From ce7da22760fcc5bfb6e3d9a455d858e06c93e198 Mon Sep 17 00:00:00 2001 From: Bipul Adhikari Date: Tue, 12 Nov 2024 19:52:49 +0545 Subject: [PATCH] More fixups Signed-off-by: Bipul Adhikari --- internal/kubernetes/token/grpc.go | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/internal/kubernetes/token/grpc.go b/internal/kubernetes/token/grpc.go index fc3dc51fd..c22033e72 100644 --- a/internal/kubernetes/token/grpc.go +++ b/internal/kubernetes/token/grpc.go @@ -77,29 +77,26 @@ func authorizeConnection(ctx context.Context, kubeclient kubernetes.Clientset) e md, ok := metadata.FromIncomingContext(ctx) if !ok { - return status.Errorf(codes.Unauthenticated, "missing metadata") + return status.Error(codes.Unauthenticated, "missing metadata") } authHeader, ok := md["authorization"] if !ok || len(authHeader) == 0 { - return status.Errorf(codes.Unauthenticated, "missing authorization token") + return status.Error(codes.Unauthenticated, "missing authorization token") } token := authHeader[0] isValidated, err := validateBearerToken(ctx, token, kubeclient) if !isValidated || (err != nil) { - return status.Errorf(codes.Unauthenticated, "invalid token") + return status.Error(codes.Unauthenticated, fmt.Sprint("invalid token: %w", err)) } return nil } func parseToken(authHeader string) string { - // Check if the Authorization header starts with "Bearer" if strings.HasPrefix(authHeader, bearerPrefix) { - // Remove the "Bearer " part and return the token return strings.TrimPrefix(authHeader, bearerPrefix) } - // If it doesn't start with "Bearer", return the original header return authHeader } @@ -111,7 +108,7 @@ func validateBearerToken(ctx context.Context, token string, kubeclient kubernete } result, err := kubeclient.AuthenticationV1().TokenReviews().Create(ctx, tokenReview, metav1.CreateOptions{}) if err != nil { - return false, fmt.Errorf("failed to review token %v", err) + return false, fmt.Errorf("failed to review token %w", err) } if result.Status.Authenticated {