Add exception for problems with secrets

2020-02-04 16:42:18 -05:00 · 2020-02-04 16:42:18 -05:00 · 9d5918d618
commit 9d5918d618
parent ca4feaa403
2 changed files with 31 additions and 10 deletions
--- a/atst/domain/csp/cloud/azure_cloud_provider.py
+++ b/atst/domain/csp/cloud/azure_cloud_provider.py
@ -6,12 +6,8 @@ from uuid import uuid4
 from atst.utils import sha256_hex

 from .cloud_provider_interface import CloudProviderInterface
-from .exceptions import AuthenticationException, UserProvisioningException
+from .exceptions import AuthenticationException, UserProvisioningException, SecretException
 from .models import (
-    SubscriptionCreationCSPPayload,
-    SubscriptionCreationCSPResult,
-    SubscriptionVerificationCSPPayload,
-    SuscriptionVerificationCSPResult,
    AdminRoleDefinitionCSPPayload,
    AdminRoleDefinitionCSPResult,
    ApplicationCSPPayload,
@ -27,12 +23,16 @@ from .models import (
    EnvironmentCSPPayload,
    EnvironmentCSPResult,
    KeyVaultCredentials,
+    PrincipalAdminRoleCSPPayload,
+    PrincipalAdminRoleCSPResult,
    ProductPurchaseCSPPayload,
    ProductPurchaseCSPResult,
    ProductPurchaseVerificationCSPPayload,
    ProductPurchaseVerificationCSPResult,
-    PrincipalAdminRoleCSPPayload,
-    PrincipalAdminRoleCSPResult,
+    SubscriptionCreationCSPPayload,
+    SubscriptionCreationCSPResult,
+    SubscriptionVerificationCSPPayload,
+    SuscriptionVerificationCSPResult,
    TaskOrderBillingCreationCSPPayload,
    TaskOrderBillingCreationCSPResult,
    TaskOrderBillingVerificationCSPPayload,
@ -54,7 +54,6 @@ from .models import (
 )
 from .policy import AzurePolicyManager

-
 # This needs to be a fully pathed role definition identifier, not just a UUID
 # TODO: Extract these from sdk msrestazure.azure_cloud import AZURE_PUBLIC_CLOUD
 AZURE_SKU_ID = "0001"  # probably a static sku specific to ATAT/JEDI
@ -117,11 +116,15 @@ class AzureCloudProvider(CloudProviderInterface):
        )
        try:
            return secret_client.set_secret(secret_key, secret_value)
-        except self.exceptions.HttpResponseError:
+        except self.sdk.exceptions.HttpResponseError as exc:
            app.logger.error(
                f"Could not SET secret in Azure keyvault for key {secret_key}.",
                exc_info=1,
            )
+            raise SecretException(
+                f"Could not SET secret in Azure keyvault for key {secret_key}.",
+                exc.message,
+            )

    def get_secret(self, secret_key):
        credential = self._get_client_secret_credential_obj()
@ -130,11 +133,15 @@ class AzureCloudProvider(CloudProviderInterface):
        )
        try:
            return secret_client.get_secret(secret_key).value
-        except self.exceptions.HttpResponseError:
+        except self.sdk.exceptions.HttpResponseError:
            app.logger.error(
                f"Could not GET secret in Azure keyvault for key {secret_key}.",
                exc_info=1,
            )
+            raise SecretException(
+                f"Could not GET secret in Azure keyvault for key {secret_key}.",
+                exc.message,
+            )

    def create_environment(self, payload: EnvironmentCSPPayload):
        creds = self._source_creds(payload.tenant_id)
--- a/atst/domain/csp/cloud/exceptions.py
+++ b/atst/domain/csp/cloud/exceptions.py
@ -118,3 +118,17 @@ class BaselineProvisionException(GeneralCSPException):
        return "Could not complete baseline provisioning for environment ({}): {}".format(
            self.env_identifier, self.reason
        )
+
+
+class SecretException(GeneralCSPException):
+    """A problem occurred with setting or getting secrets"""
+
+    def __init__(self, tenant_id, reason):
+        self.tenant_id = tenant_id
+        self.reason = reason
+
+    @property
+    def message(self):
+        return "Could not get or set secret for ({}): {}".format(
+            self.tenant_id, self.reason
+        )