From 71dffb21a96cf212af40f963f8621e0353cb550c Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon, 10 Jan 2022 19:44:13 +0100
Subject: [PATCH] outposts: improve error handling for outpost service
 connection state

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/outposts/controllers/docker.py | 12 ++++++++----
 authentik/outposts/tasks.py              |  8 ++++++--
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/authentik/outposts/controllers/docker.py b/authentik/outposts/controllers/docker.py
index cae8e6211..839ed378e 100644
--- a/authentik/outposts/controllers/docker.py
+++ b/authentik/outposts/controllers/docker.py
@@ -9,6 +9,7 @@ from docker import DockerClient as UpstreamDockerClient
 from docker.errors import DockerException, NotFound
 from docker.models.containers import Container
 from docker.utils.utils import kwargs_from_env
+from paramiko.ssh_exception import SSHException
 from structlog.stdlib import get_logger
 from yaml import safe_dump
 
@@ -49,10 +50,13 @@ class DockerClient(UpstreamDockerClient, BaseClient):
                     authentication_kp=connection.tls_authentication,
                 )
                 tls_config = self.tls.write()
-            super().__init__(
-                base_url=connection.url,
-                tls=tls_config,
-            )
+            try:
+                super().__init__(
+                    base_url=connection.url,
+                    tls=tls_config,
+                )
+            except SSHException as exc:
+                raise ServiceConnectionInvalid from exc
         self.logger = get_logger()
         # Ensure the client actually works
         self.containers.list()
diff --git a/authentik/outposts/tasks.py b/authentik/outposts/tasks.py
index 64acd1c1a..7b4c87148 100644
--- a/authentik/outposts/tasks.py
+++ b/authentik/outposts/tasks.py
@@ -77,8 +77,12 @@ def outpost_service_connection_state(connection_pk: Any):
         cls = DockerClient
     if isinstance(connection, KubernetesServiceConnection):
         cls = KubernetesClient
-    with cls(connection) as client:
-        state = client.fetch_state()
+    try:
+        with cls(connection) as client:
+            state = client.fetch_state()
+    except ServiceConnectionInvalid as exc:
+        LOGGER.warning("Failed to get client status", exc=exc)
+        return
     cache.set(connection.state_key, state, timeout=None)