From 81eb976b4478463575e9ccc7f573f32f6b671188 Mon Sep 17 00:00:00 2001 From: Grant Griffiths Date: Mon, 18 Mar 2019 12:46:17 -0700 Subject: [PATCH] in-tree: Add check for empty secret/context on create/delete Signed-off-by: Grant Griffiths --- api/server/middleware_auth.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/api/server/middleware_auth.go b/api/server/middleware_auth.go index c5b10379d..2059ed7b9 100644 --- a/api/server/middleware_auth.go +++ b/api/server/middleware_auth.go @@ -73,6 +73,15 @@ func (a *authMiddleware) createWithAuth(w http.ResponseWriter, r *http.Request, json.NewEncoder(w).Encode(&dcRes) return } + if secretName == "" { + errorMessage := "Access denied, no secret found in the annotations of the persistent volume claim" + a.log(locator.Name, fn).Error(errorMessage) + dcRes.VolumeResponse = &api.VolumeResponse{Error: errorMessage} + json.NewEncoder(w).Encode(&dcRes) + w.WriteHeader(http.StatusUnauthorized) + return + } + token, err := a.provider.GetToken(secretName, secretContext) if err != nil { a.log(locator.Name, fn).WithError(err).Error("failed to get token") @@ -206,6 +215,16 @@ func (a *authMiddleware) deleteWithAuth(w http.ResponseWriter, r *http.Request, json.NewEncoder(w).Encode(volumeResponse) return } + if secretName == "" { + errorMessage := fmt.Sprintf("Error, unable to get secret information from the volume."+ + " You may need to re-add the following keys as volume labels to point to the secret: %s and %s", + secrets.SecretNameKey, secrets.SecretNamespaceKey) + a.log(volumeID, fn).Error(errorMessage) + volumeResponse = &api.VolumeResponse{Error: errorMessage} + json.NewEncoder(w).Encode(volumeResponse) + w.WriteHeader(http.StatusInternalServerError) + return + } token, err := a.provider.GetToken(secretName, secretContext) if err != nil {