Skip to content

Commit

Permalink
Merge pull request #954 from ggriffiths/intree_no_secret_improve_erro…
Browse files Browse the repository at this point in the history
…r_msg

in-tree: Add check for empty secret/context on create/delete
  • Loading branch information
ggriffiths authored Mar 20, 2019
2 parents 5bc0056 + d90a159 commit a0292eb
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions api/server/middleware_auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,15 @@ func (a *authMiddleware) createWithAuth(w http.ResponseWriter, r *http.Request,
json.NewEncoder(w).Encode(&dcRes)
return
}
if secretName == "" {
errorMessage := "Access denied, no secret found in the annotations of the persistent volume claim"
a.log(locator.Name, fn).Error(errorMessage)
dcRes.VolumeResponse = &api.VolumeResponse{Error: errorMessage}
json.NewEncoder(w).Encode(&dcRes)
w.WriteHeader(http.StatusUnauthorized)
return
}

token, err := a.provider.GetToken(secretName, secretContext)
if err != nil {
a.log(locator.Name, fn).WithError(err).Error("failed to get token")
Expand Down Expand Up @@ -206,6 +215,16 @@ func (a *authMiddleware) deleteWithAuth(w http.ResponseWriter, r *http.Request,
json.NewEncoder(w).Encode(volumeResponse)
return
}
if secretName == "" {
errorMessage := fmt.Sprintf("Error, unable to get secret information from the volume."+
" You may need to re-add the following keys as volume labels to point to the secret: %s and %s",
secrets.SecretNameKey, secrets.SecretNamespaceKey)
a.log(volumeID, fn).Error(errorMessage)
volumeResponse = &api.VolumeResponse{Error: errorMessage}
json.NewEncoder(w).Encode(volumeResponse)
w.WriteHeader(http.StatusInternalServerError)
return
}

token, err := a.provider.GetToken(secretName, secretContext)
if err != nil {
Expand Down

0 comments on commit a0292eb

Please sign in to comment.