From 648565d3e91bd9ed572012b552be1440ae989034 Mon Sep 17 00:00:00 2001 From: Mathias Petermann Date: Wed, 11 Nov 2020 11:45:57 +0100 Subject: [PATCH] Improve exception handling in lemur_sftp, Add Authentication failure test --- lemur/plugins/lemur_sftp/plugin.py | 10 +++++++--- lemur/plugins/lemur_sftp/tests/test_sftp.py | 12 +++++++++++- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/lemur/plugins/lemur_sftp/plugin.py b/lemur/plugins/lemur_sftp/plugin.py index 8992d39b..8698bdd9 100644 --- a/lemur/plugins/lemur_sftp/plugin.py +++ b/lemur/plugins/lemur_sftp/plugin.py @@ -19,6 +19,7 @@ from os import path import paramiko +from paramiko.ssh_exception import AuthenticationException from flask import current_app from lemur.plugins import lemur_sftp @@ -179,7 +180,7 @@ class SFTPDestinationPlugin(DestinationPlugin): current_app.logger.error( "No password or private key provided. Can't proceed" ) - raise paramiko.ssh_exception.AuthenticationException + raise AuthenticationException # open the sftp session inside the ssh connection sftp = ssh.open_sftp() @@ -243,7 +244,7 @@ class SFTPDestinationPlugin(DestinationPlugin): current_app.logger.error( "No password or private key provided. Can't proceed" ) - raise paramiko.ssh_exception.AuthenticationException + raise AuthenticationException # split the path into it's segments, so we can create it recursively allparts = [] @@ -300,6 +301,9 @@ class SFTPDestinationPlugin(DestinationPlugin): ssh.close() + except AuthenticationException as e: + current_app.logger.error("ERROR in {0}: {1}".format(e.__class__, e)) + raise AuthenticationException("Couldn't connect to {0}, due to an Authentication exception.") except Exception as e: current_app.logger.error("ERROR in {0}: {1}".format(e.__class__, e)) try: @@ -307,7 +311,7 @@ class SFTPDestinationPlugin(DestinationPlugin): except BaseException: pass message = '' - if e.errors: + if hasattr(e, 'errors'): for _, error in e.errors.items(): message = error.strerror raise Exception('Couldn\'t upload file to {}, error message: {}'.format(host, message)) diff --git a/lemur/plugins/lemur_sftp/tests/test_sftp.py b/lemur/plugins/lemur_sftp/tests/test_sftp.py index 52fa6a14..e30a1ac9 100644 --- a/lemur/plugins/lemur_sftp/tests/test_sftp.py +++ b/lemur/plugins/lemur_sftp/tests/test_sftp.py @@ -3,6 +3,7 @@ from unittest.mock import patch, Mock, MagicMock, mock_open from flask import Flask from lemur.plugins.lemur_sftp import plugin +from paramiko.ssh_exception import AuthenticationException class TestSftp(unittest.TestCase): @@ -18,6 +19,15 @@ class TestSftp(unittest.TestCase): def tearDown(self): self.ctx.pop() + def test_failing_ssh_connection(self): + dst_path = '/var/non-existent' + files = {'first-file': 'data'} + options = [{'name': 'host', 'value': 'non-existent'}, {'name': 'port', 'value': '22'}, + {'name': 'user', 'value': 'test_acme'}] + + with self.assertRaises(AuthenticationException): + self.sftp_destination.upload_file(dst_path, files, options) + @patch("lemur.plugins.lemur_sftp.plugin.paramiko") def test_upload_file_single_with_password(self, mock_paramiko): dst_path = '/var/non-existent' @@ -131,4 +141,4 @@ class TestSftp(unittest.TestCase): mock_sftp.remove.assert_called_once_with('/var/destination-path/some-token-path') mock_ssh.close.assert_called_once() mock_ssh.connect.assert_called_with('non-existent', username='test_acme', port='22', - password='test_password') \ No newline at end of file + password='test_password')