[provider/google] Always log hasMember request error object #474
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jbielick
requested review from
JoelSpeed,
steakunderscore and
loshz
as code owners
jbielick
commented
Apr 2, 2020
| for _, group := range groups { | ||
| // Use the HasMember API to checking for the user's presence in each group or nested subgroups | ||
| req := service.Members.HasMember(group, email) | ||
| r, err := req.Do() |
There was a problem hiding this comment.
err here is what I want to print.
jbielick
commented
Apr 2, 2020
| r, err := req.Do() | ||
| if err != nil { | ||
| err, ok := err.(*googleapi.Error) | ||
| gerr, ok := err.(*googleapi.Error) |
There was a problem hiding this comment.
reassignment of err here writes nil to err when the type assertion fails. I don't know what type err is before this. The error object is:
oauth2: cannot fetch token: 401 Unauthorized
Response: {
"error": "unauthorized_client",
"error_description": "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested."
}
JoelSpeed
reviewed
Apr 4, 2020
when type asserting fails here, err is reassigned with nil and the
default block of the switch prints out <nil> in the error message. This
makes debugging a configuration or access token issue difficult
The particular error this surfaces is:
Response: {
"error": "unauthorized_client",
"error_description": "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested."
}
Signed-off-by: Josh Bielick <jbielick@gmail.com>
|
@JoelSpeed sure thing. Updated. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Logs the original request error for group membership check to google
Motivation and Context
When type asserting fails here, err is reassigned with nil and the default block of the switch prints out
<nil>in the error message. This makes debugging a configuration or access token issue difficult.Before:
After:
The issue seemed to be that
I needed an additional OAuth scope,The Admin SDK API was not enabled.https://www.googleapis.com/auth/admin.directory.group.member.readonly, which I intend to add to the docs in another PR.How Has This Been Tested?
I'm currently trying to get this working with nginx-ingress-controller. I cloned this repo, made the change, ran the tests, built the image, pushed it, and used my custom image and got the error message in my logs.
Checklist: