Python keystoneauth1.exceptions.Unauthorized() Examples
The following are 8
code examples of keystoneauth1.exceptions.Unauthorized().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
keystoneauth1.exceptions
, or try the search function
.
.
Example #1
| Source File: keystone.py From vdi-broker with Apache License 2.0 | 5 votes |
|
def create_trust(ctxt):
LOG.debug("Creating Keystone trust")
trusts_auth_plugin = _get_trusts_auth_plugin()
loader = loading.get_plugin_loader("v3token")
auth = loader.load_from_options(
auth_url=trusts_auth_plugin.auth_url,
token=ctxt.auth_token,
project_name=ctxt.project_name,
project_domain_name=ctxt.project_domain)
session = ks_session.Session(
auth=auth, verify=not CONF.keystone.allow_untrusted)
try:
trustee_user_id = trusts_auth_plugin.get_user_id(session)
except ks_exceptions.Unauthorized as ex:
LOG.exception(ex)
raise exception.NotAuthorized("Trustee authentication failed")
trustor_user_id = ctxt.user
trustor_proj_id = ctxt.tenant
roles = ctxt.roles
LOG.debug("Granting Keystone trust. Trustor: %(trustor_user_id)s, trustee:"
" %(trustee_user_id)s, project: %(trustor_proj_id)s, roles:"
" %(roles)s",
{"trustor_user_id": trustor_user_id,
"trustee_user_id": trustee_user_id,
"trustor_proj_id": trustor_proj_id,
"roles": roles})
# Trusts are not supported before Keystone v3
client = kc_v3.Client(session=session)
trust = client.trusts.create(trustor_user=trustor_user_id,
trustee_user=trustee_user_id,
project=trustor_proj_id,
impersonation=True,
role_names=roles)
LOG.debug("Trust id: %s" % trust.id)
return trust.id
Example #2
| Source File: osclients.py From rally-openstack with Apache License 2.0 | 5 votes |
|
def __init__(self, error, url, username, project):
kwargs = {
"error": error,
"url": url,
"username": username,
"project": project
}
self._helpful_trace = False
from keystoneauth1 import exceptions as ks_exc
if isinstance(error, (ks_exc.ConnectionError,
ks_exc.DiscoveryFailure)):
# this type of errors is general for all users no need to include
# username, project name. The original error message should be
# self-sufficient
self.msg_fmt = self.msg_fmt_2
message = error.message
if (message.startswith("Unable to establish connection to")
or isinstance(error, ks_exc.DiscoveryFailure)):
if "Max retries exceeded with url" in message:
if "HTTPConnectionPool" in message:
splitter = ": HTTPConnectionPool"
else:
splitter = ": HTTPSConnectionPool"
message = message.split(splitter, 1)[0]
elif isinstance(error, ks_exc.Unauthorized):
message = error.message.split(" (HTTP 401)", 1)[0]
else:
# something unexpected. include exception class as well.
self._helpful_trace = True
message = "[%s] %s" % (error.__class__.__name__, str(error))
super(AuthenticationFailed, self).__init__(message=message, **kwargs)
Example #3
| Source File: openstack_driver.py From tacker with Apache License 2.0 | 5 votes |
|
def discover_placement_attr(self, vim_obj, ks_client):
"""Fetch VIM placement information
Attributes can include regions, AZ.
"""
try:
regions_list = self._find_regions(ks_client)
except (exceptions.Unauthorized, exceptions.BadRequest) as e:
LOG.warning("Authorization failed for user")
raise nfvo.VimUnauthorizedException(message=e.message)
vim_obj['placement_attr'] = {'regions': regions_list}
return vim_obj
Example #4
| Source File: test_openstack_driver.py From tacker with Apache License 2.0 | 5 votes |
|
def test_register_vim_invalid_auth(self):
attrs = {'regions.list.side_effect': exceptions.Unauthorized}
self._test_register_vim_auth(attrs)
Example #5
| Source File: utils.py From monasca-notification with Apache License 2.0 | 5 votes |
|
def get_auth_token():
error_message = 'Keystone request failed: {}'
try:
session = get_keystone_session()
auth_token = session.get_token()
return auth_token
except (kaexception.Unauthorized, kaexception.DiscoveryFailure) as e:
LOG.exception(error_message.format(six.text_type(e)))
raise
except Exception as e:
LOG.exception(error_message.format(six.text_type(e)))
raise
Example #6
| Source File: rackspace.py From cloudstorage with MIT License | 5 votes |
|
def validate_credentials(self) -> None:
try:
self.conn.auth_token
except Unauthorized as err:
raise CredentialsError(str(err))
Example #7
| Source File: query.py From zun with Apache License 2.0 | 4 votes |
|
def select_destinations(self, context, containers, extra_specs):
LOG.debug("Starting to schedule for containers: %s",
[c.uuid for c in containers])
if not self.traits_ensured:
self.placement_client._ensure_traits(context, consts.CUSTOM_TRAITS)
self.traits_ensured = True
alloc_reqs_by_rp_uuid, provider_summaries, allocation_request_version \
= None, None, None
request_filter.process_reqspec(context, extra_specs)
resources = utils.resources_from_request_spec(
context, containers[0], extra_specs)
try:
res = self.placement_client.get_allocation_candidates(context,
resources)
(alloc_reqs, provider_summaries, allocation_request_version) = res
except (ks_exc.EndpointNotFound,
ks_exc.MissingAuthPlugin,
ks_exc.Unauthorized,
ks_exc.DiscoveryFailure,
ks_exc.ConnectFailure):
# We have to handle the case that we failed to connect to the
# Placement service.
alloc_reqs, provider_summaries, allocation_request_version = (
None, None, None)
if not alloc_reqs:
LOG.info("Got no allocation candidates from the Placement "
"API. This could be due to insufficient resources "
"or a temporary occurrence as compute nodes start "
"up.")
raise exception.NoValidHost(reason="")
else:
# Build a dict of lists of allocation requests, keyed by
# provider UUID, so that when we attempt to claim resources for
# a host, we can grab an allocation request easily
alloc_reqs_by_rp_uuid = collections.defaultdict(list)
for ar in alloc_reqs:
for rp_uuid in ar['allocations']:
alloc_reqs_by_rp_uuid[rp_uuid].append(ar)
selections = self.driver.select_destinations(
context, containers, extra_specs, alloc_reqs_by_rp_uuid,
provider_summaries, allocation_request_version)
return selections
Example #8
| Source File: keystone.py From coriolis with GNU Affero General Public License v3.0 | 4 votes |
|
def create_trust(ctxt):
if ctxt.trust_id:
return
LOG.debug("Creating Keystone trust")
trusts_auth_plugin = _get_trusts_auth_plugin()
loader = loading.get_plugin_loader("v3token")
auth = loader.load_from_options(
auth_url=trusts_auth_plugin.auth_url,
token=ctxt.auth_token,
project_name=ctxt.project_name,
project_domain_name=ctxt.project_domain_name)
session = ks_session.Session(
auth=auth, verify=not CONF.keystone.allow_untrusted)
try:
trustee_user_id = trusts_auth_plugin.get_user_id(session)
except ks_exceptions.Unauthorized as ex:
LOG.exception(ex)
raise exception.NotAuthorized("Trustee authentication failed")
trustor_user_id = ctxt.user
trustor_proj_id = ctxt.tenant
roles = ctxt.roles
LOG.debug("Granting Keystone trust. Trustor: %(trustor_user_id)s, trustee:"
" %(trustee_user_id)s, project: %(trustor_proj_id)s, roles:"
" %(roles)s",
{"trustor_user_id": trustor_user_id,
"trustee_user_id": trustee_user_id,
"trustor_proj_id": trustor_proj_id,
"roles": roles})
# Trusts are not supported before Keystone v3
client = kc_v3.Client(session=session)
trust = client.trusts.create(trustor_user=trustor_user_id,
trustee_user=trustee_user_id,
project=trustor_proj_id,
impersonation=True,
role_names=roles)
LOG.debug("Trust id: %s" % trust.id)
ctxt.trust_id = trust.id
