From d0a846ef347fe0044b7ff0840cd4c923d9e1d26a Mon Sep 17 00:00:00 2001
From: Michael Bridgen <mikeb@squaremobius.net>
Date: Wed, 22 Aug 2018 14:27:50 +0100
Subject: [PATCH] Log warning when whitelisted ns inaccessible

---
 cluster/kubernetes/kubernetes.go      |  8 ++++++--
 cluster/kubernetes/kubernetes_test.go | 18 ++++++++++--------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/cluster/kubernetes/kubernetes.go b/cluster/kubernetes/kubernetes.go
index b94a2ecb46..75c84b54cf 100644
--- a/cluster/kubernetes/kubernetes.go
+++ b/cluster/kubernetes/kubernetes.go
@@ -313,9 +313,13 @@ func (c *Cluster) getAllowedNamespaces() ([]apiv1.Namespace, error) {
 	if len(c.nsWhitelist) > 0 {
 		nsList := []apiv1.Namespace{}
 		for _, name := range c.nsWhitelist {
-			if ns, err := c.client.CoreV1().Namespaces().Get(name, meta_v1.GetOptions{}); err == nil {
+			ns, err := c.client.CoreV1().Namespaces().Get(name, meta_v1.GetOptions{})
+			switch {
+			case err == nil:
 				nsList = append(nsList, *ns)
-			} else if !(apierrors.IsNotFound(err) || apierrors.IsUnauthorized(err) || apierrors.IsForbidden(err)) {
+			case apierrors.IsNotFound(err) || apierrors.IsUnauthorized(err) || apierrors.IsForbidden(err):
+				c.logger.Log("warning", "namespace unauthorized, forbidden, or not found", "namespace", name)
+			default:
 				return nil, err
 			}
 		}
diff --git a/cluster/kubernetes/kubernetes_test.go b/cluster/kubernetes/kubernetes_test.go
index 5d20be62e2..6911301b3e 100644
--- a/cluster/kubernetes/kubernetes_test.go
+++ b/cluster/kubernetes/kubernetes_test.go
@@ -1,11 +1,13 @@
 package kubernetes
 
 import (
+	"reflect"
+	"testing"
+
+	"github.com/go-kit/kit/log"
 	apiv1 "k8s.io/api/core/v1"
 	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	fakekubernetes "k8s.io/client-go/kubernetes/fake"
-	"testing"
-	"reflect"
 )
 
 func newNamespace(name string) *apiv1.Namespace {
@@ -15,7 +17,7 @@ func newNamespace(name string) *apiv1.Namespace {
 		},
 		TypeMeta: meta_v1.TypeMeta{
 			APIVersion: "v1",
-			Kind: "Namespace",
+			Kind:       "Namespace",
 		},
 	}
 }
@@ -24,7 +26,7 @@ func testGetAllowedNamespaces(t *testing.T, namespace []string, expected []strin
 	clientset := fakekubernetes.NewSimpleClientset(newNamespace("default"),
 		newNamespace("kube-system"))
 
-	c := NewCluster(clientset, nil, nil, nil, nil, namespace)
+	c := NewCluster(clientset, nil, nil, nil, log.NewNopLogger(), namespace)
 
 	namespaces, err := c.getAllowedNamespaces()
 	if err != nil {
@@ -42,15 +44,15 @@ func testGetAllowedNamespaces(t *testing.T, namespace []string, expected []strin
 }
 
 func TestGetAllowedNamespacesDefault(t *testing.T) {
-	testGetAllowedNamespaces(t, []string{}, []string{"default","kube-system",})
+	testGetAllowedNamespaces(t, []string{}, []string{"default", "kube-system"})
 }
 
 func TestGetAllowedNamespacesNamespacesIsNil(t *testing.T) {
-	testGetAllowedNamespaces(t, nil, []string{"default","kube-system",})
+	testGetAllowedNamespaces(t, nil, []string{"default", "kube-system"})
 }
 
 func TestGetAllowedNamespacesNamespacesSet(t *testing.T) {
-	testGetAllowedNamespaces(t, []string{"default"}, []string{"default",})
+	testGetAllowedNamespaces(t, []string{"default"}, []string{"default"})
 }
 
 func TestGetAllowedNamespacesNamespacesSetDoesNotExist(t *testing.T) {
@@ -58,5 +60,5 @@ func TestGetAllowedNamespacesNamespacesSetDoesNotExist(t *testing.T) {
 }
 
 func TestGetAllowedNamespacesNamespacesMultiple(t *testing.T) {
-	testGetAllowedNamespaces(t, []string{"default","hello","kube-system"}, []string{"default","kube-system"})
+	testGetAllowedNamespaces(t, []string{"default", "hello", "kube-system"}, []string{"default", "kube-system"})
 }