feat: error checking for initial API token call (#1080)

## Description If the API token is invalid or expired, the current implementation does not return that error to inform the end user. This implementation adds error checking, returns that error and then does not continue. This should make debugging much easier compared to it's current state. From my research there are two possible error formats. First error response: 401 unauthorized {"message":"401 Unauthorized"} Second possible error response: Token has expired {"error":"invalid_token","error_description":"Token is expired. You can either do re-authorization or token refresh."} ## Migrations required None ## Verification Provide a bad or expired API token to the module. It should fail and output the reason for failure. --------- Co-authored-by: Matthias Kay <matthias.kay@hlag.com>
cattle-ops · Feb 8, 2024 · 6b3740a · 6b3740a
1 parent 3749ea2
commit 6b3740a
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/template/gitlab-runner.tftpl b/template/gitlab-runner.tftpl
@@ -49,7 +49,7 @@ then
     # fetch gitlab token from SSM
     gitlab_token=$(aws ssm get-parameter --name "${secure_parameter_store_gitlab_token_name}" --with-decryption --region "${secure_parameter_store_region}" | jq -r ".Parameter | .Value")
 
-    token=$(curl ${curl_cacert} --request POST -L "${runners_gitlab_url}/api/v4/user/runners" \
+    response = $(curl ${curl_cacert} --request POST -L "${runners_gitlab_url}/api/v4/user/runners" \
       --header "private-token: $gitlab_token" \
       --form "tag_list=${gitlab_runner_tag_list}" \
       --form "description=${gitlab_runner_description}" \
@@ -58,8 +58,16 @@ then
       --form "maximum_timeout=${gitlab_runner_maximum_timeout}" \
       --form "runner_type=${gitlab_runner_type}_type" \
       $runner_type_param \
-      --form "access_level=${gitlab_runner_access_level}" \
-      | jq -r '.token')
+      --form "access_level=${gitlab_runner_access_level}")
+
+    token = $(echo response | jq -r '.token')
+    if [[ "$token" == null ]]
+        message = $(echo response | jq -r '.message // .error_description')
+        if [[ "$message" != null ]]
+            echo "ERROR: Couldn't register the Runner. GitLab API call returned $message".
+            exit 1
+        fi
+    fi
   else
     gitlab_runner_registration_token=${gitlab_runner_registration_token}