keystone.exception.
AccountLocked
(message=None, **kwargs)[source]¶Bases: keystone.exception.Unauthorized
message_format
= u'The account is locked for user: %(user_id)s.'¶keystone.exception.
AdditionalAuthRequired
(auth_response=None, **kwargs)[source]¶Bases: keystone.exception.AuthPluginException
message_format
= u'Additional authentications steps required.'¶keystone.exception.
AmbiguityError
(message=None, **kwargs)[source]¶Bases: keystone.exception.ValidationError
message_format
= u"There are multiple %(resource)s entities named '%(name)s'. Please use ID instead of names to resolve the ambiguity."¶keystone.exception.
ApplicationCredentialAuthError
(*args, **kwargs)[source]¶Bases: keystone.exception.AuthPluginException
message_format
= u'Error authenticating with application credential: %(detail)s'¶keystone.exception.
ApplicationCredentialLimitExceeded
(message=None, **kwargs)[source]¶Bases: keystone.exception.ForbiddenNotSecurity
message_format
= u'Unable to create additional application credentials, maximum of %(limit)d already exceeded for user.'¶keystone.exception.
ApplicationCredentialNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find Application Credential: %(application_credential_id)s.'¶keystone.exception.
ApplicationCredentialValidationError
(message=None, **kwargs)[source]¶Bases: keystone.exception.ValidationError
message_format
= u'Invalid application credential: %(detail)s'¶keystone.exception.
AssignmentTypeCalculationError
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
debug_message_format
= u'Unexpected combination of grant attributes - User: %(user_id)s, Group: %(group_id)s, Project: %(project_id)s, Domain: %(domain_id)s.'¶keystone.exception.
AuthMethodNotSupported
(*args, **kwargs)[source]¶Bases: keystone.exception.AuthPluginException
message_format
= u'Attempted to authenticate with an unsupported method.'¶keystone.exception.
AuthPluginException
(*args, **kwargs)[source]¶Bases: keystone.exception.Unauthorized
message_format
= u'Authentication plugin error.'¶keystone.exception.
CircularRegionHierarchyError
(message=None, **kwargs)[source]¶Bases: keystone.exception.Error
code
= 400¶message_format
= u'The specified parent region %(parent_region_id)s would create a circular region hierarchy.'¶title
= 'Bad Request'¶keystone.exception.
ConfigFileNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
debug_message_format
= u'The Keystone configuration file %(config_file)s could not be found.'¶keystone.exception.
Conflict
(message=None, **kwargs)[source]¶Bases: keystone.exception.Error
code
= 409¶message_format
= u'Conflict occurred attempting to store %(type)s - %(details)s.'¶title
= 'Conflict'¶keystone.exception.
CredentialEncryptionError
[source]¶Bases: exceptions.Exception
message_format
= u'An unexpected error prevented the server from accessing encrypted credentials.'¶keystone.exception.
CredentialNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find credential: %(credential_id)s.'¶keystone.exception.
CrossBackendNotAllowed
(message=None, **kwargs)[source]¶Bases: keystone.exception.Forbidden
message_format
= u'Group membership across backend boundaries is not allowed. Group in question is %(group_id)s, user is %(user_id)s.'¶keystone.exception.
DirectMappingError
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
debug_message_format
= u"Local section in mapping %(mapping_id)s refers to a remote match that doesn't exist (e.g. {0} in a local section)."¶keystone.exception.
DomainConfigNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find %(group_or_option)s in domain configuration for domain %(domain_id)s.'¶keystone.exception.
DomainNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find domain: %(domain_id)s.'¶keystone.exception.
DomainSpecificRoleMismatch
(message=None, **kwargs)[source]¶Bases: keystone.exception.Forbidden
message_format
= u'Project %(project_id)s must be in the same domain as the role %(role_id)s being assigned.'¶keystone.exception.
DomainSpecificRoleNotWithinIdPDomain
(message=None, **kwargs)[source]¶Bases: keystone.exception.Forbidden
message_format
= u'role: %(role_name)s must be within the same domain as the identity provider: %(identity_provider)s.'¶keystone.exception.
EndpointGroupNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find Endpoint Group: %(endpoint_group_id)s.'¶keystone.exception.
EndpointNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find endpoint: %(endpoint_id)s.'¶keystone.exception.
Error
(message=None, **kwargs)[source]¶Bases: exceptions.Exception
Base error class.
Child classes should define an HTTP status code, title, and a message_format.
code
= None¶message_format
= None¶title
= None¶keystone.exception.
FederatedProtocolNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find federated protocol %(protocol_id)s for Identity Provider: %(idp_id)s.'¶keystone.exception.
Forbidden
(message=None, **kwargs)[source]¶Bases: keystone.exception.SecurityError
code
= 403¶message_format
= u'You are not authorized to perform the requested action.'¶title
= 'Forbidden'¶keystone.exception.
ForbiddenAction
(message=None, **kwargs)[source]¶Bases: keystone.exception.Forbidden
message_format
= u'You are not authorized to perform the requested action: %(action)s.'¶keystone.exception.
ForbiddenNotSecurity
(message=None, **kwargs)[source]¶Bases: keystone.exception.Error
When you want to return a 403 Forbidden response but not security.
Use this for errors where the message is always safe to present to the user and won’t give away extra information.
code
= 403¶title
= 'Forbidden'¶keystone.exception.
Gone
(message=None, **kwargs)[source]¶Bases: keystone.exception.Error
code
= 410¶message_format
= u'The service you have requested is no longer available on this server.'¶title
= 'Gone'¶keystone.exception.
GroupNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find group: %(group_id)s.'¶keystone.exception.
IdentityProviderNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find Identity Provider: %(idp_id)s.'¶keystone.exception.
ImpliedRoleNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'%(prior_role_id)s does not imply %(implied_role_id)s.'¶keystone.exception.
InsufficientAuthMethods
(message=None, **kwargs)[source]¶Bases: keystone.exception.Error
code
= 401¶message_format
= u'Insufficient auth methods received for %(user_id)s. Auth Methods Provided: %(methods)s.'¶title
= 'Unauthorized'¶keystone.exception.
InvalidDomainConfig
(message=None, **kwargs)[source]¶Bases: keystone.exception.Forbidden
message_format
= u'Invalid domain specific configuration: %(reason)s.'¶keystone.exception.
InvalidImpliedRole
(message=None, **kwargs)[source]¶Bases: keystone.exception.Forbidden
message_format
= u'%(role_id)s cannot be an implied roles.'¶keystone.exception.
InvalidOperatorError
(message=None, **kwargs)[source]¶Bases: keystone.exception.ValidationError
message_format
= u"The given operator %(_op)s is not valid. It must be one of the following: 'eq', 'neq', 'lt', 'lte', 'gt', or 'gte'."¶keystone.exception.
InvalidPolicyAssociation
(message=None, **kwargs)[source]¶Bases: keystone.exception.Forbidden
message_format
= u'Invalid mix of entities for policy association: only Endpoint, Service, or Region+Service allowed. Request was - Endpoint: %(endpoint_id)s, Service: %(service_id)s, Region: %(region_id)s.'¶keystone.exception.
KeysNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
debug_message_format
= u'No encryption keys found; run keystone-manage fernet_setup to bootstrap one.'¶keystone.exception.
LDAPInvalidCredentialsError
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
message_format
= u'Unable to authenticate against Identity backend - Invalid username or password'¶keystone.exception.
LDAPServerConnectionError
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
debug_message_format
= u'Unable to establish a connection to LDAP Server (%(url)s).'¶keystone.exception.
LDAPSizeLimitExceeded
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
message_format
= u'Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.'¶keystone.exception.
LimitNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find limit for %(id)s.'¶keystone.exception.
MalformedEndpoint
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
debug_message_format
= u'Malformed endpoint URL (%(endpoint)s), see ERROR log for details.'¶keystone.exception.
MappedGroupNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
debug_message_format
= u'Group %(group_id)s returned by mapping %(mapping_id)s was not found in the backend.'¶keystone.exception.
MappingNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find mapping: %(mapping_id)s.'¶keystone.exception.
MetadataFileError
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
debug_message_format
= u'Error while reading metadata file: %(reason)s.'¶keystone.exception.
MigrationNotProvided
(mod_name, path)[source]¶Bases: exceptions.Exception
keystone.exception.
MultipleSQLDriversInConfig
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
debug_message_format
= u'The Keystone domain-specific configuration has specified more than one SQL driver (only one is permitted): %(source)s.'¶keystone.exception.
NoLimitReference
(message=None, **kwargs)[source]¶Bases: keystone.exception.Forbidden
message_format
= u'Unable to create a limit that has no corresponding registered limit.'¶keystone.exception.
NotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.Error
code
= 404¶message_format
= u'Could not find: %(target)s.'¶title
= 'Not Found'¶keystone.exception.
NotImplemented
(message=None, **kwargs)[source]¶Bases: keystone.exception.Error
code
= 501¶message_format
= u'The action you have requested has not been implemented.'¶title
= 'Not Implemented'¶keystone.exception.
OAuthHeadersMissingError
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
debug_message_format
= u'No Authorization headers found, cannot proceed with OAuth related calls. If running under HTTPd or Apache, ensure WSGIPassAuthorization is set to On.'¶keystone.exception.
PasswordAgeValidationError
(message=None, **kwargs)[source]¶Bases: keystone.exception.PasswordValidationError
message_format
= u'You cannot change your password at this time due to the minimum password age. Once you change your password, it must be used for %(min_age_days)d day(s) before it can be changed. Please try again in %(days_left)d day(s) or contact your administrator to reset your password.'¶keystone.exception.
PasswordExpired
(message=None, **kwargs)[source]¶Bases: keystone.exception.Unauthorized
message_format
= u'The password is expired and needs to be changed for user: %(user_id)s.'¶keystone.exception.
PasswordHistoryValidationError
(message=None, **kwargs)[source]¶Bases: keystone.exception.PasswordValidationError
message_format
= u'The new password cannot be identical to a previous password. The total number whichincludes the new password must be unique is %(unique_count)s.'¶keystone.exception.
PasswordRequirementsValidationError
(message=None, **kwargs)[source]¶Bases: keystone.exception.PasswordValidationError
message_format
= u'The password does not match the requirements: %(detail)s.'¶keystone.exception.
PasswordValidationError
(message=None, **kwargs)[source]¶Bases: keystone.exception.ValidationError
message_format
= u'Password validation error: %(detail)s.'¶keystone.exception.
PasswordVerificationError
(message=None, **kwargs)[source]¶Bases: keystone.exception.ForbiddenNotSecurity
message_format
= u'The password length must be less than or equal to %(size)i. The server could not comply with the request because the password is invalid.'¶keystone.exception.
PolicyAssociationNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find policy association.'¶keystone.exception.
PolicyNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find policy: %(policy_id)s.'¶keystone.exception.
ProjectNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find project: %(project_id)s.'¶keystone.exception.
ProjectTagNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find project tag: %(project_tag)s.'¶keystone.exception.
PublicIDNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= '%(id)s'¶keystone.exception.
RegionDeletionError
(message=None, **kwargs)[source]¶Bases: keystone.exception.ForbiddenNotSecurity
message_format
= u'Unable to delete region %(region_id)s because it or its child regions have associated endpoints.'¶keystone.exception.
RegionNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find region: %(region_id)s.'¶keystone.exception.
RegisteredLimitError
(message=None, **kwargs)[source]¶Bases: keystone.exception.ForbiddenNotSecurity
message_format
= u'Unable to update or delete registered limit %(id)s because there are project limits associated with it.'¶keystone.exception.
RegisteredLimitNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find registered limit for %(id)s.'¶keystone.exception.
RoleAssignmentNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find role assignment with role: %(role_id)s, user or group: %(actor_id)s, project, domain, or system: %(target_id)s.'¶keystone.exception.
RoleNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find role: %(role_id)s.'¶keystone.exception.
SAMLSigningError
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
debug_message_format
= u'Unable to sign SAML assertion. It is likely that this server does not have xmlsec1 installed or this is the result of misconfiguration. Reason %(reason)s.'¶keystone.exception.
SchemaValidationError
(message=None, **kwargs)[source]¶Bases: keystone.exception.ValidationError
message_format
= u'%(detail)s'¶keystone.exception.
SecurityError
(message=None, **kwargs)[source]¶Bases: keystone.exception.Error
Security error exception.
Avoids exposing details of security errors, unless in insecure_debug mode.
amendment
= u'(Disable insecure_debug mode to suppress these details.)'¶keystone.exception.
ServiceNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find service: %(service_id)s.'¶keystone.exception.
ServiceProviderNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find Service Provider: %(sp_id)s.'¶keystone.exception.
StringLengthExceeded
(message=None, **kwargs)[source]¶Bases: keystone.exception.ValidationError
message_format
= u"String length exceeded. The length of string '%(string)s' exceeds the limit of column %(type)s(CHAR(%(length)d))."¶keystone.exception.
TokenNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find token: %(token_id)s.'¶keystone.exception.
TokenlessAuthConfigError
(message=None, **kwargs)[source]¶Bases: keystone.exception.ValidationError
message_format
= u'Could not determine Identity Provider ID. The configuration option %(issuer_attribute)s was not found in the request environment.'¶keystone.exception.
TrustConsumeMaximumAttempt
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
debug_message_format
= u'Unable to consume trust %(trust_id)s. Unable to acquire lock.'¶keystone.exception.
TrustNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find trust: %(trust_id)s.'¶keystone.exception.
TrustUseLimitReached
(message=None, **kwargs)[source]¶Bases: keystone.exception.Forbidden
message_format
= u'No remaining uses for trust: %(trust_id)s.'¶keystone.exception.
URLValidationError
(message=None, **kwargs)[source]¶Bases: keystone.exception.ValidationError
message_format
= u'Cannot create an endpoint with an invalid URL: %(url)s.'¶keystone.exception.
UnexpectedError
(message=None, **kwargs)[source]¶Bases: keystone.exception.SecurityError
Avoids exposing details of failures, unless in insecure_debug mode.
code
= 500¶debug_message_format
= u'An unexpected error prevented the server from fulfilling your request: %(exception)s.'¶message_format
= u'An unexpected error prevented the server from fulfilling your request.'¶title
= 'Internal Server Error'¶keystone.exception.
UnsupportedTokenVersionException
(message=None, **kwargs)[source]¶Bases: keystone.exception.UnexpectedError
debug_message_format
= u'Token version is unrecognizable or unsupported.'¶keystone.exception.
UserDisabled
(message=None, **kwargs)[source]¶Bases: keystone.exception.Unauthorized
message_format
= u'The account is disabled for user: %(user_id)s.'¶keystone.exception.
UserNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find user: %(user_id)s.'¶keystone.exception.
ValidationError
(message=None, **kwargs)[source]¶Bases: keystone.exception.Error
code
= 400¶message_format
= u'Expecting to find %(attribute)s in %(target)s. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.'¶title
= 'Bad Request'¶keystone.exception.
ValidationExpirationError
(message=None, **kwargs)[source]¶Bases: keystone.exception.Error
code
= 400¶message_format
= u"The 'expires_at' must not be before now. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error."¶title
= 'Bad Request'¶keystone.exception.
ValidationSizeError
(message=None, **kwargs)[source]¶Bases: keystone.exception.Error
code
= 400¶message_format
= u'Request attribute %(attribute)s must be less than or equal to %(size)i. The server could not comply with the request because the attribute size is invalid (too large). The client is assumed to be in error.'¶title
= 'Bad Request'¶keystone.exception.
ValidationTimeStampError
(message=None, **kwargs)[source]¶Bases: keystone.exception.Error
code
= 400¶message_format
= u'Timestamp not in expected format. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.'¶title
= 'Bad Request'¶keystone.exception.
VersionNotFound
(message=None, **kwargs)[source]¶Bases: keystone.exception.NotFound
message_format
= u'Could not find version: %(version)s.'¶oslo.i18n integration module.
See https://docs.openstack.org/oslo.i18n/latest/user/usage.html .
Notifications module for OpenStack Identity Service resources.
keystone.notifications.
ACTIONS
= NotificationActions(created='created', deleted='deleted', disabled='disabled', updated='updated', internal='internal')¶The actions on resources.
keystone.notifications.
Audit
[source]¶Bases: object
Namespace for audit notification functions.
This is a namespace object to contain all of the direct notification
functions utilized for Manager
methods.
added_to
(target_type, target_id, actor_type, actor_id, initiator=None, public=True, reason=None)[source]¶keystone.notifications.
CadfNotificationWrapper
(operation)[source]¶Bases: object
Send CADF event notifications for various methods.
This function is only used for Authentication events. Its action
and
event_type
are dictated below.
authenticate
identity.authenticate
Sends CADF notifications for events such as whether an authentication was successful or not.
Parameters: | operation – The authentication related action being performed |
---|
keystone.notifications.
CadfRoleAssignmentNotificationWrapper
(operation)[source]¶Bases: object
Send CADF notifications for role_assignment
methods.
This function is only used for role assignment events. Its action
and
event_type
are dictated below.
created.role_assignment
or deleted.role_assignment
identity.role_assignment.created
oridentity.role_assignment.deleted
Sends a CADF notification if the wrapped method does not raise an
Exception
(such as keystone.exception.NotFound
).
Parameters: | operation – one of the values from ACTIONS (created or deleted) |
---|
ROLE_ASSIGNMENT
= 'role_assignment'¶keystone.notifications.
clear_subscribers
()[source]¶Empty subscribers dictionary.
This effectively stops notifications since there will be no subscribers to publish to.
keystone.notifications.
emit_event
¶alias of CadfNotificationWrapper
keystone.notifications.
listener
(cls)[source]¶A class decorator to declare a class to be a notification listener.
A notification listener must specify the event(s) it is interested in by
defining a event_callbacks
attribute or property. event_callbacks
is a dictionary where the key is the type of event and the value is a
dictionary containing a mapping of resource types to callback(s).
ACTIONS
contains constants for the currently
supported events. There is currently no single place to find constants for
the resource types.
Example:
@listener
class Something(object):
def __init__(self):
self.event_callbacks = {
notifications.ACTIONS.created: {
'user': self._user_created_callback,
},
notifications.ACTIONS.deleted: {
'project': [
self._project_deleted_callback,
self._do_cleanup,
]
},
}
keystone.notifications.
notify_event_callbacks
(service, resource_type, operation, payload)[source]¶Send a notification to registered extensions.
keystone.notifications.
register_event_callback
(event, resource_type, callbacks)[source]¶Register each callback with the event.
Parameters: |
|
---|---|
Raises: |
|
keystone.notifications.
reset_notifier
()[source]¶Reset the notifications internal state.
This is used only for testing purposes.
keystone.notifications.
role_assignment
¶keystone.notifications.
send_saml_audit_notification
(action, request, user_id, group_ids, identity_provider, protocol, token_id, outcome)[source]¶Send notification to inform observers about SAML events.
Parameters: |
|
---|
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.