diff --git a/cloudinit/url_helper.py b/cloudinit/url_helper.py index ecf8cd37802e..3fc667420b48 100644 --- a/cloudinit/url_helper.py +++ b/cloudinit/url_helper.py @@ -135,10 +135,27 @@ def read_ftps(url: str, timeout: float = 5.0, **kwargs: dict) -> "FtpResponse": url=url, ) from e LOG.debug("Attempting to login with user [%s]", user) - ftp_tls.login( - user=user, - passwd=url_parts.password or "", - ) + try: + ftp_tls.login( + user=user, + passwd=url_parts.password or "", + ) + except ftplib.error_perm as e: + LOG.warning( + "Attempted to connect to insecure ftp server but used" + "a scheme of ftps://, which is not allowed. Use ftp://" + "to allow connecting to insecure ftp servers." + ) + raise UrlError( + cause=( + "Attempted to connect to insecure ftp server but used" + "a scheme of ftps://, which is not allowed. Use ftp://" + "to allow connecting to insecure ftp servers." + ), + code=500, + headers=None, + url=url, + ) from e LOG.debug("Creating a secure connection") ftp_tls.prot_p() LOG.debug("Reading file: %s", url_parts.path) diff --git a/tests/integration_tests/datasources/test_nocloud.py b/tests/integration_tests/datasources/test_nocloud.py index bb496ebbf68b..f2fcad30e805 100644 --- a/tests/integration_tests/datasources/test_nocloud.py +++ b/tests/integration_tests/datasources/test_nocloud.py @@ -398,8 +398,6 @@ def test_nocloud_ftps_unencrypted_server_fails( """ cmdline = "ds=nocloud;seedfrom=ftps://localhost:2121" self._boot_with_cmdline(cmdline, client) - log = client.read_from_file("/var/log/cloud-init.log") - assert "Reading file from server over tls failed for url" in log verify_clean_boot( client, ignore_warnings=self.expected_warnings, @@ -407,6 +405,7 @@ def test_nocloud_ftps_unencrypted_server_fails( "Getting data from failed", "Used fallback datasource", + "Reading file from server over tls failed for url", ], )