search

gardener / gardener-extension-provider-openstack

Gardener extension controller for the OpenStack cloud provider (https://openstack.org).
https://gardener.cloud
Apache License 2.0
28 stars 82 forks source link

Error code not added #605

Closed ialidzhikov closed 7 months ago

ialidzhikov commented 1 year ago

How to categorize this issue?

/area quality /area ops-productivity /kind bug /platform openstack

What happened: Infra is failing to be deleted with the following error:

  status:
    lastError:
      description: 'Error checking infrastructure config: <nil>: Internal error: could
        not create Openstack client factory: Authentication failed'
      lastUpdateTime: "2023-04-05T06:59:15Z"
    lastOperation:
      description: 'Error checking infrastructure config: <nil>: Internal error: could
        not create Openstack client factory: Authentication failed'
      lastUpdateTime: "2023-04-05T06:59:15Z"
      progress: 50
      state: Error
      type: Reconcile

This error message should have been categotized as ERR_INFRA_UNAUTHENTICATED as it contains the string Authentication failed which should be matched in https://github.com/gardener/gardener-extension-provider-openstack/blob/9d13b55441fa56a698aff3712ba71f097ad29778/pkg/apis/openstack/helper/error_codes.go#L24

What you expected to happen: The Infrastructure lastError to have the error code ERR_INFRA_UNAUTHENTICATED added.

How to reproduce it (as minimally and precisely as possible): See above.

Anything else we need to know?:

Environment:

ialidzhikov commented 1 year ago

/cc @acumino

kon-angelo commented 1 year ago

@ialidzhikov I think the error for this is coming from ConfigValidator so this is probably not easily fixed in the extension if I am not mistaken

acumino commented 1 year ago

/assign

acumino commented 1 year ago

The error from configValidator is supposed to be considered only for configuration error and that is already being checked here. We can consider other error codes also for configValidator error by putting error code check here. But this is not being done in any provider extension. So I would propose to close this issues.

ialidzhikov commented 1 year ago

I think we should make changes to make possible from the ConfigValidator to return provider related error such as ERR_INFRA_UNAUTHENTICATED and ERR_INFRA_UNAUTHORIZED. The reason to introduce the ConfigValidator interface was to perform prerequisite checks before the Infrastructure reconciliation - for example make sure the VPC exists, and has the needed fields enabled; make sure the Network exists, etc. Usually the ConfigValidator create a client, get the cloud provider resource and then check it. So, this get operation is the first operation that is executed with the Shoot's cloud provider credentials and that can fail due to invalid credentials. To improve the ops productivity we should rather think about how to make possible the error categorization in that case.

acumino commented 7 months ago

/close Fixed by https://github.com/gardener/gardener-extension-provider-openstack/pull/745