macaroonbakery/error.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

# Copyright 2017 Canonical Ltd.
# Licensed under the LGPLv3, see LICENCE file for details.


class DischargeRequiredError(Exception):
    ''' Raised by checker when authorization has failed and a discharged
    macaroon might fix it.

    A caller should grant the user the ability to authorize by minting a
    macaroon associated with Ops (see MacaroonStore.MacaroonIdInfo for
    how the associated operations are retrieved) and adding Caveats. If
    the user succeeds in discharging the caveats, the authorization will
    be granted.
    '''
    def __init__(self, msg, ops, cavs):
        '''
        :param msg: holds some reason why the authorization was denied.
        :param ops: holds all the operations that were not authorized.
        If ops contains a single LOGIN_OP member, the macaroon
        should be treated as an login token. Login tokens (also
        known as authentication macaroons) usually have a longer
        life span than other macaroons.
        :param cavs: holds the caveats that must be added to macaroons that
        authorize the above operations.
        '''
        super(DischargeRequiredError, self).__init__(msg)
        self._ops = ops
        self._cavs = cavs

    def ops(self):
        return self._ops

    def cavs(self):
        return self._cavs


class PermissionDenied(Exception):
    '''Raised from AuthChecker when permission has been denied.
    '''
    pass


class CaveatNotRecognizedError(Exception):
    '''Containing the cause of errors returned from caveat checkers when the
    caveat was not recognized.
    '''
    pass


class VerificationError(Exception):
    '''Raised to signify that an error is because of a verification failure
    rather than because verification could not be done.'''
    pass


class AuthInitError(Exception):
    '''Raised if AuthChecker cannot be initialized properly.'''
    pass


class IdentityError(Exception):
    ''' Raised from IdentityClient.declared_identity when an error occurs.
    '''
    pass


class ThirdPartyCaveatCheckFailed(Exception):
    ''' Raised from ThirdPartyCaveatChecker.check_third_party when check fails.
    '''
    pass


class ThirdPartyInfoNotFound(Exception):
    ''' Raised from implementation of ThirdPartyLocator.third_party_info when
    the info cannot be found.
    '''
    pass