Display clean error message for missing secret

When a secret is missing from a job that passes it to parent, we do not validate it and instead try to use the decrypt method on a NoneType, resulting in a very user unfriendly error: Unable to freeze job graph: 'NoneType' object has no attribute 'decrypt' This change includes a fix should make it a lot more user friendly of an error message. Change-Id: If7cb8fa6f206acc76a11f2a8edfac2b43f9fd367
2020-03-17 11:02:49 -04:00
parent e0e7683b64
commit 1d5eb15be6
2 changed files with 31 additions and 0 deletions
--- a/tests/unit/test_v3.py
+++ b/tests/unit/test_v3.py
@@ -4581,6 +4581,35 @@ class TestSecretPassToParent(ZuulTestCase):
        ])
        self.assertIn('does not allow post-review', B.messages[0])

+    def test_secret_pass_to_parent_missing(self):
+        in_repo_conf = textwrap.dedent(
+            """
+            - job:
+                name: parent-job-without-secret
+                pre-run: playbooks/pre.yaml
+                run: playbooks/run.yaml
+                post-run: playbooks/post.yaml
+
+            - job:
+                name: test-job
+                parent: trusted-parent-job-without-secret
+                secrets:
+                  - name: my_secret
+                    secret: missing-secret
+                    pass-to-parent: true
+
+            - project:
+                check:
+                  jobs:
+                    - test-job
+            """)
+        file_dict = {'zuul.yaml': in_repo_conf}
+        A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
+                                           files=file_dict)
+        self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
+        self.waitUntilSettled()
+        self.assertIn('Secret missing-secret not found', A.messages[0])
+
    def test_secret_override(self):
        # Test that secrets passed to parents don't override existing
        # secrets.
--- a/zuul/model.py
+++ b/zuul/model.py
@@ -1607,6 +1607,8 @@ class Job(ConfigObject):
            decrypted_secrets = []
            for secret_use in secrets_for_parents:
                secret = layout.secrets.get(secret_use.name)
+                if secret is None:
+                    raise Exception("Secret %s not found" % (secret_use.name,))
                decrypted_secret = secret.decrypt(
                    other.source_context.project.private_secrets_key)
                decrypted_secret.name = secret_use.alias