Skip to content

Commit

Permalink
Wrap errors with more context while creating resources in the operator
Browse files Browse the repository at this point in the history
  • Loading branch information
@jkhelil @tekton-robot
jkhelil authored and tekton-robot committed Apr 15, 2024
1 parent 9679cae commit 6d1d2a8
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 13 deletions.
5 changes: 3 additions & 2 deletions pkg/reconciler/openshift/tektonconfig/common.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package tektonconfig

import (
"context"
"fmt"
"os"
"path/filepath"

Expand Down Expand Up @@ -101,11 +102,11 @@ func checkIfInstallerSetExist(ctx context.Context, oc versioned.Interface, relVe

labelSelector, err := common.LabelSelector(rbacInstallerSetSelector)
if err != nil {
return nil, err
return nil, fmt.Errorf("failed to retreive labelSelector with selector %v: %w", rbacInstallerSetSelector, err)
}
existingInstallerSet, err := tektoninstallerset.CurrentInstallerSetName(ctx, oc, labelSelector)
if err != nil {
return nil, err
return nil, fmt.Errorf("failed to retreive existing InstallerSet with selector %v: %w", labelSelector, err)
}
if existingInstallerSet == "" {
return nil, nil
Expand Down
23 changes: 12 additions & 11 deletions pkg/reconciler/openshift/tektonconfig/rbac.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,19 +94,20 @@ func (r *rbac) cleanUp(ctx context.Context) error {

// fetch the list of all namespaces which have label
// `openshift-pipelines.tekton.dev/namespace-reconcile-version: <release-version>`
labelSelector := fmt.Sprintf("%s = %s", namespaceVersionLabel, r.version)
namespaces, err := r.kubeClientSet.CoreV1().Namespaces().List(ctx, metav1.ListOptions{
LabelSelector: fmt.Sprintf("%s = %s", namespaceVersionLabel, r.version),
LabelSelector: labelSelector,
})
if err != nil {
return err
return fmt.Errorf("failed to retreive namespaces with labelSeleclector %s: %v", labelSelector, err)
}
// loop on namespaces and remove label if exist
for _, n := range namespaces.Items {
labels := n.GetLabels()
delete(labels, namespaceVersionLabel)
n.SetLabels(labels)
if _, err := r.kubeClientSet.CoreV1().Namespaces().Update(ctx, &n, metav1.UpdateOptions{}); err != nil {
return err
return fmt.Errorf("failed to update namespace %s: %v", n.Name, err)
}
}
return nil
Expand Down Expand Up @@ -183,7 +184,7 @@ func (r *rbac) ensurePreRequisites(ctx context.Context) error {
}
logger.Infof("default SCC set to: %s", defaultSCC)
if err := common.VerifySCCExists(ctx, defaultSCC, r.securityClientSet); err != nil {
return err
return fmt.Errorf("failed to verify scc %s exists, %w", defaultSCC, err)
}

prioritizedSCCList, err := common.GetSCCRestrictiveList(ctx, r.securityClientSet)
Expand All @@ -195,7 +196,7 @@ func (r *rbac) ensurePreRequisites(ctx context.Context) error {
maxAllowedSCC := r.tektonConfig.Spec.Platforms.OpenShift.SCC.MaxAllowed
if maxAllowedSCC != "" {
if err := common.VerifySCCExists(ctx, maxAllowedSCC, r.securityClientSet); err != nil {
return err
return fmt.Errorf("failed to verify scc %s exists, %w", maxAllowedSCC, err)
}

isPriority, err := common.SCCAMoreRestrictiveThanB(prioritizedSCCList, defaultSCC, maxAllowedSCC)
Expand Down Expand Up @@ -395,27 +396,27 @@ func (r *rbac) createResources(ctx context.Context) error {
for _, ns := range namespacesToBeReconciled {
logger.Infow("Inject CA bundle configmap in ", "Namespace", ns.GetName())
if err := r.ensureCABundles(ctx, &ns); err != nil {
return err
return fmt.Errorf("failed to ensure ca bundles presence in namespace %s, %w", ns.Name, err)
}

logger.Infow("Ensures Default SA in ", "Namespace", ns.GetName())
sa, err := r.ensureSA(ctx, &ns)
if err != nil {
return err
return fmt.Errorf("failed to ensure default SA in namespace %s, %w", ns.Name, err)
}

// If "operator.tekton.dev/scc" exists in the namespace, then bind
// that SCC to the SA
err = r.handleSCCInNamespace(ctx, &ns)
if err != nil {
return err
return fmt.Errorf("failed to bind scc to namespace %s; %w", ns.Name, err)
}

// We use a namespace scoped Role when SCC annotation is present, and
// a cluster scoped ClusterRole when the default SCC is used
roleRef := r.getSCCRoleInNamespace(&ns)
if err := r.ensurePipelinesSCCRoleBinding(ctx, sa, roleRef); err != nil {
return err
return fmt.Errorf("failed to create Pipeline Scc Role Binding in namespace %s, %w", ns.Name, err)
}

if err := r.ensureRoleBindings(ctx, sa); err != nil {
Expand All @@ -435,7 +436,7 @@ func (r *rbac) createResources(ctx context.Context) error {
nsLabels[namespaceVersionLabel] = r.version
ns.SetLabels(nsLabels)
if _, err := r.kubeClientSet.CoreV1().Namespaces().Update(ctx, &ns, metav1.UpdateOptions{}); err != nil {
return err
return fmt.Errorf("failed to update namespace %s with label %s, %w", ns.Name, namespaceVersionLabel, err)
}
}

Expand Down Expand Up @@ -469,7 +470,7 @@ func (r *rbac) createSCCFailureEventInNamespace(ctx context.Context, namespace s
logger.Infof("Creating SCC failure event in namespace: %s", namespace)
_, err := r.kubeClientSet.CoreV1().Events(namespace).Create(ctx, &failureEvent, metav1.CreateOptions{})
if err != nil {
return err
return fmt.Errorf("failed to create failure event in namespace %s, %w", namespace, err)
}

return nil
Expand Down

0 comments on commit 6d1d2a8

Please sign in to comment.