openstack/castellan
Code Issues Proposed changes

Add handler for Bad Request error during Vault authentication

Browse Source 
Vault returns Bad Request error if invalid secret ID is provided. It's
better to have such errors handled instad of generic "KeyError: 'auth'"
execption.

Change-Id: Ibc068af70de4022f544d394ec4b014443a9c16b5
This commit is contained in:
Ivan Kolodyazhny 2020-06-12 12:01:37 +03:00
parent a7de07ca4a
commit 59f9380c32
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
castellan/key_manager/vault_key_manager.py
View File

@ -173,10 +173,14 @@ class VaultKeyManager(key_manager.KeyManager):
if resp.status_code == requests.codes['forbidden']:
raise exception.Forbidden()
resp = resp.json()
self._cached_approle_token_id = resp['auth']['client_token']
resp_data = resp.json()
if resp.status_code == requests.codes['bad_request']:
raise exception.KeyManagerError(', '.join(resp_data['errors']))
self._cached_approle_token_id = resp_data['auth']['client_token']
self._approle_token_issue = token_issue_utc
self._approle_token_ttl = resp['auth']['lease_duration']
self._approle_token_ttl = resp_data['auth']['lease_duration']
return {'X-Vault-Token': self._approle_token_id}
return {}