Fix issues with unavailable secrets
Previously, if a secret became unavailable in barbican, the user saw
a generic error raised from the barbican client. This patch improves
the error message returned to the user.
Change-Id: I97bd1b2a97a44d0a0566ae56167fa4f2e503ee2d
Story: 2006676
Task: 37012
(cherry picked from commit f68460ddd3
)
This commit is contained in:
parent
96e5962e05
commit
e7bd65eccf
|
@ -27,7 +27,7 @@ from pyasn1_modules import rfc2315
|
||||||
import six
|
import six
|
||||||
|
|
||||||
from octavia.common import data_models
|
from octavia.common import data_models
|
||||||
import octavia.common.exceptions as exceptions
|
from octavia.common import exceptions
|
||||||
|
|
||||||
X509_BEG = b'-----BEGIN CERTIFICATE-----'
|
X509_BEG = b'-----BEGIN CERTIFICATE-----'
|
||||||
X509_END = b'-----END CERTIFICATE-----'
|
X509_END = b'-----END CERTIFICATE-----'
|
||||||
|
@ -336,8 +336,14 @@ def build_pem(tls_container):
|
||||||
|
|
||||||
def load_certificate_data(cert_mngr, cert_ref, context):
|
def load_certificate_data(cert_mngr, cert_ref, context):
|
||||||
"""Load TLS certificate data."""
|
"""Load TLS certificate data."""
|
||||||
return _map_cert_tls_container(
|
try:
|
||||||
|
data = _map_cert_tls_container(
|
||||||
cert_mngr.get_cert(context, cert_ref, check_only=True))
|
cert_mngr.get_cert(context, cert_ref, check_only=True))
|
||||||
|
except Exception as e:
|
||||||
|
LOG.warning('Unable to retrieve certificate: %s due to %s.',
|
||||||
|
cert_ref, str(e))
|
||||||
|
raise exceptions.CertificateRetrievalException(ref=cert_ref)
|
||||||
|
return data
|
||||||
|
|
||||||
|
|
||||||
def load_certificates_data(cert_mngr, listener, context=None):
|
def load_certificates_data(cert_mngr, listener, context=None):
|
||||||
|
|
|
@ -162,6 +162,13 @@ class TestTLSParseUtils(base.TestCase):
|
||||||
]
|
]
|
||||||
client.assert_has_calls(calls_cert_mngr)
|
client.assert_has_calls(calls_cert_mngr)
|
||||||
|
|
||||||
|
def test_load_certificate_data_with_error(self):
|
||||||
|
mock_cert_mngr = mock.MagicMock()
|
||||||
|
mock_cert_mngr.get_cert.side_effect = [Exception]
|
||||||
|
self.assertRaises(exceptions.CertificateRetrievalException,
|
||||||
|
cert_parser.load_certificate_data,
|
||||||
|
mock_cert_mngr, 'fake_ref', 'fake_context')
|
||||||
|
|
||||||
@mock.patch('octavia.certificates.common.cert.Cert')
|
@mock.patch('octavia.certificates.common.cert.Cert')
|
||||||
def test_map_cert_tls_container(self, cert_mock):
|
def test_map_cert_tls_container(self, cert_mock):
|
||||||
tls = data_models.TLSContainer(
|
tls = data_models.TLSContainer(
|
||||||
|
|
Loading…
Reference in New Issue