x/glare
Code Issues Proposed changes

Handle connection errors in keycloak auth middleware

Browse Source 
Change-Id: I6ca9cd543f331bbb22f584e9cfc63093b6b8d4c1
This commit is contained in:
Mike Fedosin
2017-03-27 19:29:26 +03:00
parent 702eb4ad5e
commit ea083dddc2
2 changed files with 25 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
glare/api/middleware/keycloak_auth.py
View File

@@ -72,11 +72,18 @@ class KeycloakAuthMiddleware(base_middleware.Middleware):
info = self.mcclient.get(access_token)
if info is None:
resp = requests.get(
user_info_endpoint,
headers={"Authorization": "Bearer %s" % access_token},
verify=not CONF.keycloak_oidc.insecure
)
try:
resp = requests.get(
user_info_endpoint,
headers={"Authorization": "Bearer %s" % access_token},
verify=not CONF.keycloak_oidc.insecure
)
except requests.ConnectionError:
msg = _("Can't connect to keycloak server with address '%s'."
) % CONF.keycloak_oidc.auth_url
LOG.error(msg)
raise exception.GlareException(message=msg)
if resp.status_code == 401:
raise exception.Unauthorized(message=resp.text)
elif resp.status_code >= 400:

13
glare/tests/unit/middleware/test_keycloak_auth.py
View File

@@ -13,6 +13,7 @@
# limitations under the License.
import mock
import requests
import webob
from glare.api.middleware import keycloak_auth
@@ -103,3 +104,15 @@ class TestKeycloakAuthMiddleware(base.BaseTestCase):
with mock.patch("jwt.decode", return_value=token):
self.assertRaises(
exc.GlareException, self._build_middleware(), req)
@mock.patch("requests.get")
def test_connection_error(self, mocked_get):
token = {
"iss": "http://localhost:8080/auth/realms/my_realm",
}
mocked_get.side_effect = requests.ConnectionError
req = self._build_request(token)
with mock.patch("jwt.decode", return_value=token):
self.assertRaises(
exc.GlareException, self._build_middleware(), req)