This is an automated email from the ASF dual-hosted git repository.
arm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new 9af8b4c #556 - narrow exception handling and fail on specific errors
9af8b4c is described below
commit 9af8b4cd8fee1fa46047cc43550203cd1066e1bf
Author: Alastair McFarlane <[email protected]>
AuthorDate: Wed Jan 21 10:14:13 2026 +0000
#556 - narrow exception handling and fail on specific errors
---
atr/jwtoken.py | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/atr/jwtoken.py b/atr/jwtoken.py
index 7e27174..b738ea5 100644
--- a/atr/jwtoken.py
+++ b/atr/jwtoken.py
@@ -109,7 +109,22 @@ async def verify_github_oidc(token: str) -> dict[str, Any]:
)
r.raise_for_status()
jwks_uri = (await r.json())["jwks_uri"]
- except Exception:
+ except aiohttp.ClientSSLError as exc:
+ raise base.ASFQuartException(
+ f"TLS verification failed for GitHub OIDC endpoint: {exc}",
+ errorcode=502,
+ ) from exc
+ except aiohttp.ClientConnectorError as exc:
+ raise base.ASFQuartException(
+ f"Failed to connect to GitHub OIDC endpoint: {exc}",
+ errorcode=502,
+ ) from exc
+ except aiohttp.ClientResponseError as exc:
+ raise base.ASFQuartException(
+ f"GitHub OIDC endpoint returned HTTP {exc.status}: {exc.message}",
+ errorcode=502,
+ ) from exc
+ except (aiohttp.ServerTimeoutError, aiohttp.ClientError):
jwks_uri = f"{_GITHUB_OIDC_ISSUER}/.well-known/jwks"
jwks_client = jwt.PyJWKClient(jwks_uri)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
