fix(AzureDNS): suppress original message in adal.TokenRefreshError to prevent early CR reconciliations due to unique data (timestamp, Trace ID) that lands to CR status
Signed-off-by: Igor Beliakov <demtis.register@gmail.com>
This commit is contained in:
Igor Beliakov
parent
8641c4a697
commit
1c01973813
@ -13,6 +13,7 @@ package azuredns
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
@ -72,6 +73,41 @@ func NewDNSProviderCredentials(environment, clientID, clientSecret, subscription
|
||||
}, nil
|
||||
}
|
||||
|
||||
// Implements adal.TokenRefreshError
|
||||
type tokenRefreshError struct {
|
||||
Message string
|
||||
Resp *http.Response
|
||||
}
|
||||
|
||||
func (tre tokenRefreshError) Error() string {
|
||||
return tre.Message
|
||||
}
|
||||
|
||||
func (tre tokenRefreshError) Response() *http.Response {
|
||||
return tre.Resp
|
||||
}
|
||||
|
||||
// suppressMessageInTokenRefreshError can be used to suppress error message contents in adal.TokenRefreshError to prevent early
|
||||
// reconciliations in controller due to CR status updates with unique data (such as timestamp, Trace ID) present in response body
|
||||
func suppressMessageInTokenRefreshError(originalError error) error {
|
||||
if originalError == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
// No need to overwrite errors of another type
|
||||
tre, ok := originalError.(adal.TokenRefreshError)
|
||||
if !ok {
|
||||
return originalError
|
||||
}
|
||||
|
||||
err := tokenRefreshError{
|
||||
Message: "failed to refresh token",
|
||||
Resp: tre.Response(),
|
||||
}
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
// getFederatedSPT prepares an SPT for a Workload Identity-enabled setup
|
||||
func getFederatedSPT(env azure.Environment, options adal.ManagedIdentityOptions) (*adal.ServicePrincipalToken, error) {
|
||||
// NOTE: all related environment variables are described here: https://azure.github.io/azure-workload-identity/docs/installation/mutating-admission-webhook.html
|
||||
@ -150,7 +186,8 @@ func getAuthorization(env azure.Environment, clientID, clientSecret, subscriptio
|
||||
// RefreshToken is absent from responses.
|
||||
err = newSPT.Refresh()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
logf.Log.V(logf.ErrorLevel).Error(err, "failed to refresh token")
|
||||
return nil, suppressMessageInTokenRefreshError(err)
|
||||
}
|
||||
|
||||
accessToken := newSPT.Token()
|
||||
|
||||
Loading…
Reference in New Issue
Block a user