mirror of
https://github.com/facebook/sapling.git
synced 2024-10-11 01:07:15 +03:00
unify bad certs warnings/errors
Summary: Better engineering: let's finally unify those warnings Reviewed By: quark-zju Differential Revision: D20029852 fbshipit-source-id: b6522b7384e763650f96a482cb22a12935a680f7
This commit is contained in:
parent
fc12041053
commit
93bb52a3b2
@ -20,11 +20,6 @@ def getownerteam(ui):
|
||||
)
|
||||
|
||||
|
||||
def getconfighelp(ui):
|
||||
# internal config: help.commitcloud-config-remediate
|
||||
return ui.config("help", "commitcloud-config-remediate")
|
||||
|
||||
|
||||
class UnexpectedError(error.Abort):
|
||||
def __init__(self, ui, message, *args):
|
||||
details = traceback.format_exc() # last part of traceback
|
||||
@ -80,7 +75,8 @@ class ConfigurationError(error.Abort):
|
||||
|
||||
class TLSConfigurationError(error.Abort):
|
||||
def __init__(self, ui, message, *args):
|
||||
helptext = getconfighelp(ui)
|
||||
# internal config: help.tlsauthhelp
|
||||
helptext = ui.config("help", "tlsauthhelp")
|
||||
message = "TLS config error: %s" % (message,)
|
||||
if helptext:
|
||||
message += "\n" + helptext
|
||||
@ -154,12 +150,13 @@ class KeychainAccessError(error.Abort):
|
||||
|
||||
|
||||
class TLSAccessError(error.Abort):
|
||||
def __init__(self, ui, reason, details, *args):
|
||||
def __init__(self, ui, reason, *args):
|
||||
# internal config: help.tlshelp
|
||||
helptext = ui.config("help", "tlshelp")
|
||||
contact = _("(please contact %s if this error persists)") % getownerteam(ui)
|
||||
message = "tls certificate error: '%s'\n%s\n%s" % (
|
||||
reason,
|
||||
"\n".join(details),
|
||||
contact,
|
||||
)
|
||||
ui.log("commitcloud_error", commitcloud_sync_error="tls certificate error")
|
||||
message = "TLS error: '%s'\n" % reason
|
||||
if helptext:
|
||||
message += "\n" + helptext
|
||||
message += "\n" + contact
|
||||
ui.log("commitcloud_error", commitcloud_sync_error="TLS access error")
|
||||
super(TLSAccessError, self).__init__(message, *args, component="commitcloud")
|
||||
|
@ -67,16 +67,12 @@ class HttpsCommitCloudService(baseservice.BaseService):
|
||||
|
||||
if self.client_certs and not os.path.isfile(self.client_certs):
|
||||
raise ccerror.TLSConfigurationError(
|
||||
ui,
|
||||
_("tls.ca_certs resolved to '%s' (no such file or is a directory)")
|
||||
% self.client_certs,
|
||||
ui, _("%s (no such file or is a directory)") % self.client_certs
|
||||
)
|
||||
|
||||
if self.ca_certs and not os.path.isfile(self.ca_certs):
|
||||
raise ccerror.TLSConfigurationError(
|
||||
ui,
|
||||
_("tls.ca_certs resolved to '%s' (no such file or is a directory)")
|
||||
% self.ca_certs,
|
||||
ui, _("%s (no such file or is a directory)") % self.ca_certs
|
||||
)
|
||||
|
||||
self._setuphttpsconnection()
|
||||
@ -146,17 +142,6 @@ class HttpsCommitCloudService(baseservice.BaseService):
|
||||
# exponential backoff here on failure, 1s, 2s, 4s, 8s, 16s etc
|
||||
sl = 1
|
||||
|
||||
def _tlserror(e):
|
||||
# build tls error with all configuration details
|
||||
details = []
|
||||
if self.client_certs:
|
||||
details.append(_("* client cert file used '%s'") % self.client_certs)
|
||||
if self.ca_certs:
|
||||
details.append(
|
||||
_("* certificate authority file used '%s'") % self.ca_certs
|
||||
)
|
||||
return ccerror.TLSAccessError(self.ui, str(e), details)
|
||||
|
||||
for attempt in range(MAX_CONNECT_RETRIES):
|
||||
try:
|
||||
self.connection.request("POST", path, rdata, self.headers)
|
||||
@ -185,10 +170,10 @@ class HttpsCommitCloudService(baseservice.BaseService):
|
||||
)
|
||||
except socket.error as e:
|
||||
if "SSL" in str(e):
|
||||
raise _tlserror(e)
|
||||
raise ccerror.TLSAccessError(self.ui, str(e))
|
||||
raise ccerror.ServiceError(self.ui, str(e))
|
||||
except ssl.CertificateError as e:
|
||||
raise _tlserror(e)
|
||||
raise ccerror.TLSAccessError(self.ui, str(e))
|
||||
time.sleep(sl)
|
||||
sl *= 2
|
||||
if e:
|
||||
|
@ -151,15 +151,6 @@ Configs for Eden API (HTTP data fetching):
|
||||
``edenapi.streamtrees`` specifies that the client should request a
|
||||
streaming response for tree fetches
|
||||
|
||||
``edenapi.authhelp`` specifies the error message that will be
|
||||
printed out if there is an issue with the user's configured TLS
|
||||
client certificate. It is often desirable to configure a custom
|
||||
error message that explains to the user how to obtain valid TLS
|
||||
client credentials.
|
||||
|
||||
``edenapi.tlshelp`` specifies the error message that will be
|
||||
printed out when HTTP data fetching encounters a TLS error.
|
||||
|
||||
Eden API TLS credentials are configured using the auth section:
|
||||
|
||||
``auth.edenapi.prefix``: base URL (without scheme) for which to set credentials.
|
||||
@ -265,8 +256,6 @@ configitem("edenapi", "validate", default=True)
|
||||
configitem("edenapi", "streamdata", default=False)
|
||||
configitem("edenapi", "streamhistory", default=False)
|
||||
configitem("edenapi", "streamtrees", default=False)
|
||||
configitem("edenapi", "authhelp", default=None)
|
||||
configitem("edenapi", "tlshelp", default=None)
|
||||
|
||||
testedwith = "ships-with-fb-hgext"
|
||||
|
||||
|
@ -100,7 +100,8 @@ def _badcertwarning(ui):
|
||||
"""Show the user a configurable message when their TLS certificate
|
||||
is missing, expired, or otherwise invalid.
|
||||
"""
|
||||
msg = ui.config("edenapi", "authhelp")
|
||||
# internal config: help.tlsauthhelp
|
||||
msg = ui.config("help", "tlsauthhelp")
|
||||
if msg is not None:
|
||||
ui.warn(msg + "\n")
|
||||
|
||||
@ -109,7 +110,8 @@ def _tlswarning(ui):
|
||||
"""Show the user a configurable message when a TLS error occurs
|
||||
during data fetching.
|
||||
"""
|
||||
msg = ui.config("edenapi", "tlshelp")
|
||||
# internal config: help.tlshelp
|
||||
msg = ui.config("help", "tlshelp")
|
||||
if msg is not None:
|
||||
ui.warn(msg + "\n")
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user