This repository has been archived by the owner on Dec 11, 2023. It is now read-only.
Validate tokens and show results on OneAgent status #188
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Since having mis-configured tokens with OneAgent objects is a relatively common scenario. The idea with this PR is for the Operator to validate different common situations and provide a place where users can look for issues, if any.
The OneAgent CRD now has two conditions,
PaaSToken
andAPIToken
, to indicate the state of the API and PaaS tokens, respectively, and can be looked at withkubectl get oneagent -o yaml
orkubectl describe oneagent
.The Operator will now set different reasons for each condition depending of the validation result:
TokenReady
Set when all checks have passed.
TokenSecretNotFound
When the secret doesn't exist. By the default it comes from the OneAgent object name, and can be customized by the CR field
tokens
.TokenMissing
Set when the token field is missing on the secret. Two fields must be on the secret,
apiToken
, andpaasToken
.TokenUnauthorized
When the token can't be found in the Dynatrace environment. Is it correct?
TokenScopeMissing
Set when the token doesn't have the required permission on Dynatrace environment, e.g., using API token on the PaaS token field, etc. Currently, API and PaaS tokens need
DataExport
, andInstallerDownload
, respectively.TokenError
Set when the probe request failed by an unrecognized error. Is it the API URL correct?
Implementation details
LastAPITokenProbeTimestamp
, andLastPaaSTokenProbeTimestamp
.setStatusCondition()
andfindCondition()
from the reconciler to beOneAgent
's methods.ServerError
to be an error type. If specific behavior is needed with these kind of errors, the Go 1.13'serrors
package can be used.