Handle UAA unavailability when fetching usernames

- Fixes a bug where CC would return a 500 - UnknownError when UAA was unreachable while fetching usernames for the various /users endpoints by updating existing error handling that would omit "username" from the response to handle additional exception types [#143518959]
cloudfoundry · May 24, 2017 · 23eb110 · 23eb110
1 parent a4f0780
commit 23eb110
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 4 deletions.
diff --git a/lib/cloud_controller/uaa/uaa_client.rb b/lib/cloud_controller/uaa/uaa_client.rb
@@ -25,7 +25,7 @@ def get_clients(client_ids)
 
     def token_info
       token_issuer.client_credentials_grant
-    rescue CF::UAA::NotFound => e
+    rescue CF::UAA::NotFound, CF::UAA::BadTarget, CF::UAA::BadResponse => e
       logger.error("UAA request for token failed: #{e.inspect}")
       raise UaaUnavailable.new
     end
@@ -39,7 +39,8 @@ def usernames_for_ids(user_ids)
         results_hash[resource['id']] = resource['username']
         results_hash
       end
-    rescue UaaUnavailable, CF::UAA::TargetError
+    rescue UaaUnavailable, CF::UAA::UAAError => e
+      logger.error("Failed to retrieve usernames from UAA: #{e.inspect}")
       {}
     end
 

diff --git a/spec/unit/lib/uaa/uaa_client_spec.rb b/spec/unit/lib/uaa/uaa_client_spec.rb
@@ -29,6 +29,44 @@ module VCAP::CloudController
       end
     end
 
+    describe '#token_info' do
+      context 'when token information can be retrieved successfully' do
+        it 'returns token_info from the token_issuer' do
+          expect(uaa_client.token_info).to eq(token_info)
+        end
+      end
+
+      context 'when a CF::UAA::NotFound error occurs' do
+        before do
+          allow(token_issuer).to receive(:client_credentials_grant).and_raise(CF::UAA::NotFound)
+        end
+
+        it 'raises a UaaUnavailable error' do
+          expect { uaa_client.token_info }.to raise_error(UaaUnavailable)
+        end
+      end
+
+      context 'when a CF::UAA::BadTarget error occurs' do
+        before do
+          allow(token_issuer).to receive(:client_credentials_grant).and_raise(CF::UAA::BadTarget)
+        end
+
+        it 'raises a UaaUnavailable error' do
+          expect { uaa_client.token_info }.to raise_error(UaaUnavailable)
+        end
+      end
+
+      context 'when a CF::UAA::BadResponse error occurs' do
+        before do
+          allow(token_issuer).to receive(:client_credentials_grant).and_raise(CF::UAA::BadResponse)
+        end
+
+        it 'raises a UaaUnavailable error' do
+          expect { uaa_client.token_info }.to raise_error(UaaUnavailable)
+        end
+      end
+    end
+
     describe '#get_clients' do
       let(:scim) { double('scim') }
 
@@ -99,15 +137,24 @@ module VCAP::CloudController
       end
 
       context 'when the endpoint returns an error' do
+        let(:uaa_error) { CF::UAA::UAAError.new('some error') }
+        let(:mock_logger) { double(:steno_logger, error: nil) }
+
         before do
-          scim = double('scim')
-          allow(scim).to receive(:query).and_raise(CF::UAA::TargetError)
+          scim = instance_double(CF::UAA::Scim)
+          allow(scim).to receive(:query).and_raise(uaa_error)
           allow(uaa_client).to receive(:scim).and_return(scim)
+          allow(uaa_client).to receive(:logger).and_return(mock_logger)
         end
 
         it 'returns an empty hash' do
           expect(uaa_client.usernames_for_ids([userid_1])).to eq({})
         end
+
+        it 'logs the error' do
+          uaa_client.usernames_for_ids([userid_1])
+          expect(mock_logger).to have_received(:error).with("Failed to retrieve usernames from UAA: #{uaa_error.inspect}")
+        end
       end
     end