Skip to content

Commit

Permalink
Merge pull request #262 from xperimental/backport-secret-errors-5.6
Browse files Browse the repository at this point in the history 
LOG-5060: Improve messages for errors in storage secret
  • Loading branch information
@openshift-merge-bot
openshift-merge-bot[bot] authored Feb 7, 2024
2 parents ee5bc1f + 8fee02e commit 9eabf4a
Show file tree
Hide file tree
Showing 4 changed files with 98 additions and 85 deletions.
4 changes: 4 additions & 0 deletions operator/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
## Main

## Release 5.6.17

- [11824](https://github.com/grafana/loki/pull/11824) **xperimental**: Improve messages for errors in storage secret

## Release 5.6.16

- [11778](https://github.com/grafana/loki/pull/11778) **periklis**: Update Loki operand to v2.9.4
Expand Down
60 changes: 33 additions & 27 deletions operator/internal/handlers/internal/storage/secrets.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ package storage
import (
"context"
"crypto/sha1"
"errors"
"fmt"
"sort"

"github.com/ViaQ/logerr/v2/kverrors"
corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"sigs.k8s.io/controller-runtime/pkg/client"
Expand All @@ -17,7 +17,13 @@ import (
"github.com/grafana/loki/operator/internal/status"
)

var hashSeparator = []byte(",")
var (
hashSeparator = []byte(",")

errSecretUnknownType = errors.New("unknown secret type")
errSecretMissingField = errors.New("missing secret field")
errSecretHashError = errors.New("error calculating hash for secret")
)

func getSecret(ctx context.Context, k k8s.Client, stack *lokiv1.LokiStack) (*corev1.Secret, error) {
var storageSecret corev1.Secret
Expand All @@ -30,7 +36,7 @@ func getSecret(ctx context.Context, k k8s.Client, stack *lokiv1.LokiStack) (*cor
Requeue: false,
}
}
return nil, kverrors.Wrap(err, "failed to lookup lokistack storage secret", "name", key)
return nil, fmt.Errorf("failed to lookup lokistack storage secret: %w", err)
}

return &storageSecret, nil
Expand All @@ -40,7 +46,7 @@ func getSecret(ctx context.Context, k k8s.Client, stack *lokiv1.LokiStack) (*cor
func extractSecret(s *corev1.Secret, secretType lokiv1.ObjectStorageSecretType) (storage.Options, error) {
hash, err := hashSecretData(s)
if err != nil {
return storage.Options{}, kverrors.Wrap(err, "error calculating hash for secret", "type", secretType)
return storage.Options{}, errSecretHashError
}

storageOpts := storage.Options{
Expand All @@ -59,7 +65,7 @@ func extractSecret(s *corev1.Secret, secretType lokiv1.ObjectStorageSecretType)
case lokiv1.ObjectStorageSecretSwift:
storageOpts.Swift, err = extractSwiftConfigSecret(s)
default:
return storage.Options{}, kverrors.New("unknown secret type", "type", secretType)
return storage.Options{}, fmt.Errorf("%w: %s", errSecretUnknownType, secretType)
}

if err != nil {
Expand Down Expand Up @@ -101,19 +107,19 @@ func extractAzureConfigSecret(s *corev1.Secret) (*storage.AzureStorageConfig, er
// Extract and validate mandatory fields
env := s.Data[storage.KeyAzureEnvironmentName]
if len(env) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeyAzureEnvironmentName)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeyAzureEnvironmentName)
}
container := s.Data[storage.KeyAzureStorageContainerName]
if len(container) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeyAzureStorageContainerName)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeyAzureStorageContainerName)
}
name := s.Data[storage.KeyAzureStorageAccountName]
if len(name) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeyAzureStorageAccountName)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeyAzureStorageAccountName)
}
key := s.Data[storage.KeyAzureStorageAccountKey]
if len(key) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeyAzureStorageAccountKey)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeyAzureStorageAccountKey)
}

return &storage.AzureStorageConfig{
Expand All @@ -126,13 +132,13 @@ func extractGCSConfigSecret(s *corev1.Secret) (*storage.GCSStorageConfig, error)
// Extract and validate mandatory fields
bucket := s.Data[storage.KeyGCPStorageBucketName]
if len(bucket) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeyGCPStorageBucketName)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeyGCPStorageBucketName)
}

// Check if google authentication credentials is provided
keyJSON := s.Data[storage.KeyGCPServiceAccountKeyFilename]
if len(keyJSON) == 0 {
return nil, kverrors.New("missing google authentication credentials", "field", storage.KeyGCPServiceAccountKeyFilename)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeyGCPServiceAccountKeyFilename)
}

return &storage.GCSStorageConfig{
Expand All @@ -142,21 +148,21 @@ func extractGCSConfigSecret(s *corev1.Secret) (*storage.GCSStorageConfig, error)

func extractS3ConfigSecret(s *corev1.Secret) (*storage.S3StorageConfig, error) {
// Extract and validate mandatory fields
endpoint := s.Data[storage.KeyAWSEndpoint]
if len(endpoint) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeyAWSEndpoint)
}
buckets := s.Data[storage.KeyAWSBucketNames]
if len(buckets) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeyAWSBucketNames)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeyAWSBucketNames)
}
endpoint := s.Data[storage.KeyAWSEndpoint]
if len(endpoint) == 0 {
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeyAWSEndpoint)
}
id := s.Data[storage.KeyAWSAccessKeyID]
if len(id) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeyAWSAccessKeyID)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeyAWSAccessKeyID)
}
secret := s.Data[storage.KeyAWSAccessKeySecret]
if len(secret) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeyAWSAccessKeySecret)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeyAWSAccessKeySecret)
}

// Extract and validate optional fields
Expand All @@ -173,39 +179,39 @@ func extractSwiftConfigSecret(s *corev1.Secret) (*storage.SwiftStorageConfig, er
// Extract and validate mandatory fields
url := s.Data[storage.KeySwiftAuthURL]
if len(url) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeySwiftAuthURL)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeySwiftAuthURL)
}
username := s.Data[storage.KeySwiftUsername]
if len(username) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeySwiftUsername)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeySwiftUsername)
}
userDomainName := s.Data[storage.KeySwiftUserDomainName]
if len(userDomainName) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeySwiftUserDomainName)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeySwiftUserDomainName)
}
userDomainID := s.Data[storage.KeySwiftUserDomainID]
if len(userDomainID) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeySwiftUserDomainID)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeySwiftUserDomainID)
}
userID := s.Data[storage.KeySwiftUserID]
if len(userID) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeySwiftUserID)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeySwiftUserID)
}
password := s.Data[storage.KeySwiftPassword]
if len(password) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeySwiftPassword)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeySwiftPassword)
}
domainID := s.Data[storage.KeySwiftDomainID]
if len(domainID) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeySwiftDomainID)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeySwiftDomainID)
}
domainName := s.Data[storage.KeySwiftDomainName]
if len(domainName) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeySwiftDomainName)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeySwiftDomainName)
}
containerName := s.Data[storage.KeySwiftContainerName]
if len(containerName) == 0 {
return nil, kverrors.New("missing secret field", "field", storage.KeySwiftContainerName)
return nil, fmt.Errorf("%w: %s", errSecretMissingField, storage.KeySwiftContainerName)
}

// Extract and validate optional fields
Expand Down
Loading

0 comments on commit 9eabf4a

Please sign in to comment.