🐛 OCPBUGS-55165 Permissions preflight error output fixes #1934
Conversation
✅ Deploy Preview for olmv1 ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
trgeiger
force-pushed
the
rbac-error-fixes
branch
from
76740c3 to
88065ff
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1934 +/- ##
==========================================
- Coverage 66.01% 65.91% -0.10%
==========================================
Files 70 70
Lines 6182 6182
==========================================
- Hits 4081 4075 -6
- Misses 1841 1845 +4
- Partials 260 262 +2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| @@ -103,7 +103,7 @@ func (h *Helm) runPreAuthorizationChecks(ctx context.Context, ext *ocv1.ClusterE | |||
| } | |||
| } | |||
| slices.Sort(missingRuleDescriptions) | |||
| preAuthErrors = append(preAuthErrors, fmt.Errorf("service account requires the following permissions to manage cluster extension:\n %s", strings.Join(missingRuleDescriptions, "\n "))) | |||
| preAuthErrors = append(preAuthErrors, fmt.Errorf("service account requires the following permissions to manage cluster extension:\n %s\n", strings.Join(missingRuleDescriptions, "\n "))) //nolint:stylecheck | |||
There was a problem hiding this comment.
We should probably add a comment here saying why this newline is needed.
But I thought about it a bit more and I wonder if we should try to not put the newlines in the error, make the tests assert on the error contents without the newline and then post-process newlines and maybe bullets for each point, into the rendered return:
so like:
// join descriptions with commas; formatting (newlines/bullets) will be applied at error render time
preAuthErrors = append(preAuthErrors,
fmt.Errorf("service account requires the following permissions to manage cluster extension: %s",
strings.Join(missingRuleDescriptions, ", ")))
}
if authErr != nil {
preAuthErrors = append(preAuthErrors, fmt.Errorf("authorization evaluation error: %w", authErr))
}
if len(preAuthErrors) > 0 {
// Render the collected errors with line breaks for clarity
var b strings.Builder
b.WriteString("pre-authorization failed:")
for _, e := range preAuthErrors {
b.WriteString("\n - ")
b.WriteString(e.Error())
}
return errors.New(b.String())
}
return nilThere was a problem hiding this comment.
it avoids the nolint and is cleaner maybe
There was a problem hiding this comment.
Changing the missing rules join is going to make the rules output into one giant long string. It ends up as one single error in preAuthErrors so your loop is only adding a newline at the last rule.
There was a problem hiding this comment.
Hmm, not my intention, now I gotta go try it maybe not just suggest it ;-) Was hoping for that range with comma separated errors to solve the nolint and allow for building the errors into human readable form with a return to separate them from the context.
There was a problem hiding this comment.
Maybe we simply need to errors.Join(preAuthErrors...) with no other changes?
if len(preAuthErrors) > 0 {
return fmt.Errorf("pre-authorization failed: %v", errors.Join(preAuthErrors...))
}There was a problem hiding this comment.
Change made, it seems to work
bentito
changed the title
trgeiger
force-pushed
the
rbac-error-fixes
branch
4 times, most recently
from
cbfabeb to
24928e4
Compare
Signed-off-by: Tayler Geiger <[email protected]>
trgeiger
force-pushed
the
rbac-error-fixes
branch
from
24928e4 to
d3edc3e
Compare
Description
This PR contains 2 changes:
Reviewer Checklist