keystone.exception module¶
- exceptionkeystone.exception.AccessRuleNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find Access Rule: %(access_rule_id)s.'¶
- exceptionkeystone.exception.AccountLocked(message=None, **kwargs)[source] ¶
Bases:
Unauthorized- message_format:str|None='The account is locked for user: %(user_id)s.'¶
- exceptionkeystone.exception.AdditionalAuthRequired(auth_response=None, **kwargs)[source] ¶
Bases:
AuthPluginException- message_format:str|None='Additional authentications steps required.'¶
- exceptionkeystone.exception.AmbiguityError(message=None, **kwargs)[source] ¶
Bases:
ValidationError- message_format:str|None="There are multiple %(resource)s entities named '%(name)s'. Please use ID instead of names to resolve the ambiguity."¶
- exceptionkeystone.exception.ApplicationCredentialAuthError(*args, **kwargs)[source] ¶
Bases:
AuthPluginException- message_format:str|None='Error authenticating with application credential: %(detail)s'¶
- exceptionkeystone.exception.ApplicationCredentialLimitExceeded(message=None, **kwargs)[source] ¶
Bases:
ForbiddenNotSecurity- message_format:str|None='Unable to create additional application credentials, maximum of %(limit)d already exceeded for user.'¶
- exceptionkeystone.exception.ApplicationCredentialNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find Application Credential: %(application_credential_id)s.'¶
- exceptionkeystone.exception.ApplicationCredentialValidationError(message=None, **kwargs)[source] ¶
Bases:
ValidationError- message_format:str|None='Invalid application credential: %(detail)s'¶
- exceptionkeystone.exception.AssignmentTypeCalculationError(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- debug_message_format='Unexpected combination of grant attributes - User: %(user_id)s, Group: %(group_id)s, Project: %(project_id)s, Domain: %(domain_id)s.'¶
- exceptionkeystone.exception.AuthMethodNotSupported(*args, **kwargs)[source] ¶
Bases:
AuthPluginException- message_format:str|None='Attempted to authenticate with an unsupported method.'¶
- exceptionkeystone.exception.AuthPluginException(*args, **kwargs)[source] ¶
Bases:
Unauthorized- message_format:str|None='Authentication plugin error.'¶
- exceptionkeystone.exception.CircularRegionHierarchyError(message=None, **kwargs)[source] ¶
Bases:
Error- code:int|None=400¶
- message_format:str|None='The specified parent region %(parent_region_id)s would create a circular region hierarchy.'¶
- title:str|None='Bad Request'¶
- exceptionkeystone.exception.ConfigFileNotFound(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- debug_message_format='The Keystone configuration file %(config_file)s could not be found.'¶
- exceptionkeystone.exception.Conflict(message=None, **kwargs)[source] ¶
Bases:
Error- code:int|None=409¶
- message_format:str|None='Conflict occurred attempting to store %(type)s - %(details)s.'¶
- title:str|None='Conflict'¶
- exceptionkeystone.exception.CredentialEncryptionError[source] ¶
Bases:
Exception- message_format='An unexpected error prevented the server from accessing encrypted credentials.'¶
- exceptionkeystone.exception.CredentialLimitExceeded(message=None, **kwargs)[source] ¶
Bases:
ForbiddenNotSecurity- message_format:str|None='Unable to create additional credentials, maximum of %(limit)d already exceeded for user.'¶
- exceptionkeystone.exception.CredentialNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find credential: %(credential_id)s.'¶
- exceptionkeystone.exception.CrossBackendNotAllowed(message=None, **kwargs)[source] ¶
Bases:
Forbidden- message_format:str|None='Group membership across backend boundaries is not allowed. Group in question is %(group_id)s, user is %(user_id)s.'¶
- exceptionkeystone.exception.DirectMappingError(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- debug_message_format="Local section in mapping %(mapping_id)s refers to a remote match that doesn't exist (e.g. {0} in a local section)."¶
- exceptionkeystone.exception.DomainConfigNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find %(group_or_option)s in domain configuration for domain %(domain_id)s.'¶
- exceptionkeystone.exception.DomainIdInvalid(message=None, **kwargs)[source] ¶
Bases:
ValidationError- message_format:str|None='Domain ID does not conform to required UUID format.'¶
- exceptionkeystone.exception.DomainNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find domain: %(domain_id)s.'¶
- exceptionkeystone.exception.DomainSpecificRoleMismatch(message=None, **kwargs)[source] ¶
Bases:
Forbidden- message_format:str|None='Project %(project_id)s must be in the same domain as the role %(role_id)s being assigned.'¶
- exceptionkeystone.exception.DomainSpecificRoleNotWithinIdPDomain(message=None, **kwargs)[source] ¶
Bases:
Forbidden- message_format:str|None='role: %(role_name)s must be within the same domain as the identity provider: %(identity_provider)s.'¶
- exceptionkeystone.exception.EndpointGroupNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find Endpoint Group: %(endpoint_group_id)s.'¶
- exceptionkeystone.exception.EndpointNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find endpoint: %(endpoint_id)s.'¶
- exceptionkeystone.exception.Error(message=None, **kwargs)[source] ¶
Bases:
ExceptionBase error class.
Child classes should define an HTTP status code, title, and a message_format.
- code:int|None=None¶
- message_format:str|None=None¶
- title:str|None=None¶
- exceptionkeystone.exception.FederatedProtocolNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find federated protocol %(protocol_id)s for Identity Provider: %(idp_id)s.'¶
- exceptionkeystone.exception.Forbidden(message=None, **kwargs)[source] ¶
Bases:
SecurityError- code:int|None=403¶
- message_format:str|None='You are not authorized to perform the requested action.'¶
- title:str|None='Forbidden'¶
- exceptionkeystone.exception.ForbiddenAction(message=None, **kwargs)[source] ¶
Bases:
Forbidden- message_format:str|None='You are not authorized to perform the requested action: %(action)s.'¶
- exceptionkeystone.exception.ForbiddenNotSecurity(message=None, **kwargs)[source] ¶
Bases:
ErrorWhen you want to return a 403 Forbidden response but not security.
Use this for errors where the message is always safe to present to the user and won’t give away extra information.
- code:int|None=403¶
- title:str|None='Forbidden'¶
- exceptionkeystone.exception.Gone(message=None, **kwargs)[source] ¶
Bases:
Error- code:int|None=410¶
- message_format:str|None='The service you have requested is no longer available on this server.'¶
- title:str|None='Gone'¶
- exceptionkeystone.exception.GroupNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find group: %(group_id)s.'¶
- exceptionkeystone.exception.IdentityProviderNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find Identity Provider: %(idp_id)s.'¶
- exceptionkeystone.exception.ImpliedRoleNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='%(prior_role_id)s does not imply %(implied_role_id)s.'¶
- exceptionkeystone.exception.InsufficientAuthMethods(message=None, user_id=None, methods=None)[source] ¶
Bases:
Error- code:int|None=401¶
- message_format:str|None='Insufficient auth methods received for %(user_id)s. Auth Methods Provided: %(methods)s.'¶
- title:str|None='Unauthorized'¶
- exceptionkeystone.exception.InvalidDomainConfig(message=None, **kwargs)[source] ¶
Bases:
Forbidden- message_format:str|None='Invalid domain specific configuration: %(reason)s.'¶
- exceptionkeystone.exception.InvalidImpliedRole(message=None, **kwargs)[source] ¶
Bases:
Forbidden- message_format:str|None='%(role_id)s cannot be an implied roles.'¶
- exceptionkeystone.exception.InvalidLimit(message=None, **kwargs)[source] ¶
Bases:
Forbidden- message_format:str|None='Invalid resource limit: %(reason)s.'¶
- exceptionkeystone.exception.InvalidOperatorError(message=None, **kwargs)[source] ¶
Bases:
ValidationError- message_format:str|None="The given operator %(_op)s is not valid. It must be one of the following: 'eq', 'neq', 'lt', 'lte', 'gt', or 'gte'."¶
- exceptionkeystone.exception.InvalidPolicyAssociation(message=None, **kwargs)[source] ¶
Bases:
Forbidden- message_format:str|None='Invalid mix of entities for policy association: only Endpoint, Service, or Region+Service allowed. Request was - Endpoint: %(endpoint_id)s, Service: %(service_id)s, Region: %(region_id)s.'¶
- exceptionkeystone.exception.KeysNotFound(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- debug_message_format='No encryption keys found; run keystone-manage fernet_setup to bootstrap one.'¶
- exceptionkeystone.exception.LDAPInvalidCredentialsError(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- message_format:str|None='Unable to authenticate against Identity backend - Invalid username or password'¶
- exceptionkeystone.exception.LDAPServerConnectionError(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- debug_message_format='Unable to establish a connection to LDAP Server (%(url)s).'¶
- exceptionkeystone.exception.LDAPSizeLimitExceeded(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- message_format:str|None='Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.'¶
- exceptionkeystone.exception.LimitNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find limit for %(id)s.'¶
- exceptionkeystone.exception.LimitTreeExceedError(project_id, max_limit_depth)[source] ¶
Bases:
Exception
- exceptionkeystone.exception.MalformedEndpoint(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- debug_message_format='Malformed endpoint URL (%(endpoint)s), see ERROR log for details.'¶
- exceptionkeystone.exception.MappedGroupNotFound(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- debug_message_format='Group %(group_id)s returned by mapping %(mapping_id)s was not found in the backend.'¶
- exceptionkeystone.exception.MappingNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find mapping: %(mapping_id)s.'¶
- exceptionkeystone.exception.MarkerNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Marker %(marker)s could not be found.'¶
- exceptionkeystone.exception.MetadataFileError(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- debug_message_format='Error while reading metadata file: %(reason)s.'¶
- exceptionkeystone.exception.MultipleSQLDriversInConfig(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- debug_message_format='The Keystone domain-specific configuration has specified more than one SQL driver (only one is permitted): %(source)s.'¶
- exceptionkeystone.exception.NoLimitReference(message=None, **kwargs)[source] ¶
Bases:
Forbidden- message_format:str|None='Unable to create a limit that has no corresponding registered limit.'¶
- exceptionkeystone.exception.NotFound(message=None, **kwargs)[source] ¶
Bases:
Error- code:int|None=404¶
- message_format:str|None='Could not find: %(target)s.'¶
- title:str|None='Not Found'¶
- exceptionkeystone.exception.NotImplemented(message=None, **kwargs)[source] ¶
Bases:
Error- code:int|None=501¶
- message_format:str|None='The action you have requested has not been implemented.'¶
- title:str|None='Not Implemented'¶
- exceptionkeystone.exception.OAuth2InvalidClient(code, title, message)[source] ¶
Bases:
OAuth2Error
- exceptionkeystone.exception.OAuth2InvalidRequest(code, title, message)[source] ¶
Bases:
OAuth2Error
- exceptionkeystone.exception.OAuth2OtherError(code, title, message)[source] ¶
Bases:
OAuth2Error
- exceptionkeystone.exception.OAuth2UnsupportedGrantType(code, title, message)[source] ¶
Bases:
OAuth2Error
- exceptionkeystone.exception.OAuthHeadersMissingError(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- debug_message_format='No Authorization headers found, cannot proceed with OAuth related calls. If running under HTTPd or Apache, ensure WSGIPassAuthorization is set to On.'¶
- exceptionkeystone.exception.PasswordAgeValidationError(message=None, **kwargs)[source] ¶
Bases:
PasswordValidationError- message_format:str|None='You cannot change your password at this time due to the minimum password age. Once you change your password, it must be used for %(min_age_days)d day(s) before it can be changed. Please try again in %(days_left)d day(s) or contact your administrator to reset your password.'¶
- exceptionkeystone.exception.PasswordExpired(message=None, **kwargs)[source] ¶
Bases:
Unauthorized- message_format:str|None='The password is expired and needs to be changed for user: %(user_id)s.'¶
- exceptionkeystone.exception.PasswordHistoryValidationError(message=None, **kwargs)[source] ¶
Bases:
PasswordValidationError- message_format:str|None='The new password cannot be identical to a previous password. The total number which includes the new password must be unique is %(unique_count)s.'¶
- exceptionkeystone.exception.PasswordRequirementsValidationError(message=None, **kwargs)[source] ¶
Bases:
PasswordValidationError- message_format:str|None='The password does not match the requirements: %(detail)s.'¶
- exceptionkeystone.exception.PasswordSelfServiceDisabled(message=None, **kwargs)[source] ¶
Bases:
PasswordValidationError- message_format:str|None='You cannot change your password at this time due to password policy disallowing password changes. Please contact your administrator to reset your password.'¶
- exceptionkeystone.exception.PasswordValidationError(message=None, **kwargs)[source] ¶
Bases:
ValidationError- message_format:str|None='Password validation error: %(detail)s.'¶
- exceptionkeystone.exception.PasswordVerificationError(message=None, **kwargs)[source] ¶
Bases:
ForbiddenNotSecurity- message_format:str|None='The password length must be less than or equal to %(size)i. The server could not comply with the request because the password is invalid.'¶
- exceptionkeystone.exception.PolicyAssociationNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find policy association.'¶
- exceptionkeystone.exception.PolicyNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find policy: %(policy_id)s.'¶
- exceptionkeystone.exception.ProjectNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find project: %(project_id)s.'¶
- exceptionkeystone.exception.ProjectTagNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find project tag: %(project_tag)s.'¶
- exceptionkeystone.exception.PublicIDNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='%(id)s'¶
- exceptionkeystone.exception.ReceiptNotFound(message=None, **kwargs)[source] ¶
Bases:
Unauthorized- message_format:str|None='Could not find auth receipt: %(receipt_id)s.'¶
- exceptionkeystone.exception.RedirectRequired(redirect_url, **kwargs)[source] ¶
Bases:
ExceptionError class for redirection.
Child classes should define an HTTP redirect url message_format.
- code=302¶
- redirect_url=None¶
- exceptionkeystone.exception.RegionDeletionError(message=None, **kwargs)[source] ¶
Bases:
ForbiddenNotSecurity- message_format:str|None='Unable to delete region %(region_id)s because it or its child regions have associated endpoints.'¶
- exceptionkeystone.exception.RegionNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find region: %(region_id)s.'¶
- exceptionkeystone.exception.RegisteredLimitError(message=None, **kwargs)[source] ¶
Bases:
ForbiddenNotSecurity- message_format:str|None='Unable to update or delete registered limit %(id)s because there are project limits associated with it.'¶
- exceptionkeystone.exception.RegisteredLimitNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find registered limit for %(id)s.'¶
- exceptionkeystone.exception.ResourceDeleteForbidden(message=None, **kwargs)[source] ¶
Bases:
ForbiddenNotSecurity- message_format:str|None='Unable to delete immutable %(type)s resource: `%(resource_id)s. Set resource option "immutable" to false first.'¶
- exceptionkeystone.exception.ResourceUpdateForbidden(message=None, **kwargs)[source] ¶
Bases:
ForbiddenNotSecurity- message_format:str|None='Unable to update immutable %(type)s resource: `%(resource_id)s. Set resource option "immutable" to false first.'¶
- exceptionkeystone.exception.RoleAssignmentNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find role assignment with role: %(role_id)s, user or group: %(actor_id)s, project, domain, or system: %(target_id)s.'¶
- exceptionkeystone.exception.RoleNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find role: %(role_id)s.'¶
- exceptionkeystone.exception.SAMLSigningError(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- debug_message_format='Unable to sign SAML assertion. It is likely that this server does not have xmlsec1 installed or this is the result of misconfiguration. Reason %(reason)s.'¶
- exceptionkeystone.exception.SchemaValidationError(message=None, **kwargs)[source] ¶
Bases:
ValidationError- message_format:str|None='%(detail)s'¶
- exceptionkeystone.exception.SecurityError(message=None, **kwargs)[source] ¶
Bases:
ErrorSecurity error exception.
Avoids exposing details of security errors, unless in insecure_debug mode.
- amendment='(Disable insecure_debug mode to suppress these details.)'¶
- exceptionkeystone.exception.ServiceNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find service: %(service_id)s.'¶
- exceptionkeystone.exception.ServiceProviderNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find Service Provider: %(sp_id)s.'¶
- exceptionkeystone.exception.StringLengthExceeded(message=None, **kwargs)[source] ¶
Bases:
ValidationError- message_format:str|None="String length exceeded. The length of string '%(string)s' exceeds the limit of column %(type)s(CHAR(%(length)d))."¶
- exceptionkeystone.exception.TokenNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find token: %(token_id)s.'¶
- exceptionkeystone.exception.TokenlessAuthConfigError(message=None, **kwargs)[source] ¶
Bases:
ValidationError- message_format:str|None='Could not determine Identity Provider ID. The configuration option %(issuer_attribute)s was not found in the request environment.'¶
- exceptionkeystone.exception.TrustConsumeMaximumAttempt(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- debug_message_format='Unable to consume trust %(trust_id)s. Unable to acquire lock.'¶
- exceptionkeystone.exception.TrustNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find trust: %(trust_id)s.'¶
- exceptionkeystone.exception.TrustUseLimitReached(message=None, **kwargs)[source] ¶
Bases:
Forbidden- message_format:str|None='No remaining uses for trust: %(trust_id)s.'¶
- exceptionkeystone.exception.URLValidationError(message=None, **kwargs)[source] ¶
Bases:
ValidationError- message_format:str|None='Cannot create an endpoint with an invalid URL: %(url)s.'¶
Bases:
SecurityError
- exceptionkeystone.exception.UnexpectedError(message=None, **kwargs)[source] ¶
Bases:
SecurityErrorAvoids exposing details of failures, unless in insecure_debug mode.
- code:int|None=500¶
- debug_message_format='An unexpected error prevented the server from fulfilling your request: %(exception)s.'¶
- message_format:str|None='An unexpected error prevented the server from fulfilling your request.'¶
- title:str|None='Internal Server Error'¶
- exceptionkeystone.exception.UnsupportedTokenVersionException(message=None, **kwargs)[source] ¶
Bases:
UnexpectedError- debug_message_format='Token version is unrecognizable or unsupported.'¶
- exceptionkeystone.exception.UserDisabled(message=None, **kwargs)[source] ¶
Bases:
Unauthorized- message_format:str|None='The account is disabled for user: %(user_id)s.'¶
- exceptionkeystone.exception.UserNotFound(message=None, **kwargs)[source] ¶
Bases:
NotFound- message_format:str|None='Could not find user: %(user_id)s.'¶
- exceptionkeystone.exception.ValidationError(message=None, **kwargs)[source] ¶
Bases:
Error- code:int|None=400¶
- message_format:str|None='Expecting to find %(attribute)s in %(target)s. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.'¶
- title:str|None='Bad Request'¶
- exceptionkeystone.exception.ValidationExpirationError(message=None, **kwargs)[source] ¶
Bases:
Error- code:int|None=400¶
- message_format:str|None="The 'expires_at' must not be before now. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error."¶
- title:str|None='Bad Request'¶
- exceptionkeystone.exception.ValidationTimeStampError(message=None, **kwargs)[source] ¶
Bases:
Error- code:int|None=400¶
- message_format:str|None='Timestamp not in expected format. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.'¶
- title:str|None='Bad Request'¶