From 3e3c7cb0716548bf22735ab2106dc7e3f2592a8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Thu, 2 Nov 2023 20:10:56 +0100 Subject: [PATCH] fix consumers cases --- CHANGELOG.md | 5 +++-- internal/admission/validator.go | 10 +++++----- test/integration/httproute_webhook_test.go | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e6e350ab3..6447995a3e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -175,8 +175,9 @@ Nothing yet. [#5029](https://github.com/Kong/kubernetes-ingress-controller/pull/5029) - Fixed `HTTPRoute` and `KongConsumer` admission webhook validators to properly signal validation failures, resulting in returning responses with `AdmissionResponse` - filled instead of 500 status codes. It will make them work as expected in cases where the - `ValidatingWebhookConfiguration` is configured with `failurePolicy: Ignore`. + filled instead of 500 status codes. It will make them work as expected in cases where + the `ValidatingWebhookConfiguration` has `failurePolicy: Ignore`. + [#5063](https://github.com/Kong/kubernetes-ingress-controller/pull/5063) ### Changed diff --git a/internal/admission/validator.go b/internal/admission/validator.go index 6d1f55aac8..a83584275b 100644 --- a/internal/admission/validator.go +++ b/internal/admission/validator.go @@ -125,7 +125,7 @@ func (validator KongHTTPValidator) ValidateConsumer( // credentials so that the consumers credentials references can be validated. managedConsumers, err := validator.listManagedConsumers(ctx) if err != nil { - return false, ErrTextConsumerUnretrievable, err + return false, fmt.Sprintf("failed to fetch managed KongConsumers from cache: %s", err), nil } // retrieve the consumer's credentials secrets to validate them with the index @@ -136,7 +136,7 @@ func (validator KongHTTPValidator) ValidateConsumer( secret, err := validator.SecretGetter.GetSecret(consumer.Namespace, secretName) if err != nil { if apierrors.IsNotFound(err) { - return false, ErrTextConsumerCredentialSecretNotFound, err + return false, fmt.Sprintf("%s: %s", ErrTextConsumerCredentialSecretNotFound, err), nil } return false, ErrTextFailedToRetrieveSecret, err } @@ -248,7 +248,7 @@ func (validator KongHTTPValidator) ValidateCredential(ctx context.Context, secre // if the credentials are referenced. managedConsumers, err := validator.listManagedConsumers(ctx) if err != nil { - return false, fmt.Sprintf("failed to list managed KongConsumers: %s", err) + return false, fmt.Sprintf("failed to fetch managed KongConsumers from cache: %s", err) } // Verify whether this secret is referenced by any managed consumer. @@ -402,7 +402,7 @@ func (validator KongHTTPValidator) ValidateHTTPRoute( Name: string(parentRef.Name), }, &gateway); err != nil { if apierrors.IsNotFound(err) { - return false, fmt.Sprintf("Referenced gateway %s/%s not found", namespace, parentRef.Name), nil + return false, fmt.Sprintf("referenced gateway %s/%s not found", namespace, parentRef.Name), nil } return false, "", err } @@ -411,7 +411,7 @@ func (validator KongHTTPValidator) ValidateHTTPRoute( gatewayClass := gatewayapi.GatewayClass{} if err := validator.ManagerClient.Get(ctx, client.ObjectKey{Name: string(gateway.Spec.GatewayClassName)}, &gatewayClass); err != nil { if apierrors.IsNotFound(err) { - return false, fmt.Sprintf("Referenced gatewayclass %s not found", gateway.Spec.GatewayClassName), nil + return false, fmt.Sprintf("referenced gatewayclass %s not found", gateway.Spec.GatewayClassName), nil } return false, "", err } diff --git a/test/integration/httproute_webhook_test.go b/test/integration/httproute_webhook_test.go index 22c784566a..e1e0a72c32 100644 --- a/test/integration/httproute_webhook_test.go +++ b/test/integration/httproute_webhook_test.go @@ -62,7 +62,7 @@ func commonHTTPRouteValidationTestCases( }, }, }, - WantCreateErrSubstring: `Referenced gateway a6587a40-b3c6-4433-9232-216f9acf833a/fake-gateway not found`, + WantCreateErrSubstring: `fake-gateway not found`, }, { Name: "an invalid httproute will pass validation if it's not linked to a managed controller (it's not ours)",