remove discoveredclusters on unauthorized client error

Signed-off-by: dislbenn <[email protected]>
stolostron · Oct 3, 2024 · e541bd8 · e541bd8
1 parent e102a09
commit e541bd8
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 6 deletions.
diff --git a/controllers/discoveryconfig_controller.go b/controllers/discoveryconfig_controller.go
@@ -140,7 +140,6 @@ func (r *DiscoveryConfigReconciler) updateDiscoveredClusters(ctx context.Context
 
 	// Parse user token from ocm secret.
 	authRequest, err := parseSecretForAuth(ocmSecret)
-
 	if err != nil {
 		logf.Error(err, "Error parsing token from secret. Deleting all clusters.", "Secret", ocmSecret.GetName())
 		return r.deleteAllClusters(ctx, config)
@@ -151,16 +150,16 @@ func (r *DiscoveryConfigReconciler) updateDiscoveredClusters(ctx context.Context
 	authRequest.BaseAuthURL = getAuthURLOverride(config)
 	filters := config.Spec.Filters
 
-	discovered, err := []discovery.DiscoveredCluster{}, nil
+	var discovered []discovery.DiscoveredCluster
 	if val, ok := os.LookupEnv("UNIT_TEST"); ok && val == "true" {
 		discovered, err = mockDiscoveredCluster()
 	} else {
 		discovered, err = ocm.DiscoverClusters(authRequest, filters)
 	}
 
 	if err != nil {
-		if ocm.IsUnrecoverable(err) {
-			logf.Info("Unrecoverable error. Cleaning up clusters.", "Error", err.Error())
+		if ocm.IsUnrecoverable(err) || ocm.IsUnauthorizedClient(err) {
+			logf.Info("Error encountered. Cleaning up clusters.", "Error", err.Error())
 			return r.deleteAllClusters(ctx, config)
 		}
 		return err

diff --git a/pkg/ocm/auth/provider.go b/pkg/ocm/auth/provider.go
@@ -19,7 +19,8 @@ var (
 	httpClient   AuthPostInterface = &authRestClient{}
 	AuthProvider IAuthProvider     = &authProvider{}
 
-	ErrInvalidToken = errors.New("invalid token")
+	ErrInvalidToken       = errors.New("invalid token")
+	ErrUnauthorizedClient = errors.New("unauthorized_client")
 )
 
 type AuthPostInterface interface {

diff --git a/pkg/ocm/auth/service.go b/pkg/ocm/auth/service.go
@@ -25,8 +25,9 @@ func (client authClient) GetToken(request AuthRequest) (string, error) {
 	response, err := AuthProvider.GetToken(request)
 
 	if err != nil {
-		return "", fmt.Errorf("%s: %w", "couldn't get token", err.Error)
+		return "", fmt.Errorf("%s: %v", "couldn't get token", err)
 	}
+
 	if response.AccessToken == "" {
 		return "", fmt.Errorf("missing `access_token` in response")
 	}

diff --git a/pkg/ocm/ocm.go b/pkg/ocm/ocm.go
@@ -87,6 +87,11 @@ func formatCluster(sub subscription.Subscription) (discovery.DiscoveredCluster,
 	return discoveredCluster, true
 }
 
+// IsUnauthorizedClient returns true if the specified error is unauthorized client side error.
+func IsUnauthorizedClient(err error) bool {
+	return strings.Contains(err.Error(), auth.ErrUnauthorizedClient.Error())
+}
+
 // IsUnrecoverable returns true if the specified error is not temporary
 // and will continue to occur with the current state.
 func IsUnrecoverable(err error) bool {