Need to add secret read perms to plural sa (#1334)

pluralsh · Aug 9, 2024 · 0129590 · 0129590
1 parent fc91f9b
commit 0129590
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 4 deletions.
diff --git a/apps/core/lib/core/clients/console.ex b/apps/core/lib/core/clients/console.ex
@@ -42,7 +42,7 @@ defmodule Core.Clients.Console do
   """
 
   def new(url, token) do
-    Req.new(base_url: url, auth: "Token #{token}")
+    Req.new(base_url: with_gql(url), auth: "Token #{token}")
     |> AbsintheClient.attach()
   end
 
@@ -93,4 +93,11 @@ defmodule Core.Clients.Console do
     Logger.error "failed to fetch from console: #{inspect(resp)}"
     {:error, "console error"}
   end
+
+  defp with_gql(url) do
+    case String.ends_with?(url, "/gql") do
+      true -> url
+      _ -> "#{url}/gql"
+    end
+  end
 end
diff --git a/apps/core/lib/core/services/cloud/poller.ex b/apps/core/lib/core/services/cloud/poller.ex
@@ -3,6 +3,7 @@ defmodule Core.Services.Cloud.Poller do
   alias Core.Clients.Console
   alias Core.Services.Cloud
   alias Kazan.Apis.Core.V1, as: CoreV1
+  require Logger
 
   @poll :timer.minutes(5)
 
@@ -28,7 +29,9 @@ defmodule Core.Services.Cloud.Poller do
   def handle_info(:repo, %{client: client} = state) do
     case Console.repo(client, Core.conf(:mgmt_repo)) do
       {:ok, id} -> {:noreply, %{state | repo: id}}
-      _ -> {:noreply, state}
+      err ->
+        Logger.warn "failed to find mgmt repo: #{inspect(err)}"
+        {:noreply, state}
     end
   end
 
@@ -41,8 +44,11 @@ defmodule Core.Services.Cloud.Poller do
   end
 
   def handle_info(:roaches, state) do
-    with {:ok, roaches} <- read_secret() do
-      Enum.each(roaches, &upsert_roach/1)
+    case read_secret() do
+      {:ok, roaches} ->
+        Enum.each(roaches, &upsert_roach/1)
+      err ->
+        Logger.warn "failed to fetch available cockroach clusters: #{inspect(err)}"
     end
     {:noreply, state}
   end

diff --git a/plural/helm/plural/templates/rbac.yaml b/plural/helm/plural/templates/rbac.yaml
@@ -8,6 +8,9 @@ rules:
 - apiGroups: [""]
   resources: ["endpoints", "pods"]
   verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "list", "watch"]
 - apiGroups: ["batch", "extensions"]
   resources: ["jobs"]
   verbs: ["get", "list", "watch"]