Masking exceptions in ssl/certificate_authority/interface.rb

Luke,

I'm working on making the `puppet cert` command return a non-zero exit
status when there are failures.  (#14860) [1]

Luckily, we already have exception handlers for this situation:

https://github.com/puppetlabs/puppet/blob/2.7.x/lib/puppet/application/cert.rb#L188-195

However, the interface to the CA model is masking the exception here:

https://github.com/puppetlabs/puppet/blob/2.7.x/lib/puppet/ssl/certificate_authority/interface.rb#L28-31

The exception I'm trying "make work" (fail correctly) is being raised from here:

https://github.com/puppetlabs/puppet/blob/2.7.x/lib/puppet/indirector/certificate_request/ca.rb#L14

Which brings me to my question.  You have a spec test that explicitly
fails to pass if exceptions are raised rather than being logged and
discarded:

https://github.com/puppetlabs/puppet/blob/2.7.x/spec/unit/ssl/certificate_authority/interface_spec.rb#L98-106

This appears to have been added in this commit:

https://github.com/puppetlabs/puppet/commit/ebdbe4

I know you wrote this 4 years ago but do you remember why it's
important for us to mask the exception, log it, and then continue on?
It seems to me we should let the exception fly free and anything that