Log warning when whitelisted ns inaccessible

fluxcd · Aug 22, 2018 · d0a846e · d0a846e
1 parent 9b7aee1
commit d0a846e
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 10 deletions.
diff --git a/cluster/kubernetes/kubernetes.go b/cluster/kubernetes/kubernetes.go
@@ -313,9 +313,13 @@ func (c *Cluster) getAllowedNamespaces() ([]apiv1.Namespace, error) {
 	if len(c.nsWhitelist) > 0 {
 		nsList := []apiv1.Namespace{}
 		for _, name := range c.nsWhitelist {
-			if ns, err := c.client.CoreV1().Namespaces().Get(name, meta_v1.GetOptions{}); err == nil {
+			ns, err := c.client.CoreV1().Namespaces().Get(name, meta_v1.GetOptions{})
+			switch {
+			case err == nil:
 				nsList = append(nsList, *ns)
-			} else if !(apierrors.IsNotFound(err) || apierrors.IsUnauthorized(err) || apierrors.IsForbidden(err)) {
+			case apierrors.IsNotFound(err) || apierrors.IsUnauthorized(err) || apierrors.IsForbidden(err):
+				c.logger.Log("warning", "namespace unauthorized, forbidden, or not found", "namespace", name)
+			default:
 				return nil, err
 			}
 		}

diff --git a/cluster/kubernetes/kubernetes_test.go b/cluster/kubernetes/kubernetes_test.go
@@ -1,11 +1,13 @@
 package kubernetes
 
 import (
+	"reflect"
+	"testing"
+
+	"github.com/go-kit/kit/log"
 	apiv1 "k8s.io/api/core/v1"
 	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	fakekubernetes "k8s.io/client-go/kubernetes/fake"
-	"testing"
-	"reflect"
 )
 
 func newNamespace(name string) *apiv1.Namespace {
@@ -15,7 +17,7 @@ func newNamespace(name string) *apiv1.Namespace {
 		},
 		TypeMeta: meta_v1.TypeMeta{
 			APIVersion: "v1",
-			Kind: "Namespace",
+			Kind:       "Namespace",
 		},
 	}
 }
@@ -24,7 +26,7 @@ func testGetAllowedNamespaces(t *testing.T, namespace []string, expected []strin
 	clientset := fakekubernetes.NewSimpleClientset(newNamespace("default"),
 		newNamespace("kube-system"))
 
-	c := NewCluster(clientset, nil, nil, nil, nil, namespace)
+	c := NewCluster(clientset, nil, nil, nil, log.NewNopLogger(), namespace)
 
 	namespaces, err := c.getAllowedNamespaces()
 	if err != nil {
@@ -42,21 +44,21 @@ func testGetAllowedNamespaces(t *testing.T, namespace []string, expected []strin
 }
 
 func TestGetAllowedNamespacesDefault(t *testing.T) {
-	testGetAllowedNamespaces(t, []string{}, []string{"default","kube-system",})
+	testGetAllowedNamespaces(t, []string{}, []string{"default", "kube-system"})
 }
 
 func TestGetAllowedNamespacesNamespacesIsNil(t *testing.T) {
-	testGetAllowedNamespaces(t, nil, []string{"default","kube-system",})
+	testGetAllowedNamespaces(t, nil, []string{"default", "kube-system"})
 }
 
 func TestGetAllowedNamespacesNamespacesSet(t *testing.T) {
-	testGetAllowedNamespaces(t, []string{"default"}, []string{"default",})
+	testGetAllowedNamespaces(t, []string{"default"}, []string{"default"})
 }
 
 func TestGetAllowedNamespacesNamespacesSetDoesNotExist(t *testing.T) {
 	testGetAllowedNamespaces(t, []string{"hello"}, []string{})
 }
 
 func TestGetAllowedNamespacesNamespacesMultiple(t *testing.T) {
-	testGetAllowedNamespaces(t, []string{"default","hello","kube-system"}, []string{"default","kube-system"})
+	testGetAllowedNamespaces(t, []string{"default", "hello", "kube-system"}, []string{"default", "kube-system"})
 }