(tooling-trusted-releases) 01/01: #556 - narrow exception handling and fail on specific errors

Wed, 21 Jan 2026 02:17:55 -0800 

This is an automated email from the ASF dual-hosted git repository.

arm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git

commit 44cdc6b9060c5b3dd71b68f67d10c1063acbb026
Author: Alastair McFarlane <[email protected]>
AuthorDate: Wed Jan 21 10:14:13 2026 +0000

    #556 - narrow exception handling and fail on specific errors
---
 atr/jwtoken.py | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/atr/jwtoken.py b/atr/jwtoken.py
index 7e27174..8f3b7ee 100644
--- a/atr/jwtoken.py
+++ b/atr/jwtoken.py
@@ -28,6 +28,7 @@ import jwt
 import quart
 
 import atr.config as config
+import atr.log as log
 
 _ALGORITHM: Final[str] = "HS256"
 _ATR_JWT_AUDIENCE: Final[str] = "atr-api-pat-test-v1"
@@ -105,11 +106,30 @@ async def verify_github_oidc(token: str) -> dict[str, 
Any]:
         async with aiohttp.ClientSession() as session:
             r = await session.get(
                 f"{_GITHUB_OIDC_ISSUER}/.well-known/openid-configuration",
-                timeout=aiohttp.ClientTimeout(total=5),
+                timeout=aiohttp.ClientTimeout(total=10),
             )
             r.raise_for_status()
             jwks_uri = (await r.json())["jwks_uri"]
-    except Exception:
+    except aiohttp.ClientSSLError as exc:
+        log.error(f"TLS failure fetching OIDC config: {exc}")
+        raise base.ASFQuartException(
+            f"TLS verification failed for GitHub OIDC endpoint: {exc}",
+            errorcode=502,
+        ) from exc
+    except aiohttp.ClientConnectionError as exc:
+        log.error(f"Failed to connect to GitHub OIDC endpoint: {exc}")
+        raise base.ASFQuartException(
+            f"Failed to connect to GitHub OIDC endpoint: {exc}",
+            errorcode=502,
+        ) from exc
+    except aiohttp.ClientResponseError as exc:
+        log.error(f"GitHub OIDC endpoint returned HTTP {exc.status}: 
{exc.message}")
+        raise base.ASFQuartException(
+            f"GitHub OIDC endpoint returned HTTP {exc.status}: {exc.message}",
+            errorcode=502,
+        ) from exc
+    except (aiohttp.ServerTimeoutError, aiohttp.ClientError) as exc:
+        log.warning(f"Failed to fetch OIDC config: {exc}")
         jwks_uri = f"{_GITHUB_OIDC_ISSUER}/.well-known/jwks"
 
     jwks_client = jwt.PyJWKClient(jwks_uri)


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to