Stop fetch_ca from throwing IOError exceptions

Fixes bug #883300 Fixes problem where fetch_ca could throw an IOError exception rather than a Nova specific exception. Adds FileError exception. Fixes other functions in crypto.py that had very similar problems. Change-Id: Ic2e43c35ad58c67d33156c53d2a41910dfdf8678
2012-08-25 15:51:37 +09:30 · 2012-08-25 15:51:37 +09:30 · 0d2523f029
parent 511807ed24
commit 0d2523f029
3 changed files with 41 additions and 3 deletions
--- a/nova/crypto.py
+++ b/nova/crypto.py
@ -96,7 +96,10 @@ def crl_path(project_id=None):
 def fetch_ca(project_id=None):
    if not FLAGS.use_project_ca:
        project_id = None
-    with open(ca_path(project_id), 'r') as cafile:
+    ca_file_path = ca_path(project_id)
+    if not os.path.exists(ca_file_path):
+        raise exception.CryptoCAFileNotFound(project_id=project_id)
+    with open(ca_file_path, 'r') as cafile:
        return cafile.read()


@ -140,8 +143,13 @@ def generate_key_pair(bits=1024):
        utils.execute('ssh-keygen', '-q', '-b', bits, '-N', '',
                      '-t', 'rsa', '-f', keyfile)
        fingerprint = _generate_fingerprint('%s.pub' % (keyfile))
+        if not os.path.exists(keyfile):
+            raise exception.FileNotFound(keyfile)
        private_key = open(keyfile).read()
-        public_key = open(keyfile + '.pub').read()
+        public_key_path = keyfile + '.pub'
+        if not os.path.exists(public_key_path):
+            raise exception.FileNotFound(public_key_path)
+        public_key = open(public_key_path).read()

    return (private_key, public_key, fingerprint)

@ -150,7 +158,10 @@ def fetch_crl(project_id):
    """Get crl file for project."""
    if not FLAGS.use_project_ca:
        project_id = None
-    with open(crl_path(project_id), 'r') as crlfile:
+    crl_file_path = crl_path(project_id)
+    if not os.path.exists(crl_file_path):
+        raise exception.CryptoCRLFileNotFound(project_id)
+    with open(crl_file_path, 'r') as crlfile:
        return crlfile.read()


--- a/nova/exception.py
+++ b/nova/exception.py
@ -1100,6 +1100,14 @@ class UnexpectedTaskStateError(NovaException):
                "the actual state is %(actual)s")


+class CryptoCAFileNotFound(FileNotFound):
+    message = _("The CA file for %(project)s could not be found")
+
+
+class CryptoCRLFileNotFound(FileNotFound):
+    message = _("The CRL file for %(project)s could not be found")
+
+
 def get_context_from_function_and_args(function, args, kwargs):
    """Find an arg of type RequestContext and return it.

--- a/nova/tests/test_crypto.py
+++ b/nova/tests/test_crypto.py
@ -22,6 +22,7 @@ import mox

 from nova import crypto
 from nova import db
+from nova import exception
 from nova import flags
 from nova import test
 from nova import utils
@ -133,3 +134,21 @@ class RevokeCertsTest(test.TestCase):
        self.mox.ReplayAll()

        crypto.revoke_certs_by_project(project_id)
+
+
+class CertExceptionTests(test.TestCase):
+    def test_fetch_ca_file_not_found(self):
+        with utils.tempdir() as tmpdir:
+            self.flags(ca_path=tmpdir)
+            self.flags(use_project_ca=True)
+
+            self.assertRaises(exception.CryptoCAFileNotFound, crypto.fetch_ca,
+                              project_id='fake')
+
+    def test_fetch_crl_file_not_found(self):
+        with utils.tempdir() as tmpdir:
+            self.flags(ca_path=tmpdir)
+            self.flags(use_project_ca=True)
+
+            self.assertRaises(exception.CryptoCRLFileNotFound,
+                              crypto.fetch_crl, project_id='fake')