Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Better error for invalid certificate. #2852

Merged
9 changes: 6 additions & 3 deletions mirrord/cli/src/connection.rs
Original file line number Diff line number Diff line change
Expand Up @@ -164,9 +164,12 @@ where
.await
.map_err(|error| CliError::auth_exec_error_or(error, CliError::CreateAgentFailed))?;

if let Err(error) = k8s_api.detect_openshift(progress).await {
tracing::debug!(?error, "Failed to detect OpenShift");
};
k8s_api
.detect_openshift(progress)
.await
.map_err(|fail| CliError::auth_exec_error_or(fail, CliError::CreateAgentFailed))
.inspect_err(|fail| tracing::debug!(?fail, "Failed to detect OpenShift!"))
.ok();

let agent_connect_info = tokio::time::timeout(
Duration::from_secs(config.agent.startup_timeout),
Expand Down
16 changes: 15 additions & 1 deletion mirrord/cli/src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,15 @@ pub(crate) enum CliError {
))]
AgentConnectionFailed(KubeApiError),

/// Friendlier version of the invalid certificate error that comes from a
/// [`kube::Error::Service`].
#[error("Kube API operation failed due to missing or invalid certificate: {0}")]
#[diagnostic(help(
r"1. Consider enabling `accept_invalid_certificates` in your `mirrord.json`, or;
2. Running `mirrord exec` with the `-c` flag."
))]
meowjesty marked this conversation as resolved.
Show resolved Hide resolved
InvalidCertificate(KubeApiError),

#[error("Failed to communicate with the agent: {0}")]
#[diagnostic(help("Please check agent status and logs.{GENERAL_HELP}"))]
InitialAgentCommFailed(String),
Expand Down Expand Up @@ -400,7 +409,12 @@ impl CliError {

match error {
KubeApiError::KubeError(Error::Auth(AuthError::AuthExec(error))) => {
Self::KubeAuthExecFailed(error)
Self::KubeAuthExecFailed(error.to_owned())
}
KubeApiError::KubeError(Error::Service(ref fail))
if fail.to_string().contains("InvalidCertificate") =>
{
Self::InvalidCertificate(error)
Razz4780 marked this conversation as resolved.
Show resolved Hide resolved
}
error => fallback(error),
}
Expand Down
4 changes: 3 additions & 1 deletion mirrord/kube/src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@ pub type Result<T, E = KubeApiError> = std::result::Result<T, E>;

#[derive(Debug, Error)]
pub enum KubeApiError {
#[error("Kube failed: {0}")]
/// We manually implement `From<kube::Error>` to give a better error in case of
/// kube failing due to an invalid certificate.
#[error(transparent)]
meowjesty marked this conversation as resolved.
Show resolved Hide resolved
KubeError(#[from] kube::Error),

#[error("Connection to agent failed: {0}")]
Expand Down
Loading