github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-31 15:25:57 +00:00
Code Issues Projects Releases Wiki Activity

sarapprover: ignore authz errors

Browse Source
This commit is contained in:
Mike Danese 2017-10-13 11:48:17 -07:00
parent 8823a83565
commit 302fe7c0c8
3 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/controller/certificates/BUILD
View File

@ -15,6 +15,7 @@ go_library(
deps = [
"//pkg/controller:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/juju/ratelimit:go_default_library",
"//vendor/k8s.io/api/certificates/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/runtime:go_default_library",

2
pkg/controller/certificates/approver/sarapprove.go
View File

@ -115,7 +115,7 @@ func (a *sarApprover) handle(csr *capi.CertificateSigningRequest) error {
}
if len(tried) != 0 {
return fmt.Errorf("recognized csr %q as %v but subject access review was not approved", csr.Name, tried)
return certificates.IgnorableError("recognized csr %q as %v but subject access review was not approved", csr.Name, tried)
}
return nil

20
pkg/controller/certificates/certificate_controller.go
View File

@ -135,7 +135,11 @@ func (cc *CertificateController) processNextWorkItem() bool {
if err := cc.syncFunc(cKey.(string)); err != nil {
cc.queue.AddRateLimited(cKey)
utilruntime.HandleError(fmt.Errorf("Sync %v failed with : %v", cKey, err))
if _, ignorable := err.(ignorableError); !ignorable {
utilruntime.HandleError(fmt.Errorf("Sync %v failed with : %v", cKey, err))
} else {
glog.V(4).Infof("Sync %v failed with : %v", cKey, err)
}
return true
}
@ -181,3 +185,17 @@ func (cc *CertificateController) syncFunc(key string) error {
return cc.handler(csr)
}
// IgnorableError returns an error that we shouldn't handle (i.e. log) because
// it's spammy and usually user error. Instead we will log these errors at a
// higher log level. We still need to throw these errors to signal that the
// sync should be retried.
func IgnorableError(s string, args ...interface{}) ignorableError {
return ignorableError(fmt.Sprintf(s, args...))
}
type ignorableError string
func (e ignorableError) Error() string {
return string(e)
}