-
Notifications
You must be signed in to change notification settings - Fork 987
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #9674 - Handle ProxyAPI exceptions on PuppetCA controller #2229
Conversation
process_success({ :success_redirect => smart_proxy_puppetca_index_path(@proxy, :state => params[:state]), :object_name => cert.to_s }) | ||
else | ||
process_error({ :redirect => smart_proxy_puppetca_index_path(@proxy) }) | ||
proxy_command do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we could use rescue_from rather than wrapping every action in proxy_command
@ares Updated, thanks for the review 🙇 |
when "create" then hash[:render] ||= "new" | ||
when "update" then hash[:render] ||= "edit" | ||
else | ||
hash[:redirect] ||= send("#{controller_name}_url") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit - hash[:redirect]
can't be blank, same applies to hash[:render]
in both when branches so ||=
should be just =
When an error appears on index page (e.g. proxy not running) we have redirect loop, because user is always redirected index page. |
@ares Fixed, I redirect to 🔙 instead, I think that should more or less ensure no loops. |
@@ -1,15 +1,13 @@ | |||
class PuppetcaController < ApplicationController | |||
rescue_from ProxyAPI::ProxyException do |exception| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why only in this controller? I somewhat see your point about the 500 page (noting that the behaviour is different between prod and dev too, prod is prettier), but shouldn't this be in app controller and handled application-wide?
@domcleal I updated it to move the I think tests for the rescue fit better in |
[test] feeling paranoid about tests becoming broken without merge conflicts. |
Currently if any error happens when signing a certificate request, Foreman will throw a 500 error page.
See the following example for a error of a client sending a broken cert request (incompatible digest algorithm):
ERF12-9815 [ProxyAPI::ProxyException]: Unable to sign PuppetCA certificate for samplehost ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy https://mydomain:9090/puppet/ca
We can handle this through an alert and return back to the smart proxy PuppetCA index page.
Same goes for any other
ProxyAPI::ProxyException
that happens within the PuppetCA controller, they all throw a nasty 500 as they are not rescued at all.