diff --git a/authentik/outposts/controllers/k8s/base.py b/authentik/outposts/controllers/k8s/base.py index 800f7316f..6fe95d631 100644 --- a/authentik/outposts/controllers/k8s/base.py +++ b/authentik/outposts/controllers/k8s/base.py @@ -3,10 +3,11 @@ from typing import TYPE_CHECKING, Generic, TypeVar from django.utils.text import slugify from kubernetes.client import V1ObjectMeta +from kubernetes.client.exceptions import ApiException, OpenApiException from kubernetes.client.models.v1_deployment import V1Deployment from kubernetes.client.models.v1_pod import V1Pod -from kubernetes.client.rest import ApiException from structlog.stdlib import get_logger +from urllib3.exceptions import HTTPError from authentik import __version__ from authentik.lib.sentry import SentryIgnoredException @@ -72,8 +73,9 @@ class KubernetesObjectReconciler(Generic[T]): try: try: current = self.retrieve() - except ApiException as exc: - if exc.status == 404: + except (OpenApiException, HTTPError) as exc: + # pylint: disable=no-member + if isinstance(exc, ApiException) and exc.status == 404: self.logger.debug("Failed to get current, triggering recreate") raise NeedsRecreate from exc self.logger.debug("Other unhandled error", exc=exc) @@ -104,8 +106,9 @@ class KubernetesObjectReconciler(Generic[T]): current = self.retrieve() self.delete(current) self.logger.debug("Removing") - except ApiException as exc: - if exc.status == 404: + except (OpenApiException, HTTPError) as exc: + # pylint: disable=no-member + if isinstance(exc, ApiException) and exc.status == 404: self.logger.debug("Failed to get current, assuming non-existant") return self.logger.debug("Other unhandled error", exc=exc) diff --git a/authentik/outposts/controllers/kubernetes.py b/authentik/outposts/controllers/kubernetes.py index fb2aa689f..0285d5c4a 100644 --- a/authentik/outposts/controllers/kubernetes.py +++ b/authentik/outposts/controllers/kubernetes.py @@ -3,8 +3,9 @@ from io import StringIO from typing import Type from kubernetes.client.api_client import ApiClient -from kubernetes.client.exceptions import ApiException +from kubernetes.client.exceptions import OpenApiException from structlog.testing import capture_logs +from urllib3.exceptions import HTTPError from yaml import dump_all from authentik.outposts.controllers.base import BaseController, ControllerException @@ -12,7 +13,7 @@ from authentik.outposts.controllers.k8s.base import KubernetesObjectReconciler from authentik.outposts.controllers.k8s.deployment import DeploymentReconciler from authentik.outposts.controllers.k8s.secret import SecretReconciler from authentik.outposts.controllers.k8s.service import ServiceReconciler -from authentik.outposts.models import KubernetesServiceConnection, Outpost +from authentik.outposts.models import KubernetesServiceConnection, Outpost, ServiceConnectionInvalid class KubernetesController(BaseController): @@ -40,7 +41,7 @@ class KubernetesController(BaseController): reconciler = self.reconcilers[reconcile_key](self) reconciler.up() - except ApiException as exc: + except (OpenApiException, HTTPError, ServiceConnectionInvalid) as exc: raise ControllerException(str(exc)) from exc def up_with_logs(self) -> list[str]: @@ -55,7 +56,7 @@ class KubernetesController(BaseController): reconciler.up() all_logs += [f"{reconcile_key.title()}: {x['event']}" for x in logs] return all_logs - except ApiException as exc: + except (OpenApiException, HTTPError, ServiceConnectionInvalid) as exc: raise ControllerException(str(exc)) from exc def down(self): @@ -65,7 +66,7 @@ class KubernetesController(BaseController): self.logger.debug("Tearing down object", name=reconcile_key) reconciler.down() - except ApiException as exc: + except (OpenApiException, HTTPError, ServiceConnectionInvalid) as exc: raise ControllerException(str(exc)) from exc def down_with_logs(self) -> list[str]: @@ -80,7 +81,7 @@ class KubernetesController(BaseController): reconciler.down() all_logs += [f"{reconcile_key.title()}: {x['event']}" for x in logs] return all_logs - except ApiException as exc: + except (OpenApiException, HTTPError, ServiceConnectionInvalid) as exc: raise ControllerException(str(exc)) from exc def get_static_deployment(self) -> str: diff --git a/authentik/outposts/models.py b/authentik/outposts/models.py index 3e294ecdd..851b52472 100644 --- a/authentik/outposts/models.py +++ b/authentik/outposts/models.py @@ -365,7 +365,7 @@ class Outpost(ManagedModel): ) try: assign_perm(code_name, user, model_or_perm) - except Permission.DoesNotExist as exc: + except (Permission.DoesNotExist, AttributeError) as exc: LOGGER.warning( "permission doesn't exist", code_name=code_name, diff --git a/authentik/stages/password/stage.py b/authentik/stages/password/stage.py index 646f68bdf..fddde51b6 100644 --- a/authentik/stages/password/stage.py +++ b/authentik/stages/password/stage.py @@ -32,9 +32,7 @@ PLAN_CONTEXT_METHOD_ARGS = "auth_method_args" SESSION_INVALID_TRIES = "user_invalid_tries" -def authenticate( - request: HttpRequest, backends: list[str], **credentials: dict[str, Any] -) -> Optional[User]: +def authenticate(request: HttpRequest, backends: list[str], **credentials: Any) -> Optional[User]: """If the given credentials are valid, return a User object. Customized version of django's authenticate, which accepts a list of backends"""