Fix issues with unavailable secrets

Previously, if a secret became unavailable in barbican, the user saw
a generic error raised from the barbican client. This patch improves
the error message returned to the user.

Change-Id: I97bd1b2a97a44d0a0566ae56167fa4f2e503ee2d
Story: 2006676
Task: 37012
(cherry picked from commit f68460ddd3)

octavia/common/tls_utils/cert_parser.py

@@ -27,7 +27,7 @@ from pyasn1_modules import rfc2315
 import six
 
 from octavia.common import data_models
-import octavia.common.exceptions as exceptions
+from octavia.common import exceptions
 
 X509_BEG = b'-----BEGIN CERTIFICATE-----'
 X509_END = b'-----END CERTIFICATE-----'
@@ -336,8 +336,14 @@ def build_pem(tls_container):
 
 def load_certificate_data(cert_mngr, cert_ref, context):
     """Load TLS certificate data."""
-    return _map_cert_tls_container(
-        cert_mngr.get_cert(context, cert_ref, check_only=True))
+    try:
+        data = _map_cert_tls_container(
+            cert_mngr.get_cert(context, cert_ref, check_only=True))
+    except Exception as e:
+        LOG.warning('Unable to retrieve certificate: %s due to %s.',
+                    cert_ref, str(e))
+        raise exceptions.CertificateRetrievalException(ref=cert_ref)
+    return data
 
 
 def load_certificates_data(cert_mngr, listener, context=None):

octavia/tests/unit/common/tls_utils/test_cert_parser.py

@@ -162,6 +162,13 @@ class TestTLSParseUtils(base.TestCase):
                 ]
                 client.assert_has_calls(calls_cert_mngr)
 
+    def test_load_certificate_data_with_error(self):
+        mock_cert_mngr = mock.MagicMock()
+        mock_cert_mngr.get_cert.side_effect = [Exception]
+        self.assertRaises(exceptions.CertificateRetrievalException,
+                          cert_parser.load_certificate_data,
+                          mock_cert_mngr, 'fake_ref', 'fake_context')
+
     @mock.patch('octavia.certificates.common.cert.Cert')
     def test_map_cert_tls_container(self, cert_mock):
         tls = data_models.TLSContainer(