From 78b11c80c7c1ffa4a1fed856f0dfd397df944b51 Mon Sep 17 00:00:00 2001 From: mrT23 Date: Tue, 13 Aug 2024 11:42:07 +0300 Subject: [PATCH] Add error handling for empty secrets in GitLab webhook and lower log level for Google Cloud Storage secret retrieval errors --- .../secret_providers/google_cloud_storage_secret_provider.py | 2 +- pr_agent/servers/gitlab_webhook.py | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/pr_agent/secret_providers/google_cloud_storage_secret_provider.py b/pr_agent/secret_providers/google_cloud_storage_secret_provider.py index 2dfb71f6..8cbaebe3 100644 --- a/pr_agent/secret_providers/google_cloud_storage_secret_provider.py +++ b/pr_agent/secret_providers/google_cloud_storage_secret_provider.py @@ -22,7 +22,7 @@ class GoogleCloudStorageSecretProvider(SecretProvider): blob = self.bucket.blob(secret_name) return blob.download_as_string() except Exception as e: - get_logger().error(f"Failed to get secret {secret_name} from Google Cloud Storage: {e}") + get_logger().warning(f"Failed to get secret {secret_name} from Google Cloud Storage: {e}") return "" def store_secret(self, secret_name: str, secret_value: str): diff --git a/pr_agent/servers/gitlab_webhook.py b/pr_agent/servers/gitlab_webhook.py index 2c525858..4a814e9f 100644 --- a/pr_agent/servers/gitlab_webhook.py +++ b/pr_agent/servers/gitlab_webhook.py @@ -87,6 +87,10 @@ async def gitlab_webhook(background_tasks: BackgroundTasks, request: Request): if request.headers.get("X-Gitlab-Token") and secret_provider: request_token = request.headers.get("X-Gitlab-Token") secret = secret_provider.get_secret(request_token) + if not secret: + get_logger().warning(f"Empty secret retrieved, request_token: {request_token}") + return JSONResponse(status_code=status.HTTP_401_UNAUTHORIZED, + content=jsonable_encoder({"message": "unauthorized"})) try: secret_dict = json.loads(secret) gitlab_token = secret_dict["gitlab_token"]