unify bad certs warnings/errors

Summary: Better engineering: let's finally unify those warnings

Reviewed By: quark-zju

Differential Revision: D20029852

fbshipit-source-id: b6522b7384e763650f96a482cb22a12935a680f7

eden/scm/edenscm/hgext/commitcloud/error.py

@@ -20,11 +20,6 @@ def getownerteam(ui):
     )
 
 
-def getconfighelp(ui):
-    # internal config: help.commitcloud-config-remediate
-    return ui.config("help", "commitcloud-config-remediate")
-
-
 class UnexpectedError(error.Abort):
     def __init__(self, ui, message, *args):
         details = traceback.format_exc()  # last part of traceback
@@ -80,7 +75,8 @@ class ConfigurationError(error.Abort):
 
 class TLSConfigurationError(error.Abort):
     def __init__(self, ui, message, *args):
-        helptext = getconfighelp(ui)
+        # internal config: help.tlsauthhelp
+        helptext = ui.config("help", "tlsauthhelp")
         message = "TLS config error: %s" % (message,)
         if helptext:
             message += "\n" + helptext
@@ -154,12 +150,13 @@ class KeychainAccessError(error.Abort):
 
 
 class TLSAccessError(error.Abort):
-    def __init__(self, ui, reason, details, *args):
+    def __init__(self, ui, reason, *args):
+        # internal config: help.tlshelp
+        helptext = ui.config("help", "tlshelp")
         contact = _("(please contact %s if this error persists)") % getownerteam(ui)
-        message = "tls certificate error: '%s'\n%s\n%s" % (
-            reason,
-            "\n".join(details),
-            contact,
-        )
-        ui.log("commitcloud_error", commitcloud_sync_error="tls certificate error")
+        message = "TLS error: '%s'\n" % reason
+        if helptext:
+            message += "\n" + helptext
+        message += "\n" + contact
+        ui.log("commitcloud_error", commitcloud_sync_error="TLS access error")
         super(TLSAccessError, self).__init__(message, *args, component="commitcloud")

eden/scm/edenscm/hgext/commitcloud/httpsservice.py

@@ -67,16 +67,12 @@ class HttpsCommitCloudService(baseservice.BaseService):
 
         if self.client_certs and not os.path.isfile(self.client_certs):
             raise ccerror.TLSConfigurationError(
-                ui,
-                _("tls.ca_certs resolved to '%s' (no such file or is a directory)")
-                % self.client_certs,
+                ui, _("%s (no such file or is a directory)") % self.client_certs
             )
 
         if self.ca_certs and not os.path.isfile(self.ca_certs):
             raise ccerror.TLSConfigurationError(
-                ui,
-                _("tls.ca_certs resolved to '%s' (no such file or is a directory)")
-                % self.ca_certs,
+                ui, _("%s (no such file or is a directory)") % self.ca_certs
             )
 
         self._setuphttpsconnection()
@@ -146,17 +142,6 @@ class HttpsCommitCloudService(baseservice.BaseService):
         # exponential backoff here on failure, 1s, 2s, 4s, 8s, 16s etc
         sl = 1
 
-        def _tlserror(e):
-            # build tls error with all configuration details
-            details = []
-            if self.client_certs:
-                details.append(_("* client cert file used '%s'") % self.client_certs)
-            if self.ca_certs:
-                details.append(
-                    _("* certificate authority file used '%s'") % self.ca_certs
-                )
-            return ccerror.TLSAccessError(self.ui, str(e), details)
-
         for attempt in range(MAX_CONNECT_RETRIES):
             try:
                 self.connection.request("POST", path, rdata, self.headers)
@@ -185,10 +170,10 @@ class HttpsCommitCloudService(baseservice.BaseService):
                 )
             except socket.error as e:
                 if "SSL" in str(e):
-                    raise _tlserror(e)
+                    raise ccerror.TLSAccessError(self.ui, str(e))
                 raise ccerror.ServiceError(self.ui, str(e))
             except ssl.CertificateError as e:
-                raise _tlserror(e)
+                raise ccerror.TLSAccessError(self.ui, str(e))
             time.sleep(sl)
             sl *= 2
         if e:

eden/scm/edenscm/hgext/remotefilelog/__init__.py

@@ -151,15 +151,6 @@ Configs for Eden API (HTTP data fetching):
     ``edenapi.streamtrees`` specifies that the client should request a
     streaming response for tree fetches
 
-    ``edenapi.authhelp`` specifies the error message that will be
-    printed out if there is an issue with the user's configured TLS
-    client certificate. It is often desirable to configure a custom
-    error message that explains to the user how to obtain valid TLS
-    client credentials.
-
-    ``edenapi.tlshelp`` specifies the error message that will be
-    printed out when HTTP data fetching encounters a TLS error.
-
 Eden API TLS credentials are configured using the auth section:
 
     ``auth.edenapi.prefix``: base URL (without scheme) for which to set credentials.
@@ -265,8 +256,6 @@ configitem("edenapi", "validate", default=True)
 configitem("edenapi", "streamdata", default=False)
 configitem("edenapi", "streamhistory", default=False)
 configitem("edenapi", "streamtrees", default=False)
-configitem("edenapi", "authhelp", default=None)
-configitem("edenapi", "tlshelp", default=None)
 
 testedwith = "ships-with-fb-hgext"
 

eden/scm/edenscm/hgext/remotefilelog/edenapi.py

@@ -100,7 +100,8 @@ def _badcertwarning(ui):
     """Show the user a configurable message when their TLS certificate
        is missing, expired, or otherwise invalid.
     """
-    msg = ui.config("edenapi", "authhelp")
+    # internal config: help.tlsauthhelp
+    msg = ui.config("help", "tlsauthhelp")
     if msg is not None:
         ui.warn(msg + "\n")
 
@@ -109,7 +110,8 @@ def _tlswarning(ui):
     """Show the user a configurable message when a TLS error occurs
        during data fetching.
     """
-    msg = ui.config("edenapi", "tlshelp")
+    # internal config: help.tlshelp
+    msg = ui.config("help", "tlshelp")
     if msg is not None:
         ui.warn(msg + "\n")