feat: normalize azure errors

Signed-off-by: Adam Talbot <[email protected]>
cert-manager · Jun 13, 2024 · 7ec86d2 · 7ec86d2
1 parent 3403251
commit 7ec86d2
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 29 deletions.
diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go
@@ -11,11 +11,9 @@ this directory.
 package azuredns
 
 import (
- "bytes"
  "context"
  "errors"
  "fmt"
- "io"
  "net/http"
  "os"
  "strings"
@@ -279,27 +277,63 @@ func stabilizeError(err error) error {
  return nil
  }
 
- redactResponse := func(resp *http.Response) *http.Response {
- if resp == nil {
- return nil
+ return NormalizedError{
+ Cause: err,
+ }
+}
+
+type NormalizedError struct {
+ Cause error
+}
+
+func (e NormalizedError) Error() string {
+ var (
+ authErr *azidentity.AuthenticationFailedError
+ respErr *azcore.ResponseError
+ )
+
+ switch {
+ case errors.As(e.Cause, &authErr):
+ msg := new(strings.Builder)
+ fmt.Fprintln(msg, "authentication failed:")
+
+ if authErr.RawResponse != nil {
+ if authErr.RawResponse.Request != nil {
+ fmt.Fprintf(msg, "%s %s://%s%s\n", authErr.RawResponse.Request.Method, authErr.RawResponse.Request.URL.Scheme, authErr.RawResponse.Request.URL.Host, authErr.RawResponse.Request.URL.Path)
+ }
+
+ fmt.Fprintln(msg, "--------------------------------------------------------------------------------")
+ fmt.Fprintf(msg, "RESPONSE %s\n", authErr.RawResponse.Status)
+ fmt.Fprintln(msg, "--------------------------------------------------------------------------------")
  }
 
- response := *resp
- response.Body = io.NopCloser(bytes.NewReader([]byte("<REDACTED>")))
- return &response
- }
+ fmt.Fprint(msg, "see logs for more information")
 
- var authErr *azidentity.AuthenticationFailedError
- if errors.As(err, &authErr) {
- //nolint: bodyclose // False positive, this already a processed body, probably just pointing to a buffer.
- authErr.RawResponse = redactResponse(authErr.RawResponse)
- }
+ return msg.String()
+ case errors.As(e.Cause, &respErr):
+ msg := new(strings.Builder)
+ fmt.Fprintln(msg, "request error:")
 
- var respErr *azcore.ResponseError
- if errors.As(err, &respErr) {
- //nolint: bodyclose // False positive, this already a processed body, probably just pointing to a buffer.
- respErr.RawResponse = redactResponse(respErr.RawResponse)
- }
+ if respErr.RawResponse != nil {
+ if respErr.RawResponse.Request != nil {
+ fmt.Fprintf(msg, "%s %s://%s%s\n", respErr.RawResponse.Request.Method, respErr.RawResponse.Request.URL.Scheme, respErr.RawResponse.Request.URL.Host, respErr.RawResponse.Request.URL.Path)
+ }
 
- return err
+ fmt.Fprintln(msg, "--------------------------------------------------------------------------------")
+ fmt.Fprintf(msg, "RESPONSE %s\n", respErr.RawResponse.Status)
+ if respErr.ErrorCode != "" {
+ fmt.Fprintf(msg, "ERROR CODE: %s\n", respErr.ErrorCode)
+ } else {
+ fmt.Fprintln(msg, "ERROR CODE UNAVAILABLE")
+ }
+ fmt.Fprintln(msg, "--------------------------------------------------------------------------------")
+ }
+
+ fmt.Fprint(msg, "see logs for more information")
+
+ return msg.String()
+
+ default:
+ return e.Cause.Error()
+ }
 }
diff --git a/pkg/issuer/acme/dns/azuredns/azuredns_test.go b/pkg/issuer/acme/dns/azuredns/azuredns_test.go
@@ -356,14 +356,12 @@ func TestGetAuthorizationFederatedSPT(t *testing.T) {
  _, err = spt.GetToken(context.TODO(), policy.TokenRequestOptions{Scopes: []string{"test"}})
  err = stabilizeError(err)
  assert.Error(t, err)
- assert.ErrorContains(t, err, fmt.Sprintf(`WorkloadIdentityCredential authentication failed
+ assert.ErrorContains(t, err, fmt.Sprintf(`authentication failed:
 POST %s/adfs/oauth2/token
 --------------------------------------------------------------------------------
 RESPONSE 502 Bad Gateway
 --------------------------------------------------------------------------------
-<REDACTED>
---------------------------------------------------------------------------------
-To troubleshoot, visit https://aka.ms/azsdk/go/identity/troubleshoot#workload`, ts.URL))
+see logs for more information`, ts.URL))
  })
 }
 
@@ -406,12 +404,11 @@ func TestStabilizeResponseError(t *testing.T) {
 
  err = dnsProvider.Present(context.TODO(), "test.com", "fqdn.test.com.", "test123")
  require.Error(t, err)
- require.ErrorContains(t, err, fmt.Sprintf(`Zone test.com. not found in AzureDNS for domain fqdn.test.com.. Err: GET %s/subscriptions/subscriptionID/resourceGroups/resourceGroupName/providers/Microsoft.Network/dnsZones/test.com
+ require.ErrorContains(t, err, fmt.Sprintf(`Zone test.com. not found in AzureDNS for domain fqdn.test.com.. Err: request error:
+GET %s/subscriptions/subscriptionID/resourceGroups/resourceGroupName/providers/Microsoft.Network/dnsZones/test.com
 --------------------------------------------------------------------------------
-RESPONSE 502: 502 Bad Gateway
+RESPONSE 502 Bad Gateway
 ERROR CODE: TEST_ERROR_CODE
 --------------------------------------------------------------------------------
-<REDACTED>
---------------------------------------------------------------------------------
-`, ts.URL))
+see logs for more information`, ts.URL))
 }