican's errors with a KeyManagerError instead of reraising the Barbican exception. Change-Id: Ib49bad7336534df75ef8165c7229c656fae04dd8 Kaitlin Farr 8 years ago
3 changed file(s) with 34 addition(s) and 46 deletion(s). Raw diff Collapse all Expand all
+1
-1
castellan/common/exception.py less more
4141 if not message_arg:
4242 message_arg = self.message
4343 try:
44 self.message = message_arg.format(**kwargs)
44 self.message = message_arg % kwargs
4545 except Exception as e:
4646 if _FATAL_EXCEPTION_FORMAT_ERRORS:
4747 raise e
+28
-40
castellan/key_manager/barbican_key_manager.py less more
2424 from keystoneclient import session
2525 from oslo_config import cfg
2626 from oslo_log import log as logging
27 from oslo_utils import excutils
2827
2928 from castellan.common import exception
3029 from castellan.common.objects import key as key_base_class
8988 :param context: the user context for authentication
9089 :return: a Barbican Client object
9190 :raises Forbidden: if the context is None
92 :raises KeyManagerError: if context is missing tenant or
93 tenant is None
91 :raises KeyManagerError: if context is missing tenant or tenant is
92 None or error occurs while creating client
9493 """
9594
9695 # Confirm context is provided, if not raise forbidden
103102 msg = u._("Unable to create Barbican Client without tenant "
104103 "attribute in context object.")
105104 LOG.error(msg)
106 raise exception.KeyManagerError(msg)
105 raise exception.KeyManagerError(reason=msg)
107106
108107 if self._barbican_client and self._current_context == context:
109108 return self._barbican_client
119118 endpoint=self._barbican_endpoint)
120119
121120 except Exception as e:
122 with excutils.save_and_reraise_exception():
123 LOG.error(u._LE("Error creating Barbican client: %s"), e)
121 LOG.error(u._LE("Error creating Barbican client: %s"), e)
122 raise exception.KeyManagerError(reason=e)
124123
125124 self._base_url = self._create_base_url(auth,
126125 sess,
157156 msg = u._LE(
158157 "Could not find discovery information for %s") % endpoint
159158 LOG.error(msg)
160 raise exception.KeyManagerError(msg)
159 raise exception.KeyManagerError(reason=msg)
161160 latest_version = raw_data[-1]
162161 api_version = latest_version.get('id')
163162
174173 :param length: the bit length of the secret
175174 :param expiration: the date the key will expire
176175 :return: the UUID of the new key
177 :raises HTTPAuthError: if key creation fails with 401
178 :raises HTTPClientError: if key creation failes with 4xx
179 :raises HTTPServerError: if key creation fails with 5xx
176 :raises KeyManagerError: if key creation fails
180177 """
181178 barbican_client = self._get_barbican_client(context)
182179
191188 except (barbican_exceptions.HTTPAuthError,
192189 barbican_exceptions.HTTPClientError,
193190 barbican_exceptions.HTTPServerError) as e:
194 with excutils.save_and_reraise_exception():
195 LOG.error(u._LE("Error creating key: %s"), e)
191 LOG.error(u._LE("Error creating key: %s"), e)
192 raise exception.KeyManagerError(reason=e)
196193
197194 def create_key_pair(self, context, algorithm, length, expiration=None):
198195 """Creates an asymmetric key pair.
204201 :param expiration: the date the key will expire
205202 :return: the UUIDs of the new key, in the order (private, public)
206203 :raises NotImplementedError: until implemented
207 :raises HTTPAuthError: if key creation fails with 401
208 :raises HTTPClientError: if key creation failes with 4xx
209 :raises HTTPServerError: if key creation fails with 5xx
204 :raises KeyManagerError: if key pair creation fails
210205 """
211206 barbican_client = self._get_barbican_client(context)
212207
228223 except (barbican_exceptions.HTTPAuthError,
229224 barbican_exceptions.HTTPClientError,
230225 barbican_exceptions.HTTPServerError) as e:
231 with excutils.save_and_reraise_exception():
232 LOG.error(u._LE("Error creating key pair: %s"), e)
226 LOG.error(u._LE("Error creating key pair: %s"), e)
227 raise exception.KeyManagerError(reason=e)
233228
234229 def _get_barbican_object(self, barbican_client, managed_object):
235230 """Converts the Castellan managed_object to a Barbican secret."""
291286 :param expiration: the expiration time of the secret in ISO 8601
292287 format
293288 :returns: the UUID of the stored object
294 :raises HTTPAuthError: if object creation fails with 401
295 :raises HTTPClientError: if object creation failes with 4xx
296 :raises HTTPServerError: if object creation fails with 5xx
289 :raises KeyManagerError: if object store fails
297290 """
298291 barbican_client = self._get_barbican_client(context)
299292
306299 except (barbican_exceptions.HTTPAuthError,
307300 barbican_exceptions.HTTPClientError,
308301 barbican_exceptions.HTTPServerError) as e:
309 with excutils.save_and_reraise_exception():
310 LOG.error(u._LE("Error storing object: %s"), e)
302 LOG.error(u._LE("Error storing object: %s"), e)
303 raise exception.KeyManagerError(reason=e)
311304
312305 def _create_secret_ref(self, key_id):
313306 """Creates the URL required for accessing a secret.
317310 """
318311 if not key_id:
319312 msg = "Key ID is None"
320 raise exception.KeyManagerError(msg)
313 raise exception.KeyManagerError(reason=msg)
321314 base_url = self._base_url
322315 if base_url[-1] != '/':
323316 base_url += '/'
355348 'num_retries':
356349 number_of_retries}
357350 LOG.error(msg)
358 raise exception.KeyManagerError(msg)
351 raise exception.KeyManagerError(reason=msg)
359352
360353 def _retrieve_secret_uuid(self, secret_ref):
361354 """Retrieves the UUID of the secret from the secret_ref.
431424 for the request (castellan/context.py)
432425 :param key_id: UUID of the secret
433426 :return: the secret's metadata
434 :raises HTTPAuthError: if object retrieval fails with 401
435 :raises HTTPClientError: if object retrieval fails with 4xx
436 :raises HTTPServerError: if object retrieval fails with 5xx
427 :raises KeyManagerError: if object retrieval fails
437428 """
438429
439430 barbican_client = self._get_barbican_client(context)
444435 except (barbican_exceptions.HTTPAuthError,
445436 barbican_exceptions.HTTPClientError,
446437 barbican_exceptions.HTTPServerError) as e:
447 with excutils.save_and_reraise_exception():
448 LOG.error(u._LE("Error getting secret metadata: %s"), e)
438 LOG.error(u._LE("Error getting secret metadata: %s"), e)
439 raise exception.KeyManagerError(reason=e)
449440
450441 def get(self, context, managed_object_id):
451442 """Retrieves the specified managed object.
456447 for the request (castellan/context.py)
457448 :param managed_object_id: the UUID of the object to retrieve
458449 :return: SymmetricKey representation of the key
459 :raises HTTPAuthError: if object retrieval fails with 401
460 :raises HTTPClientError: if object retrieval fails with 4xx
461 :raises HTTPServerError: if object retrieval fails with 5xx
450 :raises KeyManagerError: if object retrieval fails
462451 """
463452 try:
464453 secret = self._get_secret(context, managed_object_id)
465454 return self._get_castellan_object(secret)
466455 except (barbican_exceptions.HTTPAuthError,
467456 barbican_exceptions.HTTPClientError,
468 barbican_exceptions.HTTPServerError) as e:
469 with excutils.save_and_reraise_exception():
470 LOG.error(u._LE("Error getting object: %s"), e)
457 barbican_exceptions.HTTPServerError,
458 exception.KeyManagerError) as e:
459 LOG.error(u._LE("Error getting object: %s"), e)
460 raise exception.KeyManagerError(reason=e)
471461
472462 def delete(self, context, managed_object_id):
473463 """Deletes the specified managed object.
475465 :param context: contains information of the user and the environment
476466 for the request (castellan/context.py)
477467 :param managed_object_id: the UUID of the object to delete
478 :raises HTTPAuthError: if key deletion fails with 401
479 :raises HTTPClientError: if key deletion fails with 4xx
480 :raises HTTPServerError: if key deletion fails with 5xx
468 :raises KeyManagerError: if key deletion fails
481469 """
482470 barbican_client = self._get_barbican_client(context)
483471
487475 except (barbican_exceptions.HTTPAuthError,
488476 barbican_exceptions.HTTPClientError,
489477 barbican_exceptions.HTTPServerError) as e:
490 with excutils.save_and_reraise_exception():
491 LOG.error(u._LE("Error deleting object: %s"), e)
478 LOG.error(u._LE("Error deleting object: %s"), e)
479 raise exception.KeyManagerError(reason=e)
+5
-5
castellan/tests/unit/key_manager/test_barbican_key_manager.py less more
105105 self.mock_barbican.orders.create_key.return_value = key_order
106106 key_order.submit = mock.Mock(
107107 side_effect=barbican_exceptions.HTTPClientError('test error'))
108 self.assertRaises(barbican_exceptions.HTTPClientError,
108 self.assertRaises(exception.KeyManagerError,
109109 self.key_mgr.create_key, self.ctxt, 'AES', 256)
110110
111111 def test_create_key_pair(self):
158158 self.mock_barbican.orders.create_asymmetric.return_value = asym_order
159159 asym_order.submit = mock.Mock(
160160 side_effect=barbican_exceptions.HTTPClientError('test error'))
161 self.assertRaises(barbican_exceptions.HTTPClientError,
161 self.assertRaises(exception.KeyManagerError,
162162 self.key_mgr.create_key_pair, self.ctxt, 'RSA', 2048)
163163
164164 def test_delete_null_context(self):
177177 def test_delete_with_error(self):
178178 self.mock_barbican.secrets.delete = mock.Mock(
179179 side_effect=barbican_exceptions.HTTPClientError('test error'))
180 self.assertRaises(barbican_exceptions.HTTPClientError,
180 self.assertRaises(exception.KeyManagerError,
181181 self.key_mgr.delete, self.ctxt, self.key_id)
182182
183183 def test_get_key(self):
206206 def test_get_with_error(self):
207207 self.mock_barbican.secrets.get = mock.Mock(
208208 side_effect=barbican_exceptions.HTTPClientError('test error'))
209 self.assertRaises(barbican_exceptions.HTTPClientError,
209 self.assertRaises(exception.KeyManagerError,
210210 self.key_mgr.get, self.ctxt, self.key_id)
211211
212212 def test_store_key(self):
244244 _key = sym_key.SymmetricKey('AES',
245245 key_length,
246246 secret_key)
247 self.assertRaises(barbican_exceptions.HTTPClientError,
247 self.assertRaises(exception.KeyManagerError,
248248 self.key_mgr.store, self.ctxt, _key)
249249
250250 def test_get_active_order(self):