Merge pull request #2490 from coreos-inc/upload-cert-blocker

Make custom cert upload not hang and handle errors properly

endpoints/api/superuser.py

@@ -3,7 +3,6 @@
 import logging
 import os
 import string
-import subprocess
 
 import pathvalidate
 
@@ -900,21 +899,30 @@ class SuperUserCustomCertificate(ApiResource):
       if not certpath.endswith('.crt'):
         abort(400)
 
+      logger.debug('Saving custom certificate %s', certpath)
       cert_full_path = os.path.join(EXTRA_CA_DIRECTORY, certpath)
       config_provider.save_volume_file(cert_full_path, uploaded_file)
+      logger.debug('Saved custom certificate %s', certpath)
 
       # Validate the certificate.
       try:
+        logger.debug('Loading custom certificate %s', certpath)
         with config_provider.get_volume_file(cert_full_path) as f:
           load_certificate(f.read())
+      except CertInvalidException:
+        logger.exception('Got certificate invalid error for cert %s', certpath)
+        return '', 204
+      except IOError:
+        logger.exception('Got IO error for cert %s', certpath)
+        return '', 204
 
       # Call the update script to install the certificate immediately.
       if not app.config['TESTING']:
-          subprocess.check_call(['/conf/init/certs_install.sh'])
-      except CertInvalidException:
-        pass
-      except IOError:
-        pass
+        logger.debug('Calling certs_install.sh')
+        if os.system('/conf/init/certs_install.sh') != 0:
+          abort(500)
+
+        logger.debug('certs_install.sh completed')
 
       return '', 204
 

static/js/core-config-setup.js

@@ -1348,6 +1348,11 @@ angular.module("core-config-setup", ['angularFileUpload'])
             callback(true);
             $scope.resetUpload++;
             loadCertificates();
+          }).error(function(r) {
+            bootbox.alert('Could not upload certificate')
+            callback(false);
+            $scope.resetUpload++;
+            loadCertificates();
           });
         };