New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
serviceaccount/claims: include validation failure error in the log #105917
Conversation
/retest |
69215f8
to
4bf7336
Compare
4bf7336
to
e25633c
Compare
pkg/serviceaccount/claims.go
Outdated
klog.Errorf("unexpected validation error: %T", err) | ||
return nil, errors.New("Token could not be validated.") | ||
klog.Errorf("service account token claim validation got unexpected error type: %T", err) // avoid leaking unexpected information into the logs | ||
return nil, errors.New("service account token claims could not be validated") // return an opaque error |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd recommend returning a distinct error from line 115
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
one comment on the message returned for the unexpected default case, then lgtm |
Without this fix, the errors are logged as: unexpected validation error: *errors.errorString Signed-off-by: Monis Khan <mok@vmware.com>
e25633c
to
92c8596
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: enj, liggitt The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Without this fix, the errors are logged as:
Signed-off-by: Monis Khan mok@vmware.com
/kind bug
/milestone v1.23
/triage accepted
/priority important-longterm
/assign @liggitt