Handle exception when retrieving role list

author: Ola Aunronning <olaa@yahooinc.com> 2023-04-28 14:11:36 +0200
committer: Ola Aunronning <olaa@yahooinc.com> 2023-04-28 14:20:54 +0200
commit: 0663b7eacf34674df9759f67ec54e8806e2cb051 (patch)
tree: 991b865dbbb7740afd0377b512eb8d58354062ce
parent: 0aea87ce6347b9c2e4d3a09caf58dfb3ceb44931 (diff)
1 files changed, 17 insertions, 2 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
index 3f8107ae830..1c16340641d 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
@@ -48,6 +48,7 @@ import java.security.cert.X509Certificate;
 import java.time.Clock;
 import java.time.Duration;
 import java.time.Instant;
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
@@ -177,10 +178,15 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
         }
     }
 
-    private boolean maintainRoleCertificates(NodeAgentContext context, ContainerPath siaDirectory, ContainerPath privateKeyFile, ContainerPath certificateFile, AthenzIdentity identity, IdentityDocument identityDocument) {
+    private boolean maintainRoleCertificates(NodeAgentContext context,
+                                             ContainerPath siaDirectory,
+                                             ContainerPath privateKeyFile,
+                                             ContainerPath certificateFile,
+                                             AthenzIdentity identity,
+                                             IdentityDocument identityDocument) {
         var modified = false;
 
-        for (var role : identityDocumentClient.getNodeRoles(context.hostname().value())) {
+        for (var role : getRoleList(context)) {
                 try {
                     var roleCertificatePath = siaDirectory.resolve("certs")
                             .resolve(String.format("%s.cert.pem", role));
@@ -431,6 +437,15 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
                 : SignedIdentityDocument.LEGACY_DEFAULT_DOCUMENT_VERSION;
     }
 
+    private List<String> getRoleList(NodeAgentContext context) {
+        try {
+            return identityDocumentClient.getNodeRoles(context.hostname().value());
+        } catch (Exception e) {
+            context.log(logger, Level.WARNING, "Failed to retrieve role list", e);
+            return List.of();
+        }
+    }
+
     enum IdentityType {
         NODE("vespa-node-identity-document.json"),
         TENANT("vespa-tenant-identity-document.json");
author	Ola Aunronning <olaa@yahooinc.com>	2023-04-28 14:11:36 +0200
committer	Ola Aunronning <olaa@yahooinc.com>	2023-04-28 14:20:54 +0200
commit	0663b7eacf34674df9759f67ec54e8806e2cb051 (patch)
tree	991b865dbbb7740afd0377b512eb8d58354062ce
parent	0aea87ce6347b9c2e4d3a09caf58dfb3ceb44931 (diff)