diff options
Diffstat (limited to 'keystone-moon/keystone/contrib/moon/exception.py')
-rw-r--r-- | keystone-moon/keystone/contrib/moon/exception.py | 347 |
1 files changed, 63 insertions, 284 deletions
diff --git a/keystone-moon/keystone/contrib/moon/exception.py b/keystone-moon/keystone/contrib/moon/exception.py index 1339122c..fa985a2f 100644 --- a/keystone-moon/keystone/contrib/moon/exception.py +++ b/keystone-moon/keystone/contrib/moon/exception.py @@ -69,6 +69,20 @@ class TenantNoIntraExtension(TenantException): logger = "ERROR" +class TenantNoIntraAuthzExtension(TenantNoIntraExtension): + message_format = _("The tenant has not intra_authz_extension.") + code = 400 + title = 'Tenant No Intra_Authz_Extension' + logger = "ERROR" + + +class TenantNoIntraAdminExtension(TenantNoIntraExtension): + message_format = _("The tenant has not intra_admin_extension.") + code = 400 + title = 'Tenant No Intra_Admin_Extension' + logger = "ERROR" + + # Exceptions for IntraExtension @@ -93,500 +107,265 @@ class IntraExtensionCreationError(IntraExtensionException): # Authz exceptions - class AuthzException(MoonError): + message_format = _("There is an authorization error requesting this IntraExtension.") + code = 403 + title = 'Authz Exception' + logger = "AUTHZ" + + +# Admin exceptions + +class AdminException(MoonError): message_format = _("There is an error requesting this Authz IntraExtension.") code = 400 title = 'Authz Exception' logger = "AUTHZ" -class AuthzPerimeter(AuthzException): +class AdminMetaData(AdminException): code = 400 - title = 'Perimeter Exception' + title = 'Metadata Exception' -class AuthzScope(AuthzException): +class AdminPerimeter(AdminException): code = 400 - title = 'Scope Exception' + title = 'Perimeter Exception' -class AuthzMetadata(AuthzException): +class AdminScope(AdminException): code = 400 - title = 'Metadata Exception' + title = 'Scope Exception' -class AuthzAssignment(AuthzException): +class AdminAssignment(AdminException): code = 400 title = 'Assignment Exception' -class AuthzMetaRule(AuthzException): +class AdminMetaRule(AdminException): code = 400 title = 'Aggregation Algorithm Exception' -class AuthzRule(AuthzException): +class AdminRule(AdminException): code = 400 title = 'Rule Exception' -class SubjectCategoryNameExisting(AuthzMetadata): +class SubjectCategoryNameExisting(AdminMetaData): message_format = _("The given subject category name is existing.") code = 400 title = 'Subject Category Name Existing' logger = "ERROR" -class ObjectCategoryNameExisting(AuthzMetadata): +class ObjectCategoryNameExisting(AdminMetaData): message_format = _("The given object category name is existing.") code = 400 title = 'Object Category Name Existing' logger = "ERROR" -class ActionCategoryNameExisting(AuthzMetadata): +class ActionCategoryNameExisting(AdminMetaData): message_format = _("The given action category name is existing.") code = 400 title = 'Action Category Name Existing' logger = "ERROR" -class SubjectCategoryUnknown(AuthzMetadata): +class SubjectCategoryUnknown(AdminMetaData): message_format = _("The given subject category is unknown.") code = 400 title = 'Subject Category Unknown' logger = "ERROR" -class ObjectCategoryUnknown(AuthzMetadata): +class ObjectCategoryUnknown(AdminMetaData): message_format = _("The given object category is unknown.") code = 400 title = 'Object Category Unknown' logger = "ERROR" -class ActionCategoryUnknown(AuthzMetadata): +class ActionCategoryUnknown(AdminMetaData): message_format = _("The given action category is unknown.") code = 400 title = 'Action Category Unknown' logger = "ERROR" -class SubjectUnknown(AuthzPerimeter): +class SubjectUnknown(AdminPerimeter): message_format = _("The given subject is unknown.") code = 400 title = 'Subject Unknown' logger = "ERROR" -class ObjectUnknown(AuthzPerimeter): +class ObjectUnknown(AdminPerimeter): message_format = _("The given object is unknown.") code = 400 title = 'Object Unknown' logger = "ERROR" -class ActionUnknown(AuthzPerimeter): +class ActionUnknown(AdminPerimeter): message_format = _("The given action is unknown.") code = 400 title = 'Action Unknown' logger = "ERROR" -class SubjectNameExisting(AuthzPerimeter): +class SubjectNameExisting(AdminPerimeter): message_format = _("The given subject name is existing.") code = 400 title = 'Subject Name Existing' logger = "ERROR" -class ObjectNameExisting(AuthzPerimeter): +class ObjectNameExisting(AdminPerimeter): message_format = _("The given object name is existing.") code = 400 title = 'Object Name Existing' logger = "ERROR" -class ActionNameExisting(AuthzPerimeter): +class ActionNameExisting(AdminPerimeter): message_format = _("The given action name is existing.") code = 400 title = 'Action Name Existing' logger = "ERROR" -class SubjectScopeUnknown(AuthzScope): +class SubjectScopeUnknown(AdminScope): message_format = _("The given subject scope is unknown.") code = 400 title = 'Subject Scope Unknown' logger = "ERROR" -class ObjectScopeUnknown(AuthzScope): +class ObjectScopeUnknown(AdminScope): message_format = _("The given object scope is unknown.") code = 400 title = 'Object Scope Unknown' logger = "ERROR" -class ActionScopeUnknown(AuthzScope): +class ActionScopeUnknown(AdminScope): message_format = _("The given action scope is unknown.") code = 400 title = 'Action Scope Unknown' logger = "ERROR" -class SubjectScopeNameExisting(AuthzScope): +class SubjectScopeNameExisting(AdminScope): message_format = _("The given subject scope name is existing.") code = 400 title = 'Subject Scope Name Existing' logger = "ERROR" -class ObjectScopeNameExisting(AuthzScope): +class ObjectScopeNameExisting(AdminScope): message_format = _("The given object scope name is existing.") code = 400 title = 'Object Scope Name Existing' logger = "ERROR" -class ActionScopeNameExisting(AuthzScope): +class ActionScopeNameExisting(AdminScope): message_format = _("The given action scope name is existing.") code = 400 title = 'Action Scope Name Existing' logger = "ERROR" -class SubjectAssignmentOutOfScope(AuthzScope): - message_format = _("The given subject scope value is out of scope.") - code = 400 - title = 'Subject Assignment Out Of Scope' - logger = "WARNING" - - -class ActionAssignmentOutOfScope(AuthzScope): - message_format = _("The given action scope value is out of scope.") - code = 400 - title = 'Action Assignment Out Of Scope' - logger = "WARNING" - - -class ObjectAssignmentOutOfScope(AuthzScope): - message_format = _("The given object scope value is out of scope.") - code = 400 - title = 'Object Assignment Out Of Scope' - logger = "WARNING" - - -class SubjectAssignmentUnknown(AuthzAssignment): +class SubjectAssignmentUnknown(AdminAssignment): message_format = _("The given subject assignment value is unknown.") code = 400 title = 'Subject Assignment Unknown' logger = "ERROR" -class ObjectAssignmentUnknown(AuthzAssignment): +class ObjectAssignmentUnknown(AdminAssignment): message_format = _("The given object assignment value is unknown.") code = 400 title = 'Object Assignment Unknown' logger = "ERROR" -class ActionAssignmentUnknown(AuthzAssignment): +class ActionAssignmentUnknown(AdminAssignment): message_format = _("The given action assignment value is unknown.") code = 400 title = 'Action Assignment Unknown' logger = "ERROR" -class SubjectAssignmentExisting(AuthzAssignment): +class SubjectAssignmentExisting(AdminAssignment): message_format = _("The given subject assignment value is existing.") code = 400 title = 'Subject Assignment Existing' logger = "ERROR" -class ObjectAssignmentExisting(AuthzAssignment): +class ObjectAssignmentExisting(AdminAssignment): message_format = _("The given object assignment value is existing.") code = 400 title = 'Object Assignment Existing' logger = "ERROR" -class ActionAssignmentExisting(AuthzAssignment): +class ActionAssignmentExisting(AdminAssignment): message_format = _("The given action assignment value is existing.") code = 400 title = 'Action Assignment Existing' logger = "ERROR" -class AggregationAlgorithmNotExisting(AuthzMetadata): +class AggregationAlgorithmNotExisting(AdminMetaRule): message_format = _("The given aggregation algorithm is not existing.") code = 400 title = 'Aggregation Algorithm Not Existing' logger = "ERROR" -class AggregationAlgorithmUnknown(AuthzMetadata): +class AggregationAlgorithmUnknown(AdminMetaRule): message_format = _("The given aggregation algorithm is unknown.") code = 400 title = 'Aggregation Algorithm Unknown' logger = "ERROR" -class SubMetaRuleUnknown(AuthzMetadata): +class SubMetaRuleUnknown(AdminMetaRule): message_format = _("The given sub meta rule is unknown.") code = 400 title = 'Sub Meta Rule Unknown' logger = "ERROR" -class SubMetaRuleNameExisting(AuthzMetadata): +class SubMetaRuleNameExisting(AdminMetaRule): message_format = _("The sub meta rule name is existing.") code = 400 title = 'Sub Meta Rule Name Existing' logger = "ERROR" -class SubMetaRuleExisting(AuthzMetadata): +class SubMetaRuleExisting(AdminMetaRule): message_format = _("The sub meta rule is existing.") code = 400 title = 'Sub Meta Rule Existing' logger = "ERROR" -class RuleOKNotExisting(AuthzRule): - message_format = _("The positive rule for that request doen't exist.") - code = 400 - title = 'Rule OK Not Existing' - logger = "ERROR" - - -class RuleKOExisting(AuthzRule): - message_format = _("The request match a negative rule.") - code = 400 - title = 'Rule KO Existing' - logger = "ERROR" - - -class RuleExisting(AuthzRule): +class RuleExisting(AdminRule): message_format = _("The rule is existing.") code = 400 title = 'Rule Existing' logger = "ERROR" -class RuleUnknown(AuthzRule): +class RuleUnknown(AdminRule): message_format = _("The rule for that request doesn't exist.") code = 400 title = 'Rule Unknown' logger = "ERROR" - -class AddedRuleExisting(AuthzRule): - message_format = _("The added rule for that request is existing.") - code = 400 - title = 'Added Rule Existing' - logger = "ERROR" - - -# Admin exceptions - - -class AdminException(MoonError): - message_format = _("There is an authorization error requesting this IntraExtension.") - code = 403 - title = 'Admin Exception' - logger = "AUTHZ" - - -class AdminPerimeter(AuthzException): - title = 'Perimeter Exception' - - -class AdminScope(AuthzException): - title = 'Scope Exception' - - -class AdminMetadata(AuthzException): - title = 'Metadata Exception' - - -class AdminAssignment(AuthzException): - title = 'Assignment Exception' - - -class AdminRule(AuthzException): - title = 'Rule Exception' - -class AdminMetaRule(AuthzException): - title = 'MetaRule Exception' - - -class SubjectReadNotAuthorized(AdminPerimeter): - title = 'Subject Read Not Authorized' - - -class SubjectAddNotAuthorized(AdminPerimeter): - title = 'Subject Add Not Authorized' - - -class SubjectDelNotAuthorized(AdminPerimeter): - title = 'Subject Del Not Authorized' - - -class ObjectReadNotAuthorized(AdminPerimeter): - title = 'Object Read Not Authorized' - - -class ObjectAddNotAuthorized(AdminPerimeter): - title = 'Object Add Not Authorized' - - -class ObjectDelNotAuthorized(AdminPerimeter): - title = 'Object Del Not Authorized' - - -class ActionReadNotAuthorized(AdminPerimeter): - title = 'Action Read Not Authorized' - - -class ActionAddNotAuthorized(AdminPerimeter): - title = 'Action Add Not Authorized' - - -class ActionDelNotAuthorized(AdminPerimeter): - title = 'Action Del Not Authorized' - - -class SubjectScopeReadNotAuthorized(AuthzException): - title = 'Subject Scope Read Not Authorized' - - -class SubjectScopeAddNotAuthorized(AuthzException): - title = 'Subject Scope Add Not Authorized' - - -class SubjectScopeDelNotAuthorized(AuthzException): - title = 'Subject Scope Del Not Authorized' - - -class ObjectScopeReadNotAuthorized(AuthzException): - title = 'Object Scope Read Not Authorized' - - -class ObjectScopeAddNotAuthorized(AuthzException): - title = 'Object Scope Add Not Authorized' - - -class ObjectScopeDelNotAuthorized(AuthzException): - title = 'Object Scope Del Not Authorized' - - -class ActionScopeReadNotAuthorized(AuthzException): - title = 'Action Scope Read Not Authorized' - - -class ActionScopeAddNotAuthorized(AuthzException): - title = 'Action Scope Add Not Authorized' - - -class ActionScopeDelNotAuthorized(AuthzException): - title = 'Action Scope Del Not Authorized' - - -class SubjectCategoryReadNotAuthorized(AdminMetadata): - title = 'Subject Category Read Not Authorized' - logger = "AUTHZ" - - -class SubjectCategoryAddNotAuthorized(AdminMetadata): - title = 'Subject Category Add Not Authorized' - - -class SubjectCategoryDelNotAuthorized(AdminMetadata): - title = 'Subject Category Del Not Authorized' - - -class ObjectCategoryReadNotAuthorized(AdminMetadata): - title = 'Object Category Read Not Authorized' - - -class ObjectCategoryAddNotAuthorized(AdminMetadata): - title = 'Object Category Add Not Authorized' - - -class ObjectCategoryDelNotAuthorized(AdminMetadata): - title = 'Object Category Del Not Authorized' - - -class ActionCategoryReadNotAuthorized(AdminMetadata): - title = 'Action Category Read Not Authorized' - - -class ActionCategoryAddNotAuthorized(AdminMetadata): - title = 'Action Category Add Not Authorized' - - -class ActionCategoryDelNotAuthorized(AdminMetadata): - title = 'Action Category Del Not Authorized' - - -class SubjectAssignmentReadNotAuthorized(AdminAssignment): - title = 'Subject Assignment Read Not Authorized' - - -class SubjectAssignmentAddNotAuthorized(AdminAssignment): - title = 'Subject Assignment Add Not Authorized' - - -class SubjectAssignmentDelNotAuthorized(AdminAssignment): - title = 'Subject Assignment Del Not Authorized' - - -class ObjectAssignmentReadNotAuthorized(AdminAssignment): - title = 'Object Assignment Read Not Authorized' - - -class ObjectAssignmentAddNotAuthorized(AdminAssignment): - title = 'Object Assignment Add Not Authorized' - - -class ObjectAssignmentDelNotAuthorized(AdminAssignment): - title = 'Object Assignment Del Not Authorized' - - -class ActionAssignmentReadNotAuthorized(AdminAssignment): - title = 'Action Assignment Read Not Authorized' - - -class ActionAssignmentAddNotAuthorized(AdminAssignment): - title = 'Action Assignment Add Not Authorized' - - -class ActionAssignmentDelNotAuthorized(AdminAssignment): - title = 'Action Assignment Del Not Authorized' - - -class RuleReadNotAuthorized(AdminRule): - title = 'Rule Read Not Authorized' - - -class RuleAddNotAuthorized(AdminRule): - title = 'Rule Add Not Authorized' - - -class RuleDelNotAuthorized(AdminRule): - title = 'Rule Del Not Authorized' - - -class MetaRuleReadNotAuthorized(AdminRule): - title = 'MetaRule Read Not Authorized' - - -class MetaRuleAddNotAuthorized(AdminRule): - title = 'MetaRule Add Not Authorized' - - -class MetaRuleDelNotAuthorized(AdminRule): - title = 'MetaRule Del Not Authorized' |