Improve exception handling in lemur_sftp, Add Authentication failure test

2020-11-11 11:45:57 +01:00 · 2020-11-11 11:45:57 +01:00 · 648565d3e9
parent e12ee1d89c
commit 648565d3e9
2 changed files with 18 additions and 4 deletions
--- a/lemur/plugins/lemur_sftp/plugin.py
+++ b/lemur/plugins/lemur_sftp/plugin.py
@ -19,6 +19,7 @@
 from os import path

 import paramiko
+from paramiko.ssh_exception import AuthenticationException

 from flask import current_app
 from lemur.plugins import lemur_sftp
@ -179,7 +180,7 @@ class SFTPDestinationPlugin(DestinationPlugin):
                current_app.logger.error(
                    "No password or private key provided. Can't proceed"
                )
-                raise paramiko.ssh_exception.AuthenticationException
+                raise AuthenticationException

            # open the sftp session inside the ssh connection
            sftp = ssh.open_sftp()
@ -243,7 +244,7 @@ class SFTPDestinationPlugin(DestinationPlugin):
                current_app.logger.error(
                    "No password or private key provided. Can't proceed"
                )
-                raise paramiko.ssh_exception.AuthenticationException
+                raise AuthenticationException

            # split the path into it's segments, so we can create it recursively
            allparts = []
@ -300,6 +301,9 @@ class SFTPDestinationPlugin(DestinationPlugin):

            ssh.close()

+        except AuthenticationException as e:
+            current_app.logger.error("ERROR in {0}: {1}".format(e.__class__, e))
+            raise AuthenticationException("Couldn't connect to {0}, due to an Authentication exception.")
        except Exception as e:
            current_app.logger.error("ERROR in {0}: {1}".format(e.__class__, e))
            try:
@ -307,7 +311,7 @@ class SFTPDestinationPlugin(DestinationPlugin):
            except BaseException:
                pass
            message = ''
-            if e.errors:
+            if hasattr(e, 'errors'):
                for _, error in e.errors.items():
                    message = error.strerror
                raise Exception('Couldn\'t upload file to {}, error message: {}'.format(host, message))
--- a/lemur/plugins/lemur_sftp/tests/test_sftp.py
+++ b/lemur/plugins/lemur_sftp/tests/test_sftp.py
@ -3,6 +3,7 @@ from unittest.mock import patch, Mock, MagicMock, mock_open

 from flask import Flask
 from lemur.plugins.lemur_sftp import plugin
+from paramiko.ssh_exception import AuthenticationException


 class TestSftp(unittest.TestCase):
@ -18,6 +19,15 @@ class TestSftp(unittest.TestCase):
    def tearDown(self):
        self.ctx.pop()

+    def test_failing_ssh_connection(self):
+        dst_path = '/var/non-existent'
+        files = {'first-file': 'data'}
+        options = [{'name': 'host', 'value': 'non-existent'}, {'name': 'port', 'value': '22'},
+                   {'name': 'user', 'value': 'test_acme'}]
+
+        with self.assertRaises(AuthenticationException):
+            self.sftp_destination.upload_file(dst_path, files, options)
+
    @patch("lemur.plugins.lemur_sftp.plugin.paramiko")
    def test_upload_file_single_with_password(self, mock_paramiko):
        dst_path = '/var/non-existent'
@ -131,4 +141,4 @@ class TestSftp(unittest.TestCase):
        mock_sftp.remove.assert_called_once_with('/var/destination-path/some-token-path')
        mock_ssh.close.assert_called_once()
        mock_ssh.connect.assert_called_with('non-existent', username='test_acme', port='22',
-                                            password='test_password')
+                                            password='test_password')