Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Give better error when policy was created manually #412

Merged
merged 2 commits into from
Jan 13, 2021
Merged

Give better error when policy was created manually #412

merged 2 commits into from
Jan 13, 2021

Conversation

lkysow
Copy link
Member

@lkysow lkysow commented Dec 17, 2020
edited
Loading

In cases where a user creates a policy out-of-band with the same name as
one consul-k8s tries to update, give a better error.

This is definitely an edge case but has occurred when a user created the
cross-namespace-acl-policy manually when trying to work around another
issue. This will at least give a better error message in this case.

How I've tested this PR:

  • unit tests

How I expect reviewers to test this PR:

  • code

Checklist:

  • Tests added
  • CHANGELOG entry added (HashiCorp engineers only, community PRs should not add a changelog entry)

@lkysow lkysow requested review from a team, kschoche and ishustava and removed request for a team December 18, 2020 17:58
kschoche
kschoche approved these changes Dec 18, 2020
View reviewed changes
Copy link
Contributor

@kschoche kschoche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

ishustava
ishustava approved these changes Jan 13, 2021
View reviewed changes
Copy link
Contributor

@ishustava ishustava left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! A couple of minor comments, but they are not blocking.

subcommand/server-acl-init/command_test.go Outdated
Comment on lines 1113 to 1114
tokenFile, fileCleanup := writeTempFile(t, bootToken)
defer fileCleanup()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't blocking or anything, but we can also move the cleanup to the writeTempFile helper function if we call t.Cleanup there. I like that it declutters the code a bit.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done!

subcommand/server-acl-init/create_or_update_test.go Outdated
c.ACL.Tokens.Master = bootToken
})
require.NoError(err)
svr.WaitForServiceIntentions(t)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering if we need this since this command or test aren't creating service intentions.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to WaitForLeader()

@lkysow
Give better error when policy was created manually
c89b3a9 
In cases where a user creates a policy out-of-band with the same name as
one consul-k8s tries to update, give a better error.

This is definitely an edge case but has occurred when a user created the
cross-namespace-acl-policy manually when trying to work around another
issue. This will at least give a better error message in this case.
@lkysow
Code review updates
1d929ac
@lkysow lkysow merged commit 0b65c21 into master Jan 13, 2021
@lkysow lkysow deleted the better-duplicate-error branch January 13, 2021 20:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kschoche kschoche kschoche approved these changes

@ishustava ishustava ishustava approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@lkysow @kschoche @ishustava