Fix exceptions names and messages for Keystone errors

Names and error messages changed for some Ironic exceptions because
they used now not only for Keystone service catalog. Aliases created
for backward compatibility.
These exceptions are deprecated, and will be removed after Kilo:
CatalogUnauthorized (use KeystoneUnauthorized),
CatalogFailure (use KeystoneFailure).

Closes-Bug: #1378868
DocImpact
Change-Id: If719e366b27914af9426ac6d52ff9c168e7b8410

ironic/common/exception.py

@@ -325,14 +325,19 @@ class InvalidImageRef(Invalid):
     message = _("Invalid image href %(image_href)s.")
 
 
-class CatalogUnauthorized(IronicException):
-    message = _("Unauthorised for keystone service catalog.")
+class KeystoneUnauthorized(IronicException):
+    message = _("Not authorized in Keystone.")
 
 
-class CatalogFailure(IronicException):
+class KeystoneFailure(IronicException):
     pass
 
 
+# aliases for backward compatibility, should be removed after Kilo cycle
+CatalogUnauthorized = KeystoneUnauthorized
+CatalogFailure = KeystoneFailure
+
+
 class CatalogNotFound(IronicException):
     message = _("Service type %(service_type)s with endpoint type "
                 "%(endpoint_type)s not found in keystone service catalog.")

ironic/common/keystone.py

@@ -41,7 +41,7 @@ def _is_apiv3(auth_url, auth_version):
 def _get_ksclient():
     auth_url = CONF.keystone_authtoken.auth_uri
     if not auth_url:
-        raise exception.CatalogFailure(_('Keystone API endpoint is missing'))
+        raise exception.KeystoneFailure(_('Keystone API endpoint is missing'))
 
     auth_version = CONF.keystone_authtoken.auth_version
     api_v3 = _is_apiv3(auth_url, auth_version)
@@ -58,11 +58,10 @@ def _get_ksclient():
                          tenant_name=CONF.keystone_authtoken.admin_tenant_name,
                          auth_url=auth_url)
     except ksexception.Unauthorized:
-        raise exception.CatalogUnauthorized
+        raise exception.KeystoneUnauthorized()
     except ksexception.AuthorizationFailure as err:
-        raise exception.CatalogFailure(_('Could not perform authorization '
-                                         'process for service catalog: %s')
-                                          % err)
+        raise exception.KeystoneFailure(_('Could not authorize in Keystone:'
+                                          ' %s') % err)
 
 
 def get_keystone_url(auth_url, auth_version):
@@ -96,7 +95,7 @@ def get_service_url(service_type='baremetal', endpoint_type='internal'):
     ksclient = _get_ksclient()
 
     if not ksclient.has_service_catalog():
-        raise exception.CatalogFailure(_('No keystone service catalog loaded'))
+        raise exception.KeystoneFailure(_('No keystone service catalog loaded'))
 
     try:
         endpoint = ksclient.service_catalog.url_for(service_type=service_type,

ironic/drivers/modules/iscsi_deploy.py

@@ -401,9 +401,9 @@ def validate(task):
     try:
         # TODO(lucasagomes): Validate the format of the URL
         CONF.conductor.api_url or keystone.get_service_url()
-    except (exception.CatalogFailure,
+    except (exception.KeystoneFailure,
             exception.CatalogNotFound,
-            exception.CatalogUnauthorized):
+            exception.KeystoneUnauthorized):
         raise exception.InvalidParameterValue(_(
             "Couldn't get the URL of the Ironic API service from the "
             "configuration file or keystone catalog."))

ironic/tests/drivers/test_pxe.py

@@ -381,7 +381,7 @@ class PXEDriverTestCase(db_base.DbTestCase):
         mock_glance.return_value = {'properties': {'kernel_id': 'fake-kernel',
                                                    'ramdisk_id': 'fake-initr'}}
         # not present in the keystone catalog
-        mock_ks.side_effect = exception.CatalogFailure
+        mock_ks.side_effect = exception.KeystoneFailure
 
         with task_manager.acquire(self.context, self.node.uuid,
                                   shared=True) as task:
@@ -406,7 +406,7 @@ class PXEDriverTestCase(db_base.DbTestCase):
     @mock.patch.object(keystone, 'get_service_url')
     def test_validate_fail_no_api_url(self, mock_ks):
         # not present in the keystone catalog
-        mock_ks.side_effect = exception.CatalogFailure
+        mock_ks.side_effect = exception.KeystoneFailure
         # not present in the config file
         self.config(group='conductor', api_url=None)
 

ironic/tests/test_keystone.py

@@ -43,7 +43,7 @@ class KeystoneTestCase(base.TestCase):
                     admin_tenant_name='fake')
 
     def test_failure_authorization(self):
-        self.assertRaises(exception.CatalogFailure, keystone.get_service_url)
+        self.assertRaises(exception.KeystoneFailure, keystone.get_service_url)
 
     @mock.patch.object(FakeCatalog, 'url_for')
     @mock.patch('keystoneclient.v2_0.client.Client')
@@ -66,17 +66,17 @@ class KeystoneTestCase(base.TestCase):
     def test_no_catalog(self, mock_ks, mock_hsc):
         mock_hsc.return_value = False
         mock_ks.return_value = FakeClient()
-        self.assertRaises(exception.CatalogFailure, keystone.get_service_url)
+        self.assertRaises(exception.KeystoneFailure, keystone.get_service_url)
 
     @mock.patch('keystoneclient.v2_0.client.Client')
     def test_unauthorized(self, mock_ks):
         mock_ks.side_effect = ksexception.Unauthorized
-        self.assertRaises(exception.CatalogUnauthorized,
+        self.assertRaises(exception.KeystoneUnauthorized,
                           keystone.get_service_url)
 
     def test_get_service_url_fail_missing_auth_uri(self):
         self.config(group='keystone_authtoken', auth_uri=None)
-        self.assertRaises(exception.CatalogFailure,
+        self.assertRaises(exception.KeystoneFailure,
                           keystone.get_service_url)
 
     @mock.patch('keystoneclient.v2_0.client.Client')