handle responses for oidc_auth

The oidc_auth.py does not handle non-success results, but gives trace in all (most) conditions. Handle responses for the following conditions: dex mis-configuration of baseND invalid hostname for WAD server (DNS lookup fail) oidc-client pod not running (111 connection refused) incorrect dex server IP oidc-auth commandline parameter incorrect username or password generic catch all - unknown responses Test Plan: PASS pylint PASS test cases for all the above PASS success path test case PASS AIO-SX Closes-Bug: 2024494 Change-Id: I31908a4412a8d02de39af6b8966b2359405222d1 Signed-off-by: Henry Bailey <henry.bailey@windriver.com>
2023-06-26 12:13:30 -04:00 · 2023-06-26 12:13:30 -04:00 · f5dc413053
parent cc9186a7f9
commit f5dc413053
1 changed files with 31 additions and 2 deletions
--- a/oidc-auth-tools/oidcauthtools/oidcauthtools/oidc_auth.py
+++ b/oidc-auth-tools/oidcauthtools/oidcauthtools/oidc_auth.py
@ -9,9 +9,11 @@
 from argparse import ArgumentParser
 import getpass
 import mechanize
+import re
 import six
 import ssl
 import sys
+import urllib


 def main():
@ -55,7 +57,19 @@ def main():
    br.addheaders = [("User-agent", "Mozilla/5.0")]

    # Open browser on dexClientUrl
-    dexLoginPage = br.open(dexClientUrl)
+    try:
+        dexLoginPage = br.open(dexClientUrl)
+    except urllib.error.URLError as e:
+        conv_e = str(e.reason)
+        e_code = re.search(r"\d+", conv_e)
+        if (e_code.group()) == "111":
+            print('Check oidc-auth-apps application pod status')
+        elif (e_code.group()) == "113":
+            print('Check command line parameter OIDC client IP address (-c)')
+        else:
+            print('Unexpected error when addressing the OIDC Client endpoint')
+        print('Error: %s' % e)
+        sys.exit(1)

    # If there are links on this page, then more than one
    # backends are configured. Pick the correct backend
@ -109,7 +123,22 @@ def main():

    if verbose:
        print("\ndexLoginPage SUBMITTING FORM --> ...")
-    dexLoginGrantAccessResponse = br.submit()
+    try:
+        dexLoginGrantAccessResponse = br.submit()
+    except mechanize.HTTPError as e:
+        if e.code == 500:
+            # handles mis-configuration of baseND for example
+            # handles DNS lookup failure for example
+            print('Dex server replied with HTTP error code 500.\n'
+                  'Review the dex server pod log and configuration '
+                  'to resolve the error.')
+        elif e.code == 401:
+            print('Failed to authenticate - check username/password')
+        else:
+            print('Unexpected error returned from the dex server; '
+                  'check pod status and logs')
+        print('Error: %s' % e)
+        sys.exit(1)

    # grant access final response
    if verbose: