Improve exception handling

Improving the error handling during the requires requests on to authentication procedure, was found due procedural issues on oidc configuration unhandled exceptions on the oidc-auth scripts. Test Plan: PASS: Deploy a system from master ISO. PASS: Apply & Test procedure: - Apply oidc-auth-apps acording 'Set up OIDC Auth Applications' guide. The oidc-auth-apps should be applied successfully. - Once oidc-auth-apps in applied status, perform oidc-auth-apps test by creating a user, apply rolebiding and authenticate it using oidc-auth command, check if the new user can send k8s commands based on its roles. PASS: Local Test (oidc-auth) - Once oidc-auth-apps applied and a LDAP user created, authenticate through oidc-auth script. Should Work - Reconfigure oidc-auth-apps for Windows Active Directory using multiples backends, try to authenticate using oidc-auth script. Should work. PASS: Remote CLI - Configure the Remote CLI according the official guide 'Configure Container-backed Remote CLIs and Clients'. - Authenticate through oidc-auth command from the remote workstation. Should work. PASS: Check HTTP Errors & Generic Exceptions - Give a wrong IP address (-c) to force an exception, the oidc-auth script should show to the user that an error occurs. PASS: Mocking Errors & Exceptions - Mock the methods that performs network socket communications to simulate the handled and unexpected exceptions (Generic Exceptions). - raise handled urllib.error.URLError() exceptions, All exceptions should be detected. - raise unhandled urllib.error.URLError() exceptions, All exceptions should be detected. - urllib.error.URLError exceptions withour an error code, now should be detected as well. - raise generic exceptions (Exception). All exceptions should be detected. PASS: Check dex misconfiguration - Force a misconfiguration on the value: config.staticClients[0].redirectURIs[0]: https://bad.value:30555/ callback. The exception should be now handled fixing the NoneType on erro code. Closes-Bug: 2103616 Change-Id: Ic4cad52514b1d4c73a0f9f41ac361d2208b4be25 Signed-off-by: Joaci Morais <joaci.demorais@windriver.com>
2025-03-17 22:25:46 -03:00
parent ce5d7f5a42
commit 1724dfc7b5
1 changed files with 35 additions and 11 deletions
--- a/oidc-auth-tools/oidcauthtools/oidcauthtools/oidc_auth.py
+++ b/oidc-auth-tools/oidcauthtools/oidcauthtools/oidc_auth.py
@@ -107,15 +107,28 @@ def main():
    try:
        dexLoginPage = br.open(dexClientUrl)
    except urllib.error.URLError as e:
-        conv_e = str(e.reason)
-        e_code = re.search(r"\d+", conv_e)
-        if (e_code.group()) == "111":
-            print('Check oidc-auth-apps application pod status')
-        elif (e_code.group()) == "113":
-            print('Check command line parameter OIDC client IP address (-c)')
+        if e.reason:
+            print("Error")
+            print(f"- Reason: {e.reason}")
+            error_code = re.search(r"\d+", str(e.reason))
+            if error_code:
+                ecode = int(error_code.group())
+                print(f"- Code: {ecode}")
+                if ecode == 111:
+                    print("- Check oidc-auth-apps application pod status")
+                elif ecode == 113:
+                    print("- Check OIDC client IP address parameter (-c)")
+                elif ecode == 110:
+                    print("- Connection timeout")
                else:
-            print('Unexpected error when addressing the OIDC Client endpoint')
-        print('Error: %s' % e)
+                    print("- Unexpected Error addressing the OIDC Client")
+            else:
+                print("- Unexpected HTTP Error: "
+                      "failed to parse response code")
+                print('- Check oidc-auth-apps configuration on the controller')
+        sys.exit(1)
+    except Exception as e:
+        print(f'Unexpected Error from mechanize.Browser.open(): {e}')
        sys.exit(1)

    # If there are links on this page, then more than one
@@ -136,8 +149,16 @@ def main():
                print("backend: %s" % all_backends[-1])

            if all_backends[-1] == args.backend:
+                try:
                    br.follow_link(link)
                    found_backend = True
+                except mechanize.LinkNotFoundError:
+                    print(f'Error: The backend link: {link} was not found')
+                except mechanize.HTTPError as e:
+                    print(f'HTTP Error {e.code}:failed following link: {link}')
+                except Exception as e:
+                    print('Unexpected Error from '
+                          f'mechanize.Browser.follow_link(): {e}')

        if not found_backend:
            print("Backend not found, please choose one of: %s" % all_backends)
@@ -186,6 +207,9 @@ def main():
                  'check pod status and logs')
        print('Error: %s' % e)
        sys.exit(1)
+    except Exception as e:
+        print(f'Unexpected Error from mechanize.Browser.submit(): {e}')
+        sys.exit(1)

    # grant access final response
    if verbose: