Merge "Display clean error message for missing secret"

author: Zuul <zuul@review.opendev.org> 2020-03-27 13:45:30 +0000
committer: Gerrit Code Review <review@openstack.org> 2020-03-27 13:45:30 +0000
commit: b9f885e2a7e3fd4c44c53d22815d270ebeb41431 (patch)
tree: 4a1584a62caa21d4182489e281190850be41001c
parent: d799987bba3f196d3beed5afb1580a89545f2a0b (diff)
parent: 1d5eb15be69df73c94463dd3f1251f062c8a422a (diff)
download: zuul-b9f885e2a7e3fd4c44c53d22815d270ebeb41431.tar.gz
2 files changed, 31 insertions, 0 deletions
diff --git a/tests/unit/test_v3.py b/tests/unit/test_v3.py
index 56a80181a..252f103c9 100644
--- a/tests/unit/test_v3.py
+++ b/tests/unit/test_v3.py
@@ -4581,6 +4581,35 @@ class TestSecretPassToParent(ZuulTestCase):
         ])
         self.assertIn('does not allow post-review', B.messages[0])
 
+    def test_secret_pass_to_parent_missing(self):
+        in_repo_conf = textwrap.dedent(
+            """
+            - job:
+                name: parent-job-without-secret
+                pre-run: playbooks/pre.yaml
+                run: playbooks/run.yaml
+                post-run: playbooks/post.yaml
+
+            - job:
+                name: test-job
+                parent: trusted-parent-job-without-secret
+                secrets:
+                  - name: my_secret
+                    secret: missing-secret
+                    pass-to-parent: true
+
+            - project:
+                check:
+                  jobs:
+                    - test-job
+            """)
+        file_dict = {'zuul.yaml': in_repo_conf}
+        A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
+                                           files=file_dict)
+        self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
+        self.waitUntilSettled()
+        self.assertIn('Secret missing-secret not found', A.messages[0])
+
     def test_secret_override(self):
         # Test that secrets passed to parents don't override existing
         # secrets.
diff --git a/zuul/model.py b/zuul/model.py
index d19040bc7..a272371fc 100644
--- a/zuul/model.py
+++ b/zuul/model.py
@@ -1607,6 +1607,8 @@ class Job(ConfigObject):
             decrypted_secrets = []
             for secret_use in secrets_for_parents:
                 secret = layout.secrets.get(secret_use.name)
+                if secret is None:
+                    raise Exception("Secret %s not found" % (secret_use.name,))
                 decrypted_secret = secret.decrypt(
                     other.source_context.project.private_secrets_key)
                 decrypted_secret.name = secret_use.alias
author	Zuul <zuul@review.opendev.org>	2020-03-27 13:45:30 +0000
committer	Gerrit Code Review <review@openstack.org>	2020-03-27 13:45:30 +0000
commit	b9f885e2a7e3fd4c44c53d22815d270ebeb41431 (patch)
tree	4a1584a62caa21d4182489e281190850be41001c
parent	d799987bba3f196d3beed5afb1580a89545f2a0b (diff)
parent	1d5eb15be69df73c94463dd3f1251f062c8a422a (diff)
download	zuul-b9f885e2a7e3fd4c44c53d22815d270ebeb41431.tar.gz