You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For non-legacy, --test-connection dumps a user-friendly connection configuration.
First, the authentication information is printed starting with type. For BASIC, username is printed. For CERT, certificate and key paths are verified and printed. In case of missing files or credentials, the connection test fails immediately.
Second, tested URLs (base, Ingress, Inventory, API cast) are listed and server type (production, staging, Satellite) is determined. HTTPS proxy information is included.
feat: Improve test URLs output
_test_urls and _legacy_test_urls output is nicer, with clear SUCCESS/FAILURE statement. URLs are consistently listed, so is legacy fallback. With --verbose turned on, more information about requests, responses and errors are printed. The readability of the output improved drastically, with only little changes to the logging and tiny touches to the logic.
The generic HTTP method logs information about the request. To make the log messages blend nicely into the connection test, introduced logging-related arguments:
* To keep the output concise by default, but more helpful with --verbose, log_level suppresses HTTP details.
* To match indentation with messages outside the request method, log_prefix allows to add spaces to the beginning.
chore: Use return for flow control
Exceptions in _(legacy_)test_urls are merely used for control-flow. Known ones are re-thrown and re-caught in test_connection, unknown ones are not caught at all. Return is more appropriate: _test_urls passes the result, test_connection decides how to handle it.
feat: Test GET from Inventory
Inventory is tested along with Ingress and an API ping. Hosts are listed as the most basic Inventory GET request.
feat: Check connection
In case of DNS failure. The DNS is queried, then a connection is established to the resolved IP. If resolving fails, a hard-coded IP is tried for production or staging. In case of either failure, DNS query for a public CloudFlare URL one.one.one.one and its IP 1.1.1.1 is tried.
feat: Recognize more errors
* 429 Too Many requests means the rate limit was hit.
* 401 Unauthorized from gateway means the username/password is invalid.
* SSLError means the key/certificate pair is invalid.
* SSL: WRONG_VERSION_NUMBER in the SSLError means that HTTPS has been used to contact an HTTP server.
* ConnectionTimeout and ReadTimeout may mean the connection is slow.
feat: Detect proxy errors
HTTPS proxy introduces several possible error cases, similar to the actual remote server connection:
* proxy name resolution (DNS) error,
* proxy connection error,
* proxy authentication error.
The proxy authentication error can only be recognized by a string in the underlying OSError: the outer exception is a plain remote server connection error.
Although the proxy is used for HTTPS connection, the actual communication for the proxy itself is HTTP. Thus, specifying a HTTPS protocol for the proxy causes a specific WRONG_VERSION_NUMBER SSL error.
feat: Validate URLs
urlparse from Python stdlib doesn’t fail on an invalid URL. parse_url from urllib3 used by requests does though. Invalid base URL or proxy URL raises thus an uncaught exception.
Card IDs:
* CCT-963
Signed-off-by: Štěpán Tomsa <[email protected]>
0 commit comments