Make credentialprovider less verbose about benign errors.

In particular, a few of the utilities used within the credentialprovider had the pattern: glog.Errorf("while blah %s: %v", s, err) return nil, err This change propagates those error message and puts the burden of logging on the caller. In particular, this allows us to squelch all output during kubelet startup when we are detecting whether certain credentialprovider plugins should even be enabled. Fixes: https://github.com/GoogleCloudPlatform/kubernetes/issues/2673
2025-07-31 23:37:01 +00:00 · 2014-11-30 16:31:03 -08:00 · 2014-11-30 16:31:03 -08:00 · 65c246d45a
commit 65c246d45a
parent 7246727231
2 changed files with 27 additions and 9 deletions
--- a/pkg/credentialprovider/config.go
+++ b/pkg/credentialprovider/config.go
@ -65,10 +65,21 @@ func ReadDockerConfigFile() (cfg DockerConfig, err error) {
 	return readDockerConfigFileFromBytes(contents)
 }

+// HttpError wraps a non-StatusOK error code as an error.
+type HttpError struct {
+	StatusCode int
+	Url        string
+}
+
+// Error implements error
+func (he *HttpError) Error() string {
+	return fmt.Sprintf("http status code: %d while fetching url %s",
+		he.StatusCode, he.Url)
+}
+
 func ReadUrl(url string, client *http.Client, header *http.Header) (body []byte, err error) {
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
-		glog.Errorf("while creating request to read %s: %v", url, err)
 		return nil, err
 	}
 	if header != nil {
@ -76,21 +87,20 @@ func ReadUrl(url string, client *http.Client, header *http.Header) (body []byte,
 	}
 	resp, err := client.Do(req)
 	if err != nil {
-		glog.Errorf("while trying to read %s: %v", url, err)
 		return nil, err
 	}
 	defer resp.Body.Close()

 	if resp.StatusCode != http.StatusOK {
-		err := fmt.Errorf("http status code: %d while fetching url %s", resp.StatusCode, url)
-		glog.Errorf("while trying to read %s: %v", url, err)
 		glog.V(2).Infof("body of failing http response: %v", resp.Body)
-		return nil, err
+		return nil, &HttpError{
+			StatusCode: resp.StatusCode,
+			Url:        url,
+		}
 	}

 	contents, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		glog.Errorf("while trying to read %s: %v", url, err)
 		return nil, err
 	}

--- a/pkg/credentialprovider/gcp/metadata.go
+++ b/pkg/credentialprovider/gcp/metadata.go
@ -105,7 +105,9 @@ func (g *metadataProvider) Enabled() bool {
 func (g *dockerConfigKeyProvider) Provide() credentialprovider.DockerConfig {
 	// Read the contents of the google-dockercfg metadata key and
 	// parse them as an alternate .dockercfg
-	if cfg, err := credentialprovider.ReadDockerConfigFileFromUrl(dockerConfigKey, g.Client, metadataHeader); err == nil {
+	if cfg, err := credentialprovider.ReadDockerConfigFileFromUrl(dockerConfigKey, g.Client, metadataHeader); err != nil {
+		glog.Errorf("while reading 'google-dockercfg' metadata: %v", err)
+	} else {
 		return cfg
 	}

@ -115,9 +117,13 @@ func (g *dockerConfigKeyProvider) Provide() credentialprovider.DockerConfig {
 // Provide implements DockerConfigProvider
 func (g *dockerConfigUrlKeyProvider) Provide() credentialprovider.DockerConfig {
 	// Read the contents of the google-dockercfg-url key and load a .dockercfg from there
-	if url, err := credentialprovider.ReadUrl(dockerConfigUrlKey, g.Client, metadataHeader); err == nil {
+	if url, err := credentialprovider.ReadUrl(dockerConfigUrlKey, g.Client, metadataHeader); err != nil {
+		glog.Errorf("while reading 'google-dockercfg-url' metadata: %v", err)
+	} else {
 		if strings.HasPrefix(string(url), "http") {
-			if cfg, err := credentialprovider.ReadDockerConfigFileFromUrl(string(url), g.Client, nil); err == nil {
+			if cfg, err := credentialprovider.ReadDockerConfigFileFromUrl(string(url), g.Client, nil); err != nil {
+				glog.Errorf("while reading 'google-dockercfg-url'-specified url: %s, %v", string(url), err)
+			} else {
 				return cfg
 			}
 		} else {
@ -162,11 +168,13 @@ func (g *containerRegistryProvider) Provide() credentialprovider.DockerConfig {

 	tokenJsonBlob, err := credentialprovider.ReadUrl(metadataToken, g.Client, metadataHeader)
 	if err != nil {
+		glog.Errorf("while reading access token endpoint: %v", err)
 		return cfg
 	}

 	email, err := credentialprovider.ReadUrl(metadataEmail, g.Client, metadataHeader)
 	if err != nil {
+		glog.Errorf("while reading email endpoint: %v", err)
 		return cfg
 	}