diff --git a/castellan/common/exception.py b/castellan/common/exception.py index 2ab8ddb6..f68fef42 100644 --- a/castellan/common/exception.py +++ b/castellan/common/exception.py @@ -42,7 +42,7 @@ class CastellanException(Exception): if not message_arg: message_arg = self.message try: - self.message = message_arg.format(**kwargs) + self.message = message_arg % kwargs except Exception as e: if _FATAL_EXCEPTION_FORMAT_ERRORS: raise e diff --git a/castellan/key_manager/barbican_key_manager.py b/castellan/key_manager/barbican_key_manager.py index 752a2ed3..13d833d6 100644 --- a/castellan/key_manager/barbican_key_manager.py +++ b/castellan/key_manager/barbican_key_manager.py @@ -25,7 +25,6 @@ from keystoneclient.auth import identity from keystoneclient import session from oslo_config import cfg from oslo_log import log as logging -from oslo_utils import excutils from castellan.common import exception from castellan.common.objects import key as key_base_class @@ -90,8 +89,8 @@ class BarbicanKeyManager(key_manager.KeyManager): :param context: the user context for authentication :return: a Barbican Client object :raises Forbidden: if the context is None - :raises KeyManagerError: if context is missing tenant or - tenant is None + :raises KeyManagerError: if context is missing tenant or tenant is + None or error occurs while creating client """ # Confirm context is provided, if not raise forbidden @@ -104,7 +103,7 @@ class BarbicanKeyManager(key_manager.KeyManager): msg = u._("Unable to create Barbican Client without tenant " "attribute in context object.") LOG.error(msg) - raise exception.KeyManagerError(msg) + raise exception.KeyManagerError(reason=msg) if self._barbican_client and self._current_context == context: return self._barbican_client @@ -120,8 +119,8 @@ class BarbicanKeyManager(key_manager.KeyManager): endpoint=self._barbican_endpoint) except Exception as e: - with excutils.save_and_reraise_exception(): - LOG.error(u._LE("Error creating Barbican client: %s"), e) + LOG.error(u._LE("Error creating Barbican client: %s"), e) + raise exception.KeyManagerError(reason=e) self._base_url = self._create_base_url(auth, sess, @@ -158,7 +157,7 @@ class BarbicanKeyManager(key_manager.KeyManager): msg = u._LE( "Could not find discovery information for %s") % endpoint LOG.error(msg) - raise exception.KeyManagerError(msg) + raise exception.KeyManagerError(reason=msg) latest_version = raw_data[-1] api_version = latest_version.get('id') @@ -175,9 +174,7 @@ class BarbicanKeyManager(key_manager.KeyManager): :param length: the bit length of the secret :param expiration: the date the key will expire :return: the UUID of the new key - :raises HTTPAuthError: if key creation fails with 401 - :raises HTTPClientError: if key creation failes with 4xx - :raises HTTPServerError: if key creation fails with 5xx + :raises KeyManagerError: if key creation fails """ barbican_client = self._get_barbican_client(context) @@ -192,8 +189,8 @@ class BarbicanKeyManager(key_manager.KeyManager): except (barbican_exceptions.HTTPAuthError, barbican_exceptions.HTTPClientError, barbican_exceptions.HTTPServerError) as e: - with excutils.save_and_reraise_exception(): - LOG.error(u._LE("Error creating key: %s"), e) + LOG.error(u._LE("Error creating key: %s"), e) + raise exception.KeyManagerError(reason=e) def create_key_pair(self, context, algorithm, length, expiration=None): """Creates an asymmetric key pair. @@ -205,9 +202,7 @@ class BarbicanKeyManager(key_manager.KeyManager): :param expiration: the date the key will expire :return: the UUIDs of the new key, in the order (private, public) :raises NotImplementedError: until implemented - :raises HTTPAuthError: if key creation fails with 401 - :raises HTTPClientError: if key creation failes with 4xx - :raises HTTPServerError: if key creation fails with 5xx + :raises KeyManagerError: if key pair creation fails """ barbican_client = self._get_barbican_client(context) @@ -229,8 +224,8 @@ class BarbicanKeyManager(key_manager.KeyManager): except (barbican_exceptions.HTTPAuthError, barbican_exceptions.HTTPClientError, barbican_exceptions.HTTPServerError) as e: - with excutils.save_and_reraise_exception(): - LOG.error(u._LE("Error creating key pair: %s"), e) + LOG.error(u._LE("Error creating key pair: %s"), e) + raise exception.KeyManagerError(reason=e) def _get_barbican_object(self, barbican_client, managed_object): """Converts the Castellan managed_object to a Barbican secret.""" @@ -292,9 +287,7 @@ class BarbicanKeyManager(key_manager.KeyManager): :param expiration: the expiration time of the secret in ISO 8601 format :returns: the UUID of the stored object - :raises HTTPAuthError: if object creation fails with 401 - :raises HTTPClientError: if object creation failes with 4xx - :raises HTTPServerError: if object creation fails with 5xx + :raises KeyManagerError: if object store fails """ barbican_client = self._get_barbican_client(context) @@ -307,8 +300,8 @@ class BarbicanKeyManager(key_manager.KeyManager): except (barbican_exceptions.HTTPAuthError, barbican_exceptions.HTTPClientError, barbican_exceptions.HTTPServerError) as e: - with excutils.save_and_reraise_exception(): - LOG.error(u._LE("Error storing object: %s"), e) + LOG.error(u._LE("Error storing object: %s"), e) + raise exception.KeyManagerError(reason=e) def _create_secret_ref(self, key_id): """Creates the URL required for accessing a secret. @@ -318,7 +311,7 @@ class BarbicanKeyManager(key_manager.KeyManager): """ if not key_id: msg = "Key ID is None" - raise exception.KeyManagerError(msg) + raise exception.KeyManagerError(reason=msg) base_url = self._base_url if base_url[-1] != '/': base_url += '/' @@ -356,7 +349,7 @@ class BarbicanKeyManager(key_manager.KeyManager): 'num_retries': number_of_retries} LOG.error(msg) - raise exception.KeyManagerError(msg) + raise exception.KeyManagerError(reason=msg) def _retrieve_secret_uuid(self, secret_ref): """Retrieves the UUID of the secret from the secret_ref. @@ -432,9 +425,7 @@ class BarbicanKeyManager(key_manager.KeyManager): for the request (castellan/context.py) :param key_id: UUID of the secret :return: the secret's metadata - :raises HTTPAuthError: if object retrieval fails with 401 - :raises HTTPClientError: if object retrieval fails with 4xx - :raises HTTPServerError: if object retrieval fails with 5xx + :raises KeyManagerError: if object retrieval fails """ barbican_client = self._get_barbican_client(context) @@ -445,8 +436,8 @@ class BarbicanKeyManager(key_manager.KeyManager): except (barbican_exceptions.HTTPAuthError, barbican_exceptions.HTTPClientError, barbican_exceptions.HTTPServerError) as e: - with excutils.save_and_reraise_exception(): - LOG.error(u._LE("Error getting secret metadata: %s"), e) + LOG.error(u._LE("Error getting secret metadata: %s"), e) + raise exception.KeyManagerError(reason=e) def get(self, context, managed_object_id): """Retrieves the specified managed object. @@ -457,18 +448,17 @@ class BarbicanKeyManager(key_manager.KeyManager): for the request (castellan/context.py) :param managed_object_id: the UUID of the object to retrieve :return: SymmetricKey representation of the key - :raises HTTPAuthError: if object retrieval fails with 401 - :raises HTTPClientError: if object retrieval fails with 4xx - :raises HTTPServerError: if object retrieval fails with 5xx + :raises KeyManagerError: if object retrieval fails """ try: secret = self._get_secret(context, managed_object_id) return self._get_castellan_object(secret) except (barbican_exceptions.HTTPAuthError, barbican_exceptions.HTTPClientError, - barbican_exceptions.HTTPServerError) as e: - with excutils.save_and_reraise_exception(): - LOG.error(u._LE("Error getting object: %s"), e) + barbican_exceptions.HTTPServerError, + exception.KeyManagerError) as e: + LOG.error(u._LE("Error getting object: %s"), e) + raise exception.KeyManagerError(reason=e) def delete(self, context, managed_object_id): """Deletes the specified managed object. @@ -476,9 +466,7 @@ class BarbicanKeyManager(key_manager.KeyManager): :param context: contains information of the user and the environment for the request (castellan/context.py) :param managed_object_id: the UUID of the object to delete - :raises HTTPAuthError: if key deletion fails with 401 - :raises HTTPClientError: if key deletion fails with 4xx - :raises HTTPServerError: if key deletion fails with 5xx + :raises KeyManagerError: if key deletion fails """ barbican_client = self._get_barbican_client(context) @@ -488,5 +476,5 @@ class BarbicanKeyManager(key_manager.KeyManager): except (barbican_exceptions.HTTPAuthError, barbican_exceptions.HTTPClientError, barbican_exceptions.HTTPServerError) as e: - with excutils.save_and_reraise_exception(): - LOG.error(u._LE("Error deleting object: %s"), e) + LOG.error(u._LE("Error deleting object: %s"), e) + raise exception.KeyManagerError(reason=e) diff --git a/castellan/tests/unit/key_manager/test_barbican_key_manager.py b/castellan/tests/unit/key_manager/test_barbican_key_manager.py index f00e6d02..e2ef7218 100644 --- a/castellan/tests/unit/key_manager/test_barbican_key_manager.py +++ b/castellan/tests/unit/key_manager/test_barbican_key_manager.py @@ -106,7 +106,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase): self.mock_barbican.orders.create_key.return_value = key_order key_order.submit = mock.Mock( side_effect=barbican_exceptions.HTTPClientError('test error')) - self.assertRaises(barbican_exceptions.HTTPClientError, + self.assertRaises(exception.KeyManagerError, self.key_mgr.create_key, self.ctxt, 'AES', 256) def test_create_key_pair(self): @@ -159,7 +159,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase): self.mock_barbican.orders.create_asymmetric.return_value = asym_order asym_order.submit = mock.Mock( side_effect=barbican_exceptions.HTTPClientError('test error')) - self.assertRaises(barbican_exceptions.HTTPClientError, + self.assertRaises(exception.KeyManagerError, self.key_mgr.create_key_pair, self.ctxt, 'RSA', 2048) def test_delete_null_context(self): @@ -178,7 +178,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase): def test_delete_with_error(self): self.mock_barbican.secrets.delete = mock.Mock( side_effect=barbican_exceptions.HTTPClientError('test error')) - self.assertRaises(barbican_exceptions.HTTPClientError, + self.assertRaises(exception.KeyManagerError, self.key_mgr.delete, self.ctxt, self.key_id) def test_get_key(self): @@ -207,7 +207,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase): def test_get_with_error(self): self.mock_barbican.secrets.get = mock.Mock( side_effect=barbican_exceptions.HTTPClientError('test error')) - self.assertRaises(barbican_exceptions.HTTPClientError, + self.assertRaises(exception.KeyManagerError, self.key_mgr.get, self.ctxt, self.key_id) def test_store_key(self): @@ -245,7 +245,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase): _key = sym_key.SymmetricKey('AES', key_length, secret_key) - self.assertRaises(barbican_exceptions.HTTPClientError, + self.assertRaises(exception.KeyManagerError, self.key_mgr.store, self.ctxt, _key) def test_get_active_order(self):