Skip to content

{REST} Capture SSLError in handle_exception#15022

Merged
jiasli merged 3 commits intoAzure:devfrom
jiasli:ssl-error
Sep 10, 2020
Merged

{REST} Capture SSLError in handle_exception#15022
jiasli merged 3 commits intoAzure:devfrom
jiasli:ssl-error

Conversation

@jiasli
Copy link
Member

@jiasli jiasli commented Sep 2, 2020

Description

Split from #14588.

In handle_exception, capture requests.exceptions.SSLError which is generated by directly calling requests's methods, and provide a better error message.

Testing Guide

Enable Fiddler HTTPS decryption and make az rest call like:

az rest -u 'https://management.azure.com/subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourcegroups/fy?api-version=2018-02-01'

Output:

Request failed: Certificate verification failed. This typically happens when using Azure CLI behind a proxy that intercepts traffic with a self-signed certificate. Please add this certificate to the trusted CA bundle. More info: https://docs.microsoft.com/en-us/cli/azure/use-cli-effectively#work-behind-a-proxy.

Error detail: HTTPSConnectionPool(host='management.azure.com', port=443): Max retries exceeded with url: /subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourcegroups/fy?api-version=2018-02-01 (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

@yonzhan
Copy link
Collaborator

yonzhan commented Sep 2, 2020

REST

@jiasli jiasli marked this pull request as ready for review September 9, 2020 03:24
@jiasli jiasli requested a review from houk-ms September 9, 2020 03:25
zhoxing-ms
zhoxing-ms reviewed Sep 9, 2020
View reviewed changes
src/azure-cli-core/azure/cli/core/util.py
Comment on lines -816 to -822
except Exception as ex: # pylint: disable=broad-except
raise CLIError(ex)
Copy link
Contributor

@zhoxing-ms zhoxing-ms Sep 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May I ask why the CLIError is not wrapped here any more?

Copy link
Member Author

@jiasli jiasli Sep 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we wrap the exception with CLIError, the exception type will be lost and

azure-cli/src/azure-cli-core/azure/cli/core/util.py

Line 82 in a0f8c8e

if isinstance(ex, (ClientRequestError, SSLError)):

won't be hit anymore.

We are leaving the error handing to handle_exception instead.

Copy link
Contributor

@zhoxing-ms zhoxing-ms Sep 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it, thx~

houk-ms
houk-ms approved these changes Sep 9, 2020
View reviewed changes
Copy link
Contributor

@houk-ms houk-ms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Add reference #14855

zhoxing-ms
zhoxing-ms approved these changes Sep 9, 2020
View reviewed changes
Copy link
Contributor

@zhoxing-ms zhoxing-ms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

arrownj
arrownj reviewed Sep 9, 2020
View reviewed changes
src/azure-cli-core/azure/cli/core/util.py
_log_request(prepped)
r = s.send(prepped, **settings)
_log_response(r)
except Exception as ex: # pylint: disable=broad-except
Copy link
Contributor

@arrownj arrownj Sep 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it always SSLError ?

Copy link
Member Author

@jiasli jiasli Sep 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. We throw any exceptions and let handle_exception handle it.

@jiasli jiasli changed the title [REST] Capture SSLError in handle_exception {REST} Capture SSLError in handle_exception Sep 10, 2020
@jiasli jiasli merged commit fb31c89 into Azure:dev Sep 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zhoxing-ms zhoxing-ms zhoxing-ms approved these changes

@jsntcy jsntcy Awaiting requested review from jsntcy jsntcy is a code owner

@mmyyrroonn mmyyrroonn Awaiting requested review from mmyyrroonn

@Juliehzl Juliehzl Awaiting requested review from Juliehzl

@fengzhou-msft fengzhou-msft Awaiting requested review from fengzhou-msft

@haroldrandom haroldrandom Awaiting requested review from haroldrandom

+2 more reviewers

@arrownj arrownj arrownj approved these changes

@houk-ms houk-ms houk-ms approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jiasli jiasli

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jiasli @yonzhan @arrownj @zhoxing-ms @houk-ms