Skip to content

Commit

Permalink
chore: Adding retry for urllib3.exceptions protocolError (bridgecrewi…
Browse files Browse the repository at this point in the history
…o#5575)

* adding retry for urllib3.exceptions protocolError

* Mypy

* Mypy

* Mypy

* CR fix
  • Loading branch information
ChanochShayner authored Sep 19, 2023
1 parent 8f73e5d commit 43fee3d
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@
from itertools import groupby
from typing import TYPE_CHECKING, Any

from urllib3 import PoolManager
from urllib3.exceptions import ProtocolError

from checkov.common.bridgecrew.integration_features.base_integration_feature import BaseIntegrationFeature
from checkov.common.bridgecrew.integration_features.features.policy_metadata_integration import integration as metadata_integration
from checkov.common.bridgecrew.platform_integration import bc_integration
Expand Down Expand Up @@ -112,8 +115,22 @@ def _get_fixes_for_file(
if not self.bc_integration.http:
raise AttributeError("HTTP manager was not correctly created")

logging.debug(f'Calling fixes API with payload: {json.dumps(payload)}, headers: {headers}, url: {self.fixes_url}')
request = self.bc_integration.http.request("POST", self.fixes_url, headers=headers, body=json.dumps(payload)) # type:ignore[no-untyped-call]
try:
logging.debug(f'Calling fixes API with payload: {json.dumps(payload)}, headers: {headers}, url: {self.fixes_url}')
request = self.bc_integration.http.request("POST", self.fixes_url, headers=headers, body=json.dumps(payload)) # type:ignore[no-untyped-call]

# When running via IDE we can fail here in case of running with -d when the poolManager is broken
except ProtocolError as e:
logging.error(f'Get fixes request for file {filename} failed with response code error: {e}')
if isinstance(self.bc_integration.http, PoolManager):
self.bc_integration.http = None
self.bc_integration.setup_http_manager(
self.bc_integration.ca_certificate,
self.bc_integration.no_cert_verify
)
request = self.bc_integration.http.request("POST", self.fixes_url, headers=headers, body=json.dumps(payload)) # type:ignore
else:
return None

if request.status != 200:
error_message = extract_error_message(request)
Expand Down
5 changes: 5 additions & 0 deletions checkov/common/bridgecrew/platform_integration.py
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,8 @@ def __init__(self) -> None:
self.support_flag_enabled = False
self.enable_persist_graphs = convert_str_to_bool(os.getenv('BC_ENABLE_PERSIST_GRAPHS', 'True'))
self.persist_graphs_timeout = int(os.getenv('BC_PERSIST_GRAPHS_TIMEOUT', 60))
self.ca_certificate: str | None = None
self.no_cert_verify: bool = False

def set_bc_api_url(self, new_url: str) -> None:
self.bc_api_url = normalize_bc_url(new_url)
Expand Down Expand Up @@ -206,6 +208,9 @@ def setup_http_manager(self, ca_certificate: str | None = None, no_cert_verify:
:param ca_certificate: an optional CA bundle to be used by both libraries.
:param no_cert_verify: whether to skip SSL cert verification
"""
self.ca_certificate = ca_certificate
self.no_cert_verify = no_cert_verify

ca_certificate = ca_certificate or os.getenv('BC_CA_BUNDLE')
cert_reqs: str | None

Expand Down

0 comments on commit 43fee3d

Please sign in to comment.