Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

serviceaccount/claims: include validation failure error in the log #105917

Merged
merged 1 commit into from Oct 28, 2021
Merged

serviceaccount/claims: include validation failure error in the log #105917

merged 1 commit into from Oct 28, 2021

Conversation

enj
Copy link
Member

@enj enj commented Oct 26, 2021

Without this fix, the errors are logged as:

unexpected validation error: *errors.errorString

Signed-off-by: Monis Khan mok@vmware.com

/kind bug
/milestone v1.23
/triage accepted
/priority important-longterm
/assign @liggitt

NONE

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/bug Categorizes issue or PR as related to a bug. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on. labels Oct 26, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.23 milestone Oct 26, 2021
@k8s-ci-robot k8s-ci-robot added priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. sig/auth Categorizes an issue or PR as relevant to SIG Auth. labels Oct 26, 2021
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Oct 26, 2021
@enj
Copy link
Member Author

enj commented Oct 26, 2021

/retest

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Oct 26, 2021
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 27, 2021
@enj enj added this to In Review in SIG Auth Old Oct 27, 2021
liggitt
liggitt reviewed Oct 27, 2021
View reviewed changes
pkg/serviceaccount/claims.go Outdated
klog.Errorf("unexpected validation error: %T", err)
return nil, errors.New("Token could not be validated.")
klog.Errorf("service account token claim validation got unexpected error type: %T", err) // avoid leaking unexpected information into the logs
return nil, errors.New("service account token claims could not be validated") // return an opaque error
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd recommend returning a distinct error from line 115

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@liggitt
Copy link
Member

liggitt commented Oct 27, 2021

one comment on the message returned for the unexpected default case, then lgtm

@enj
serviceaccount/claims: include validation failure error in the log
92c8596 
Without this fix, the errors are logged as:

unexpected validation error: *errors.errorString

Signed-off-by: Monis Khan <mok@vmware.com>
@liggitt
Copy link
Member

liggitt commented Oct 28, 2021

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 28, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enj, liggitt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 28, 2021
@k8s-ci-robot k8s-ci-robot merged commit 525b094 into kubernetes:master Oct 28, 2021
SIG Auth Old automation moved this from In Review to Closed / Done Oct 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liggitt liggitt liggitt left review comments

@deads2k deads2k Awaiting requested review from deads2k

Assignees

@liggitt liggitt

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. release-note-none Denotes a PR that doesn't merit a release note. sig/auth Categorizes an issue or PR as relevant to SIG Auth. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Auth
Archived in project
SIG Auth Old
Closed / Done
Milestone
v1.23
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@enj @liggitt @k8s-ci-robot