starlingx/oidc-auth-armada-app
Code Issues Proposed changes

handle responses for oidc_auth

Browse Source 
The oidc_auth.py does not handle non-success results, but gives trace in
all (most) conditions.  Handle responses for the following conditions:

dex mis-configuration of baseND
invalid hostname for WAD server (DNS lookup fail)
oidc-client pod not running (111 connection refused)
incorrect dex server IP oidc-auth commandline parameter
incorrect username or password
generic catch all - unknown responses

Test Plan:
PASS  pylint
PASS  test cases for all the above
PASS  success path test case
PASS  AIO-SX

Closes-Bug: 2024494

Change-Id: I31908a4412a8d02de39af6b8966b2359405222d1
Signed-off-by: Henry Bailey <henry.bailey@windriver.com>
This commit is contained in:
Bailey Henry 2023-06-26 12:13:30 -04:00
parent cc9186a7f9
commit f5dc413053
1 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
oidc-auth-tools/oidcauthtools/oidcauthtools/oidc_auth.py
View File

@ -9,9 +9,11 @@
from argparse import ArgumentParser from argparse import ArgumentParser
import getpass import getpass
import mechanize import mechanize
import re
import six import six
import ssl import ssl
import sys import sys
import urllib
def main(): def main():
@ -55,7 +57,19 @@ def main():
br.addheaders = [("User-agent", "Mozilla/5.0")] br.addheaders = [("User-agent", "Mozilla/5.0")]
# Open browser on dexClientUrl # Open browser on dexClientUrl
try:
dexLoginPage = br.open(dexClientUrl) dexLoginPage = br.open(dexClientUrl)
except urllib.error.URLError as e:
conv_e = str(e.reason)
e_code = re.search(r"\d+", conv_e)
if (e_code.group()) == "111":
print('Check oidc-auth-apps application pod status')
elif (e_code.group()) == "113":
print('Check command line parameter OIDC client IP address (-c)')
else:
print('Unexpected error when addressing the OIDC Client endpoint')
print('Error: %s' % e)
sys.exit(1)
# If there are links on this page, then more than one # If there are links on this page, then more than one
# backends are configured. Pick the correct backend # backends are configured. Pick the correct backend
@ -109,7 +123,22 @@ def main():
if verbose: if verbose:
print("\ndexLoginPage SUBMITTING FORM --> ...") print("\ndexLoginPage SUBMITTING FORM --> ...")
try:
dexLoginGrantAccessResponse = br.submit() dexLoginGrantAccessResponse = br.submit()
except mechanize.HTTPError as e:
if e.code == 500:
# handles mis-configuration of baseND for example
# handles DNS lookup failure for example
print('Dex server replied with HTTP error code 500.\n'
'Review the dex server pod log and configuration '
'to resolve the error.')
elif e.code == 401:
print('Failed to authenticate - check username/password')
else:
print('Unexpected error returned from the dex server; '
'check pod status and logs')
print('Error: %s' % e)
sys.exit(1)
# grant access final response # grant access final response
if verbose: if verbose: