Merge pull request rancher#80 from confluentinc/fixdelete

Fix the delete of a cluster when we don't have full read permission
jordanjean · Jul 24, 2019 · c187879 · c187879
2 parents 201ad9a + 246e5dd
commit c187879
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/rancher2/resource_rancher2_cluster.go b/rancher2/resource_rancher2_cluster.go
@@ -253,7 +253,13 @@ func clusterStateRefreshFunc(client *managementClient.Client, clusterID string)
 		obj := &Cluster{}
 		err := client.APIBaseClient.ByID(managementClient.ClusterType, clusterID, obj)
 		if err != nil {
-			if IsNotFound(err) {
+			// The IsForbidden check is used in the case the user performing the action does not have the
+			// right to retrieve the full list of clusters. If the user tries to retrieve the cluster that
+			// just got deleted, instead of getting a 404 not found response it will get a 403 forbidden
+			// eventhough it had the right to access the cluster before it was deleted. If we reach this
+			// code path, it means that the user had the right to access the cluster, delete it, hence
+			// meaning that the delete was successful.
+			if IsNotFound(err) || IsForbidden(err) {
 				return obj, "removed", nil
 			}
 			return nil, "", err

diff --git a/rancher2/util.go b/rancher2/util.go
@@ -169,6 +169,16 @@ func IsNotFound(err error) bool {
 	return clientbase.IsNotFound(err)
 }
 
+// IsForbidden checks if the given APIError is a Forbidden HTTP statuscode
+func IsForbidden(err error) bool {
+	apiError, ok := err.(*clientbase.APIError)
+	if !ok {
+		return false
+	}
+
+	return apiError.StatusCode == http.StatusForbidden
+}
+
 func splitTokenID(token string) string {
 	separator := ":"