From ae9e71ba68cb1dd00bb5ed2635bac9aab2abbafe Mon Sep 17 00:00:00 2001 From: Steve Kuznetsov Date: Tue, 27 Apr 2021 11:19:01 -0700 Subject: [PATCH] apiserver: wrap errors in admission with context When the API server encounters an error during admission webhook handling, lower-level errors are bubbled up without any additional context added. This leads to fairly opaque and unintelligible errors. It is not clear to users if the API server itself is having an error (for instance, fetching the REST client) or if the request to the webhook failed in some way. Signed-off-by: Steve Kuznetsov --- .../pkg/admission/plugin/webhook/mutating/dispatcher.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go index 0410d037859..fc636601b5d 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go @@ -214,12 +214,12 @@ func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *admiss uid, request, response, err := webhookrequest.CreateAdmissionObjects(attr, invocation) if err != nil { - return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: err} + return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("could not create admission objects: %w", err)} } // Make the webhook request client, err := invocation.Webhook.GetRESTClient(a.cm) if err != nil { - return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: err} + return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("could not get REST client: %w", err)} } trace := utiltrace.New("Call mutating webhook", utiltrace.Field{"configuration", configurationName}, @@ -253,13 +253,13 @@ func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *admiss } if err := r.Do(ctx).Into(response); err != nil { - return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: err} + return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("failed to call webhook: %w", err)} } trace.Step("Request completed") result, err := webhookrequest.VerifyAdmissionResponse(uid, true, response) if err != nil { - return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: err} + return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("received invalid webhook response: %w", err)} } for k, v := range result.AuditAnnotations {