From 1724dfc7b542446912c29596137ebb5edc384dfb Mon Sep 17 00:00:00 2001
From: Joaci Morais <joaci.demorais@windriver.com>
Date: Mon, 17 Mar 2025 22:25:46 -0300
Subject: [PATCH] Improve exception handling

Improving the error handling during the requires requests
on to authentication procedure, was found due procedural
issues on oidc configuration unhandled exceptions on the
oidc-auth scripts.

Test Plan:
PASS: Deploy a system from master ISO.
PASS: Apply & Test procedure:
  - Apply oidc-auth-apps acording 'Set up OIDC Auth Applications'
  guide. The oidc-auth-apps should be applied successfully.
  - Once oidc-auth-apps in applied status, perform oidc-auth-apps
  test by creating a user, apply rolebiding and authenticate it
  using oidc-auth command, check if the new user can send k8s
  commands based on its roles.

PASS: Local Test (oidc-auth)
  - Once oidc-auth-apps applied and a LDAP user created, authenticate
  through oidc-auth script. Should Work
  - Reconfigure oidc-auth-apps for Windows Active Directory using
  multiples backends, try to authenticate using oidc-auth script.
  Should work.

PASS: Remote CLI
  - Configure the Remote CLI according the official guide
  'Configure Container-backed Remote CLIs and Clients'.
  - Authenticate through oidc-auth command from the remote
  workstation. Should work.

PASS: Check HTTP Errors & Generic Exceptions
  - Give a wrong IP address (-c) to force an exception, the
  oidc-auth script should show to the user that an error occurs.

PASS: Mocking Errors & Exceptions
  - Mock the methods that performs network socket communications
  to simulate the handled and unexpected exceptions
  (Generic Exceptions).
  - raise handled urllib.error.URLError() exceptions, All exceptions
  should be detected.
  - raise unhandled urllib.error.URLError() exceptions, All
  exceptions should be detected.
  - urllib.error.URLError exceptions withour an error code, now
  should be detected as well.
  - raise generic exceptions (Exception). All
  exceptions should be detected.

PASS: Check dex misconfiguration
  - Force a misconfiguration on the value:
  config.staticClients[0].redirectURIs[0]: https://bad.value:30555/
  callback. The exception should be now handled fixing the NoneType
  on erro code.

Closes-Bug: 2103616

Change-Id: Ic4cad52514b1d4c73a0f9f41ac361d2208b4be25
Signed-off-by: Joaci Morais <joaci.demorais@windriver.com>
---
 .../oidcauthtools/oidcauthtools/oidc_auth.py  | 46 ++++++++++++++-----
 1 file changed, 35 insertions(+), 11 deletions(-)

diff --git a/oidc-auth-tools/oidcauthtools/oidcauthtools/oidc_auth.py b/oidc-auth-tools/oidcauthtools/oidcauthtools/oidc_auth.py
index 719f393..dfca361 100644
--- a/oidc-auth-tools/oidcauthtools/oidcauthtools/oidc_auth.py
+++ b/oidc-auth-tools/oidcauthtools/oidcauthtools/oidc_auth.py
@@ -107,15 +107,28 @@ def main():
     try:
         dexLoginPage = br.open(dexClientUrl)
     except urllib.error.URLError as e:
-        conv_e = str(e.reason)
-        e_code = re.search(r"\d+", conv_e)
-        if (e_code.group()) == "111":
-            print('Check oidc-auth-apps application pod status')
-        elif (e_code.group()) == "113":
-            print('Check command line parameter OIDC client IP address (-c)')
-        else:
-            print('Unexpected error when addressing the OIDC Client endpoint')
-        print('Error: %s' % e)
+        if e.reason:
+            print("Error")
+            print(f"- Reason: {e.reason}")
+            error_code = re.search(r"\d+", str(e.reason))
+            if error_code:
+                ecode = int(error_code.group())
+                print(f"- Code: {ecode}")
+                if ecode == 111:
+                    print("- Check oidc-auth-apps application pod status")
+                elif ecode == 113:
+                    print("- Check OIDC client IP address parameter (-c)")
+                elif ecode == 110:
+                    print("- Connection timeout")
+                else:
+                    print("- Unexpected Error addressing the OIDC Client")
+            else:
+                print("- Unexpected HTTP Error: "
+                      "failed to parse response code")
+                print('- Check oidc-auth-apps configuration on the controller')
+        sys.exit(1)
+    except Exception as e:
+        print(f'Unexpected Error from mechanize.Browser.open(): {e}')
         sys.exit(1)
 
     # If there are links on this page, then more than one
@@ -136,8 +149,16 @@ def main():
                 print("backend: %s" % all_backends[-1])
 
             if all_backends[-1] == args.backend:
-                br.follow_link(link)
-                found_backend = True
+                try:
+                    br.follow_link(link)
+                    found_backend = True
+                except mechanize.LinkNotFoundError:
+                    print(f'Error: The backend link: {link} was not found')
+                except mechanize.HTTPError as e:
+                    print(f'HTTP Error {e.code}:failed following link: {link}')
+                except Exception as e:
+                    print('Unexpected Error from '
+                          f'mechanize.Browser.follow_link(): {e}')
 
         if not found_backend:
             print("Backend not found, please choose one of: %s" % all_backends)
@@ -186,6 +207,9 @@ def main():
                   'check pod status and logs')
         print('Error: %s' % e)
         sys.exit(1)
+    except Exception as e:
+        print(f'Unexpected Error from mechanize.Browser.submit(): {e}')
+        sys.exit(1)
 
     # grant access final response
     if verbose: