Browse Source

Fix issues with unavailable secrets

Previously, if a secret became unavailable in barbican, the user saw
a generic error raised from the barbican client. This patch improves
the error message returned to the user.

Change-Id: I97bd1b2a97a44d0a0566ae56167fa4f2e503ee2d
Story: 2006676
Task: 37012
(cherry picked from commit f68460ddd31f9b09d59fff876f103324078473a6)
changes/57/691757/4
Michael Johnson 3 months ago
parent
commit
e7bd65eccf
2 changed files with 16 additions and 3 deletions
  1. +9
    -3
      octavia/common/tls_utils/cert_parser.py
  2. +7
    -0
      octavia/tests/unit/common/tls_utils/test_cert_parser.py

+ 9
- 3
octavia/common/tls_utils/cert_parser.py View File

@@ -27,7 +27,7 @@ from pyasn1_modules import rfc2315
import six

from octavia.common import data_models
import octavia.common.exceptions as exceptions
from octavia.common import exceptions

X509_BEG = b'-----BEGIN CERTIFICATE-----'
X509_END = b'-----END CERTIFICATE-----'
@@ -336,8 +336,14 @@ def build_pem(tls_container):

def load_certificate_data(cert_mngr, cert_ref, context):
"""Load TLS certificate data."""
return _map_cert_tls_container(
cert_mngr.get_cert(context, cert_ref, check_only=True))
try:
data = _map_cert_tls_container(
cert_mngr.get_cert(context, cert_ref, check_only=True))
except Exception as e:
LOG.warning('Unable to retrieve certificate: %s due to %s.',
cert_ref, str(e))
raise exceptions.CertificateRetrievalException(ref=cert_ref)
return data


def load_certificates_data(cert_mngr, listener, context=None):

+ 7
- 0
octavia/tests/unit/common/tls_utils/test_cert_parser.py View File

@@ -162,6 +162,13 @@ class TestTLSParseUtils(base.TestCase):
]
client.assert_has_calls(calls_cert_mngr)

def test_load_certificate_data_with_error(self):
mock_cert_mngr = mock.MagicMock()
mock_cert_mngr.get_cert.side_effect = [Exception]
self.assertRaises(exceptions.CertificateRetrievalException,
cert_parser.load_certificate_data,
mock_cert_mngr, 'fake_ref', 'fake_context')

@mock.patch('octavia.certificates.common.cert.Cert')
def test_map_cert_tls_container(self, cert_mock):
tls = data_models.TLSContainer(

Loading…
Cancel
Save