search

cyberark / conjur

CyberArk Conjur automatically secures secrets used by privileged users and machine identities
https://conjur.org
Other
760 stars 123 forks source link

Authenticate controller logs error message correctly #824

Open jtuttle opened 5 years ago

jtuttle commented 5 years ago

Evi managed to produce this error when testing Conjur on Kubernetes. Looks like an error when trying to parse an error message for a log line in the authenticate controller.

conjur-follower-7db4d8b5d9-2p8s2 conjur-possum: TypeError (no implicit conversion of Array into String):
 conjur-follower-7db4d8b5d9-2p8s2 conjur-possum:   app/domain/util/error_class.rb:16:in `gsub'
 conjur-follower-7db4d8b5d9-2p8s2 conjur-possum:   app/domain/util/error_class.rb:16:in `block (3 levels) in new'
 conjur-follower-7db4d8b5d9-2p8s2 conjur-possum:   app/domain/util/error_class.rb:15:in `each'
 conjur-follower-7db4d8b5d9-2p8s2 conjur-possum:   app/domain/util/error_class.rb:15:in `with_index'
 conjur-follower-7db4d8b5d9-2p8s2 nginx: 10.36.0.21 "POST /api/authn-k8s/labs/inject_client_cert HTTP/1.1" 500 0 "-" "Go-http-client/1.1" 0.136 0.136
 conjur-follower-7db4d8b5d9-2p8s2 conjur-possum:   app/domain/util/error_class.rb:15:in `each'
 conjur-follower-7db4d8b5d9-2p8s2 conjur-possum:   app/domain/util/error_class.rb:15:in `reduce'
 conjur-follower-7db4d8b5d9-2p8s2 conjur-possum:   app/domain/util/error_class.rb:15:in `block (2 levels) in new'
 conjur-follower-7db4d8b5d9-2p8s2 conjur-possum:   app/controllers/authenticate_controller.rb:76:in `message'
 conjur-follower-7db4d8b5d9-2p8s2 conjur-possum:   app/controllers/authenticate_controller.rb:76:in `handle_authentication_error'
 conjur-follower-7db4d8b5d9-2p8s2 conjur-possum:   app/controllers/authenticate_controller.rb:70:in `rescue in k8s_inject_client_cert'
 conjur-follower-7db4d8b5d9-2p8s2 conjur-possum:   app/controllers/authenticate_controller.rb:61:in `k8s_inject_client_cert'
 conjur-follower-7db4d8b5d9-2p8s2 conjur-possum:   app/controllers/application_controller.rb:40:in `block in run_with_transaction'
 conjur-follower-7db4d8b5d9-2p8s2 conjur-possum:   app/controllers/application_controller.rb:39:in `run_with_transaction'
 conjur-follower-7db4d8b5d9-2p8s2 conjur-possum:   lib/rack/remember_uuid.rb:12:in `call'
jtuttle commented 5 years ago

@jonahx Any thoughts on what's happening here? This is from the error handling added during the k8s authenticator refactor. It isn't immediately obvious to me.

orenbm commented 4 years ago

@jtuttle is it possible to get the request that failed this? It will make it easier to understand what went wrong