Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 wrap service account not found error #1477

Closed
wants to merge 42 commits into from
Closed

🐛 wrap service account not found error #1477

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
664a51f
changes to derice minimum service account
rashmi43 Sep 9, 2024
75c5f7c
remove headers
rashmi43 Sep 9, 2024
24d93f1
add details about registry+v1 support
rashmi43 Sep 10, 2024
fdf7e9d
render yml correctly
rashmi43 Sep 10, 2024
ba9193d
Merge branch 'operator-framework:main' into main
rashmi43 Oct 8, 2024
4067d8c
Merge branch 'operator-framework:main' into main
rashmi43 Oct 10, 2024
a6b2ebc
Merge branch 'operator-framework:main' into main
rashmi43 Oct 16, 2024
e87203a
Merge branch 'operator-framework:main' into main
rashmi43 Nov 18, 2024
157cce0
sa not found
rashmi43 Nov 18, 2024
eabd252
Merge branch 'operator-framework:main' into sa-err-msg
rashmi43 Nov 18, 2024
6062677
Delete docs/drafts/derive-serviceaccount.md
rashmi43 Nov 18, 2024
738a59c
add custom sa not found
rashmi43 Nov 18, 2024
6ed7b58
remove unused imports
rashmi43 Nov 18, 2024
5d5d2de
Update tokengetter.go
rashmi43 Nov 18, 2024
815115e
Update tokengetter.go
rashmi43 Nov 18, 2024
49549f2
update error message string
rashmi43 Nov 19, 2024
aa4f6e9
pass sa name to error message
rashmi43 Nov 19, 2024
1bbb34a
Update tokengetter.go
rashmi43 Nov 19, 2024
5196201
wrap error message
rashmi43 Nov 19, 2024
e8e76c6
Update internal/authentication/tokengetter.go
rashmi43 Nov 20, 2024
3ef45b6
Update tokengetter.go
rashmi43 Nov 20, 2024
1334b69
Update clusterextension_controller.go
rashmi43 Nov 20, 2024
83e188c
add unit test cases
rashmi43 Nov 26, 2024
683db58
updates testcases
rashmi43 Nov 26, 2024
7893d90
reverting this change
rashmi43 Nov 26, 2024
bad6695
review comment
rashmi43 Nov 26, 2024
9c0df21
update error msg
rashmi43 Dec 17, 2024
5df5a1a
review comments incorporated
rashmi43 Dec 17, 2024
7b23746
Merge branch 'main' into sa-err-msg
rashmi43 Jan 25, 2025
452703d
review comments
rashmi43 Jan 25, 2025
100c39e
review comments
rashmi43 Jan 25, 2025
668e370
add unwrap function
rashmi43 Jan 27, 2025
f6e5d66
add import in the right section
rashmi43 Jan 27, 2025
91bd298
review comment about error message with namespace
rashmi43 Jan 29, 2025
03187f4
Update internal/controllers/clusterextension_controller.go
rashmi43 Jan 31, 2025
ae8094d
update test with sa condition error
rashmi43 Jan 31, 2025
b103f5d
add mock applier
rashmi43 Jan 31, 2025
3c21bba
add e2e test
rashmi43 Jan 31, 2025
ddf9c64
add nil checks in e2e testcase
rashmi43 Feb 3, 2025
40bd6ba
Merge branch 'operator-framework:main' into sa-err-msg
rashmi43 Feb 4, 2025
04f81cb
remove e2e add unit
rashmi43 Feb 4, 2025
53494ca
remove nil checks
rashmi43 Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions internal/authentication/tokengetter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,12 @@ package authentication

import (
"context"
"fmt"
"sync"
"time"

authenticationv1 "k8s.io/api/authentication/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
Expand All @@ -19,6 +21,21 @@ type TokenGetter struct {
mu sync.RWMutex
}

type ServiceAccountNotFoundError struct {
ServiceAccountName string // The name of the missing ServiceAccount.
ServiceAccountNamespace string // The namespace where the ServiceAccount should exist
Err error // The underlying error
}

func (e *ServiceAccountNotFoundError) Unwrap() error {
return e.Err
}

// Error implements the error interface for ServiceAccountNotFoundError.
func (e *ServiceAccountNotFoundError) Error() string {
return fmt.Sprintf("service account \"%s\" not found in namespace \"%s\": unable to authenticate with the Kubernetes cluster.", e.ServiceAccountName, e.ServiceAccountNamespace)
}

type TokenGetterOption func(*TokenGetter)

const (
Expand Down Expand Up @@ -86,6 +103,9 @@ func (t *TokenGetter) getToken(ctx context.Context, key types.NamespacedName) (*
Spec: authenticationv1.TokenRequestSpec{ExpirationSeconds: ptr.To(int64(t.expirationDuration / time.Second))},
}, metav1.CreateOptions{})
if err != nil {
if errors.IsNotFound(err) {
return nil, &ServiceAccountNotFoundError{ServiceAccountName: key.Name, ServiceAccountNamespace: key.Namespace}
}
return nil, err
}
return &req.Status, nil
Expand Down
4 changes: 3 additions & 1 deletion internal/authentication/tokengetter_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,13 +72,15 @@ func TestTokenGetterGet(t *testing.T) {
"test-namespace-3", "test-token-3", "failed to get token"},
{"Testing error when getting token from fake client", "test-service-account-4",
"test-namespace-4", "error when fetching token", "error when fetching token"},
{"Testing service account not found", "missing-sa",
"test-namespace-5", "", "service account \"missing-sa\" not found in namespace \"test-namespace-5\": unable to authenticate with the Kubernetes cluster."},
}

for _, tc := range tests {
got, err := tg.Get(context.Background(), types.NamespacedName{Namespace: tc.namespace, Name: tc.serviceAccountName})
if err != nil {
t.Logf("%s: expected: %v, got: %v", tc.testName, tc.want, err)
assert.EqualError(t, err, tc.errorMsg)
assert.EqualError(t, err, tc.errorMsg, "Error message should match expected output")
} else {
t.Logf("%s: expected: %v, got: %v", tc.testName, tc.want, got)
assert.Equal(t, tc.want, got, tc.errorMsg)
Expand Down
7 changes: 7 additions & 0 deletions internal/controllers/clusterextension_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ import (

ocv1 "github.com/operator-framework/operator-controller/api/v1"
catalogd "github.com/operator-framework/operator-controller/catalogd/api/v1"
"github.com/operator-framework/operator-controller/internal/authentication"
"github.com/operator-framework/operator-controller/internal/bundleutil"
"github.com/operator-framework/operator-controller/internal/conditionsets"
"github.com/operator-framework/operator-controller/internal/contentmanager"
Expand Down Expand Up @@ -206,6 +207,12 @@ func (r *ClusterExtensionReconciler) reconcile(ctx context.Context, ext *ocv1.Cl
installedBundle, err := r.InstalledBundleGetter.GetInstalledBundle(ctx, ext)
if err != nil {
setInstallStatus(ext, nil)
var saerr *authentication.ServiceAccountNotFoundError
if errors.As(err, &saerr) {
setInstalledStatusConditionUnknown(ext, saerr.Error())
setStatusProgressing(ext, errors.New("installation cannot proceed due to missing ServiceAccount"))
return ctrl.Result{}, err
}
setInstalledStatusConditionUnknown(ext, err.Error())
setStatusProgressing(ext, errors.New("retrying to get installed bundle"))
return ctrl.Result{}, err
Expand Down
4 changes: 3 additions & 1 deletion test/e2e/cluster_extension_install_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,9 @@ func testCleanup(t *testing.T, cat *catalogd.ClusterCatalog, clusterExtension *o
return errors.IsNotFound(err)
}, pollDuration, pollInterval)

ensureNoExtensionResources(t, clusterExtension.Name)
if clusterExtension != nil {
ensureNoExtensionResources(t, clusterExtension.Name)
}

t.Logf("By deleting Namespace %q", ns.Name)
require.NoError(t, c.Delete(context.Background(), ns))
Expand Down
Loading