Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pepr error event/msg on client creation failure can be misleading #448

Closed
mjnagel opened this issue May 30, 2024 · 0 comments · Fixed by #511
Closed

Pepr error event/msg on client creation failure can be misleading #448

mjnagel opened this issue May 30, 2024 · 0 comments · Fixed by #511
Assignees
@mjnagel
Labels
operator Issues pertaining to the UDS Operator (Pepr) sso Issues related to the SSO stack (Keycloak/Authservice)
Milestone
0.23.0

Comments

@mjnagel
Copy link
Contributor

mjnagel commented May 30, 2024

Describe what should be investigated or refactored

Currently we have a catchall for all any Keycloak client creation failures that logs an error "Failed to process client request ... This can occur if a client already exists with the same ID that Pepr isn't tracking.".

This error is often misleading because it can surface for any number of reasons that the client creation was invalid (client scopes, invalid URIs, etc). The result is a confusing error message and the real error message is only visible in the Keycloak logs themselves. It would be good to revisit this catch all and see if we can filter errors or better represent the true failure on the keycloak call.

Links to any relevant code

uds-core/src/pepr/operator/controllers/keycloak/client-sync.ts

Lines 128 to 142 in 434844b

} catch (err) {
const msg =
`Failed to process client request '${clientReq.clientId}' for ` +
`${pkg.metadata?.namespace}/${pkg.metadata?.name}. This can occur if a client already exists with the same ID that Pepr isn't tracking.`;
Log.error({ err }, msg);
if (isRetry) {
Log.error(`${msg}, retry failed, aborting`);
throw new Error(`${msg}. RETRY FAILED, aborting: ${JSON.stringify(err)}`);
}
// Retry the request
Log.warn(`${msg}, retrying`);
return syncClient(clientReq, pkg, true);
}

@mjnagel mjnagel self-assigned this Jun 18, 2024
@mjnagel mjnagel mentioned this issue Jun 19, 2024
Closed
5 tasks
@mjnagel mjnagel mentioned this issue Jun 26, 2024
Merged
5 tasks
@mjnagel mjnagel added operator Issues pertaining to the UDS Operator (Pepr) sso Issues related to the SSO stack (Keycloak/Authservice) labels Jul 2, 2024
@mjnagel mjnagel closed this as completed in cae5aab Jul 3, 2024
@mjnagel mjnagel added this to the 0.23.0 milestone Jul 3, 2024
rjferguson21 pushed a commit that referenced this issue Jul 11, 2024
@mjnagel @jeff-mccoy
fix: operator retries and error logging (#511)
0b594c8 
## Description

This PR has a number of changes, mostly tied to operator behaviors and
bug fixes around failure logging. Included:
- URI Encoding of client ID on deletion/updates - when we call
updates/deletions on KC clients it gets appended to our URL for our
request and must be encoded
- Moves around the try/catch to only wrap the Keycloak API call so that
errors are surfaced more accurately in events and modifies the thrown
error from the Keycloak response to include the keycloak response status
and data (see #448)
- Adds a new Phase to Package for `Retrying` - this differentiates from
a `Pending` package that is already being reconciled to allow retries to
function as expected (see
#492)
- Moves uidSeen addition to patch status to handle infinite failure ->
pending -> failure ... loop on first apply (see
#525)

## Related Issue

Fixes #492

Fixes #448

Fixes #525

## Type of change

- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request)
followed

---------

Co-authored-by: Megamind <882485+jeff-mccoy@users.noreply.github.com>
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mjnagel mjnagel

Labels
operator Issues pertaining to the UDS Operator (Pepr) sso Issues related to the SSO stack (Keycloak/Authservice)
Projects
None yet
Milestone
0.23.0
Development

Successfully merging a pull request may close this issue.

fix: operator retries and error logging defenseunicorns/uds-core
1 participant
@mjnagel