oidcdiscoveryendpoint: add status handler #220

sjenning · 2020-07-02T16:14:57Z

Following #213, this PR adds a status handler to the oidcdiscoveryendpoint controller so that if it is having problems, the overall OperatorStatus is Degraded with informative message why.

fyi @derekwaynecarr

sjenning · 2020-07-02T18:01:31Z

Looks good in my test cluster. AWS ids appear in some error messages though... might need to not include those to avoid unneeded updates to the OperatorStatus.

$ oc logs cloud-credential-operator-5dc878f9d-jwjjc -c cloud-credential-operator  | grep oidc
time="2020-07-02T17:38:10Z" level=info msg="reconciling AWS S3 OIDC discovery endpoint" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:10Z" level=error msg="failed reconciling S3 resources" controller=oidcdiscoveryendpoint error="secrets \"cloud-credential-operator-s3-creds\" not found"
time="2020-07-02T17:38:10Z" level=info msg="syncing cluster operator status" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:10Z" level=info msg="cluster operator status updated" controller=oidcdiscoveryendpoint <-- Degraded is True
time="2020-07-02T17:38:12Z" level=info msg="reconciling AWS S3 OIDC discovery endpoint" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:12Z" level=error msg="failed reconciling S3 resources" controller=oidcdiscoveryendpoint error="secrets \"cloud-credential-operator-s3-creds\" not found"
time="2020-07-02T17:38:13Z" level=info msg="reconciling AWS S3 OIDC discovery endpoint" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:13Z" level=error msg="failed reconciling S3 resources" controller=oidcdiscoveryendpoint error="secrets \"cloud-credential-operator-s3-creds\" not found"
time="2020-07-02T17:38:14Z" level=info msg="reconciling AWS S3 OIDC discovery endpoint" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:14Z" level=error msg="failed reconciling S3 resources" controller=oidcdiscoveryendpoint error="secrets \"cloud-credential-operator-s3-creds\" not found"
time="2020-07-02T17:38:15Z" level=info msg="reconciling AWS S3 OIDC discovery endpoint" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:15Z" level=error msg="failed reconciling S3 resources" controller=oidcdiscoveryendpoint error="secrets \"cloud-credential-operator-s3-creds\" not found"
time="2020-07-02T17:38:16Z" level=info msg="reconciling AWS S3 OIDC discovery endpoint" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:16Z" level=error msg="failed reconciling S3 resources" controller=oidcdiscoveryendpoint error="secrets \"cloud-credential-operator-s3-creds\" not found"
time="2020-07-02T17:38:17Z" level=info msg="reconciling AWS S3 OIDC discovery endpoint" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:17Z" level=error msg="failed reconciling S3 resources" controller=oidcdiscoveryendpoint error="secrets \"cloud-credential-operator-s3-creds\" not found"
time="2020-07-02T17:38:18Z" level=info msg="reconciling AWS S3 OIDC discovery endpoint" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:18Z" level=error msg="failed reconciling S3 resources" controller=oidcdiscoveryendpoint error="secrets \"cloud-credential-operator-s3-creds\" not found"
time="2020-07-02T17:38:19Z" level=info msg="reconciling AWS S3 OIDC discovery endpoint" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:19Z" level=error msg="failed reconciling S3 resources" controller=oidcdiscoveryendpoint error="secrets \"cloud-credential-operator-s3-creds\" not found"
time="2020-07-02T17:38:20Z" level=info msg="reconciling AWS S3 OIDC discovery endpoint" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:20Z" level=error msg="failed reconciling S3 resources" controller=oidcdiscoveryendpoint error="secrets \"cloud-credential-operator-s3-creds\" not found"
time="2020-07-02T17:38:22Z" level=info msg="reconciling AWS S3 OIDC discovery endpoint" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:23Z" level=error msg="failed reconciling S3 resources" controller=oidcdiscoveryendpoint error="InvalidAccessKeyId: The AWS Access Key Id you provided does not exist in our records.\n\tstatus code: 403, request id: 2F1D8F27348C2344, host id: lCHMJlRi+VRGVSl+ozeGrU14N8CHmSk+ne4m6C6gpAg8bGUHmC2eVp4qJVagpHdArZxAIFykkHo="
time="2020-07-02T17:38:23Z" level=info msg="syncing cluster operator status" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:23Z" level=info msg="cluster operator status updated" controller=oidcdiscoveryendpoint <-- Degraded is still True but for different reason
time="2020-07-02T17:38:28Z" level=info msg="reconciling AWS S3 OIDC discovery endpoint" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:28Z" level=error msg="failed reconciling S3 resources" controller=oidcdiscoveryendpoint error="InvalidAccessKeyId: The AWS Access Key Id you provided does not exist in our records.\n\tstatus code: 403, request id: 1C829F2102850A86, host id: +S3rJ6Pxbe5+MTWfNQ6VegWA/jBJDejVxQ2ujLbTbvQrC5dLPKAPQ3bgvgTAhFMAWM7aKU2rp00="
time="2020-07-02T17:38:28Z" level=info msg="syncing cluster operator status" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:28Z" level=info msg="cluster operator status updated" controller=oidcdiscoveryendpoint <-- Unfortunate update due to changing ids in error message :(
time="2020-07-02T17:38:38Z" level=info msg="reconciling AWS S3 OIDC discovery endpoint" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:39Z" level=info msg="bucket created" bucket=sjenning-aws-8f6j4-oidc controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:39Z" level=info msg="syncing cluster operator status" controller=oidcdiscoveryendpoint
time="2020-07-02T17:38:39Z" level=info msg="cluster operator status updated" controller=oidcdiscoveryendpoint <-- Degraded switched to false

sjenning · 2020-07-06T14:21:50Z

/retest

joelddiaz

Looks good. Only high-level question I have is this: why are we not setting the Reason field on the conditions, and is there some unusual consequence for this decision?

sjenning · 2020-07-08T17:23:28Z

@joelddiaz added reasons

joelddiaz

/lgtm

openshift-bot · 2020-07-09T13:43:56Z

/retest