From a9f8f1180edd9cf4aca75d99708bd88ac233c39f Mon Sep 17 00:00:00 2001
From: James Robinson <james.em.robinson@gmail.com>
Date: Mon, 27 Jan 2025 12:07:43 +0000
Subject: [PATCH] :goal_net: Simplify SSLCertificateProvider::refresh

---
 data_safe_haven/external/api/azure_sdk.py     |  4 +--
 .../components/dynamic/ssl_certificate.py     | 27 +++++++++----------
 2 files changed, 14 insertions(+), 17 deletions(-)

diff --git a/data_safe_haven/external/api/azure_sdk.py b/data_safe_haven/external/api/azure_sdk.py
index 3b1f5f7d60..db986fa369 100644
--- a/data_safe_haven/external/api/azure_sdk.py
+++ b/data_safe_haven/external/api/azure_sdk.py
@@ -641,10 +641,10 @@ def get_keyvault_certificate(
         """Read a certificate from the KeyVault
 
         Returns:
-            KeyVaultCertificate: The certificate
+            The KeyVaultCertificate
 
         Raises:
-            DataSafeHavenAzureError if the secret could not be read
+            DataSafeHavenAzureError if the certificate could not be read
         """
         # Connect to Azure clients
         certificate_client = CertificateClient(
diff --git a/data_safe_haven/infrastructure/components/dynamic/ssl_certificate.py b/data_safe_haven/infrastructure/components/dynamic/ssl_certificate.py
index 97b719c833..9928a4093d 100644
--- a/data_safe_haven/infrastructure/components/dynamic/ssl_certificate.py
+++ b/data_safe_haven/infrastructure/components/dynamic/ssl_certificate.py
@@ -183,22 +183,19 @@ def diff(
             delete_before_replace=True,
         )
 
+    @override
     def refresh(self, props: dict[str, Any]) -> dict[str, Any]:
-        try:
-            outs = dict(**props)
-            with suppress(DataSafeHavenAzureError, KeyError):
-                azure_sdk = AzureSdk(outs["subscription_name"], disable_logging=True)
-                certificate = azure_sdk.get_keyvault_certificate(
-                    outs["certificate_secret_name"], outs["key_vault_name"]
-                )
-                if certificate.secret_id:
-                    outs["secret_id"] = certificate.secret_id
-            return outs
-        except Exception as exc:
-            cert_name = f"[green]{props['certificate_secret_name']}[/]"
-            domain_name = f"[green]{props['domain_name']}[/]"
-            msg = f"Failed to refresh SSL certificate {cert_name} for {domain_name}."
-            raise DataSafeHavenSSLError(msg) from exc
+        outs = dict(**props)
+        with suppress(DataSafeHavenAzureError, KeyError):
+            azure_sdk = AzureSdk(outs["subscription_name"], disable_logging=True)
+            kvcert = azure_sdk.get_keyvault_certificate(
+                outs["certificate_secret_name"], outs["key_vault_name"]
+            )
+            if kvcert.secret_id:
+                outs["secret_id"] = kvcert.secret_id
+            if kvcert.properties and kvcert.properties.expires_on:
+                outs["expiry_date"] = kvcert.properties.expires_on.isoformat()
+        return outs
 
 
 class SSLCertificate(Resource):