Fixes #9674 - Handle ProxyAPI exceptions on PuppetCA controller

[dLobatog]

Currently if any error happens when signing a certificate request, Foreman will throw a 500 error page.

See the following example for a error of a client sending a broken cert request (incompatible digest algorithm):

ERF12-9815 [ProxyAPI::ProxyException]: Unable to sign PuppetCA certificate for samplehost ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy https://mydomain:9090/puppet/ca

We can handle this through an alert and return back to the smart proxy PuppetCA index page.

Same goes for any other ProxyAPI::ProxyException that happens within the PuppetCA controller, they all throw a nasty 500 as they are not rescued at all.

[ares]

I think we could use rescue_from rather than wrapping every action in proxy_command

[dLobatog]

@ares Updated, thanks for the review 🙇

[ares]

nit - hash[:redirect] can't be blank, same applies to hash[:render] in both when branches so ||= should be just =

[ares]

When an error appears on index page (e.g. proxy not running) we have redirect loop, because user is always redirected index page.

[dLobatog]

@ares Fixed, I redirect to 🔙 instead, I think that should more or less ensure no loops.

[domcleal]

Why only in this controller? I somewhat see your point about the 500 page (noting that the behaviour is different between prod and dev too, prod is prettier), but shouldn't this be in app controller and handled application-wide?

[dLobatog]

@domcleal I updated it to move the rescue_from to application_controller. I didn't do it before because I don't know what other parts of the application it may affect badly.

I think tests for the rescue fit better in application_controller_subclass_test but since I didn't see any other rescue tests there, I'll leave it just testing the behavior this issue is reporting keeps fixed.

[domcleal]

[test] feeling paranoid about tests becoming broken without merge conflicts.

[domcleal]

Thanks @elobato, merged as 1ced4fb.