Fixing authcheck on login (#184)

raghavendra-nataraj · web-flow · commit 633113ca7afb · 2022-04-18T11:05:46.000-07:00
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
@@ -77,9 +77,7 @@ func ReconcileAzureStackHCIAccess(ctx context.Context, cli client.Client, cloudF
 	if strings.ToLower(os.Getenv("WSSD_DEBUG_MODE")) != "on" {
 		_, err := os.Stat(wssdconfigpath)
 		if err != nil {
-			if err := login(ctx, cli, cloudFqdn); err != nil {
-				return nil, err
-			}
+			return login(ctx, cli, cloudFqdn)
 		}
 		go UpdateLoginConfig(ctx, cli)
 	}
@@ -90,11 +88,7 @@ func ReconcileAzureStackHCIAccess(ctx context.Context, cli client.Client, cloudF
 			return nil, errors.Wrap(err, "error: new authorizer failed")
 		}
 		// Login if certificate expired
-		if err := login(ctx, cli, cloudFqdn); err != nil {
-			return nil, err
-		}
-		// create new authorization
-		return auth.NewAuthorizerFromEnvironment(cloudFqdn)
+		return login(ctx, cli, cloudFqdn)
 	}
 	return authorizer, nil
 }
@@ -124,48 +118,50 @@ func UpdateLoginConfig(ctx context.Context, cli client.Client) {
 
 }
 
-func login(ctx context.Context, cli client.Client, cloudFqdn string) error {
+func login(ctx context.Context, cli client.Client, cloudFqdn string) (auth.Authorizer, error) {
 	wssdconfigpath := os.Getenv("WSSD_CONFIG_PATH")
 	if wssdconfigpath == "" {
-		return errors.New("ReconcileAzureStackHCIAccess: Environment variable WSSD_CONFIG_PATH is not set")
+		return nil, errors.New("ReconcileAzureStackHCIAccess: Environment variable WSSD_CONFIG_PATH is not set")
 	}
 
 	mut.Lock()
 	defer mut.Unlock()
 	if _, err := os.Stat(wssdconfigpath); err == nil {
-		return nil
+		if authorizer, err := auth.NewAuthorizerFromEnvironment(cloudFqdn); err == nil {
+			return authorizer, nil
+		}
 	}
 	klog.Infof("AzureStackHCI: Login attempt")
 	secret, err := GetSecret(ctx, cli, AzHCIAccessCreds)
 	if err != nil {
-		return errors.Wrap(err, "failed to create wssd session, missing login credentials secret")
+		return nil, errors.Wrap(err, "failed to create wssd session, missing login credentials secret")
 	}
 
 	data, ok := secret.Data[AzHCIAccessTokenFieldName]
 	if !ok {
-		return errors.New("error: could not parse kubernetes secret")
+		return nil, errors.New("error: could not parse kubernetes secret")
 	}
 
 	loginconfig := auth.LoginConfig{}
 	err = config.LoadYAMLConfig(string(data), &loginconfig)
 	if err != nil {
-		return errors.Wrap(err, "failed to create wssd session: parse yaml login config failed")
+		return nil, errors.Wrap(err, "failed to create wssd session: parse yaml login config failed")
 	}
 
 	authenticationClient, err := authentication.NewAuthenticationClientAuthMode(cloudFqdn, loginconfig)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	_, err = authenticationClient.LoginWithConfig(ctx, "", loginconfig, true)
 	if err != nil && !azurestackhci.ResourceAlreadyExists(err) {
-		return errors.Wrap(err, "failed to create wssd session: login failed")
+		return nil, errors.Wrap(err, "failed to create wssd session: login failed")
 	}
 	if _, err := os.Stat(wssdconfigpath); err != nil {
-		return errors.Wrapf(err, "Missing wssdconfig %s after login", wssdconfigpath)
+		return nil, errors.Wrapf(err, "Missing wssdconfig %s after login", wssdconfigpath)
 	}
 	klog.Infof("AzureStackHCI: Login successful")
-	return nil
+	return auth.NewAuthorizerFromEnvironment(cloudFqdn)
 }
 
 func GetSecret(ctx context.Context, cli client.Client, name string) (*corev1.Secret, error) {

Original file line number	Diff line number	Diff line change
`@@ -77,9 +77,7 @@ func ReconcileAzureStackHCIAccess(ctx context.Context, cli client.Client, cloudF`
`77`	`77`	`if strings.ToLower(os.Getenv("WSSD_DEBUG_MODE")) != "on" {`
`78`	`78`	`_, err := os.Stat(wssdconfigpath)`
`79`	`79`	`if err != nil {`
`80`		`- if err := login(ctx, cli, cloudFqdn); err != nil {`
`81`		`- return nil, err`
`82`		`- }`
	`80`	`+ return login(ctx, cli, cloudFqdn)`
`83`	`81`	`}`
`84`	`82`	`go UpdateLoginConfig(ctx, cli)`
`85`	`83`	`}`
`@@ -90,11 +88,7 @@ func ReconcileAzureStackHCIAccess(ctx context.Context, cli client.Client, cloudF`
`90`	`88`	`return nil, errors.Wrap(err, "error: new authorizer failed")`
`91`	`89`	`}`
`92`	`90`	`// Login if certificate expired`
`93`		`- if err := login(ctx, cli, cloudFqdn); err != nil {`
`94`		`- return nil, err`
`95`		`- }`
`96`		`- // create new authorization`
`97`		`- return auth.NewAuthorizerFromEnvironment(cloudFqdn)`
	`91`	`+ return login(ctx, cli, cloudFqdn)`
`98`	`92`	`}`
`99`	`93`	`return authorizer, nil`
`100`	`94`	`}`
`@@ -124,48 +118,50 @@ func UpdateLoginConfig(ctx context.Context, cli client.Client) {`
`124`	`118`
`125`	`119`	`}`
`126`	`120`
`127`		`-func login(ctx context.Context, cli client.Client, cloudFqdn string) error {`
	`121`	`+func login(ctx context.Context, cli client.Client, cloudFqdn string) (auth.Authorizer, error) {`
`128`	`122`	`wssdconfigpath := os.Getenv("WSSD_CONFIG_PATH")`
`129`	`123`	`if wssdconfigpath == "" {`
`130`		`- return errors.New("ReconcileAzureStackHCIAccess: Environment variable WSSD_CONFIG_PATH is not set")`
	`124`	`+ return nil, errors.New("ReconcileAzureStackHCIAccess: Environment variable WSSD_CONFIG_PATH is not set")`
`131`	`125`	`}`
`132`	`126`
`133`	`127`	`mut.Lock()`
`134`	`128`	`defer mut.Unlock()`
`135`	`129`	`if _, err := os.Stat(wssdconfigpath); err == nil {`
`136`		`- return nil`
	`130`	`+ if authorizer, err := auth.NewAuthorizerFromEnvironment(cloudFqdn); err == nil {`
	`131`	`+ return authorizer, nil`
	`132`	`+ }`
`137`	`133`	`}`
`138`	`134`	`klog.Infof("AzureStackHCI: Login attempt")`
`139`	`135`	`secret, err := GetSecret(ctx, cli, AzHCIAccessCreds)`
`140`	`136`	`if err != nil {`
`141`		`- return errors.Wrap(err, "failed to create wssd session, missing login credentials secret")`
	`137`	`+ return nil, errors.Wrap(err, "failed to create wssd session, missing login credentials secret")`
`142`	`138`	`}`
`143`	`139`
`144`	`140`	`data, ok := secret.Data[AzHCIAccessTokenFieldName]`
`145`	`141`	`if !ok {`
`146`		`- return errors.New("error: could not parse kubernetes secret")`
	`142`	`+ return nil, errors.New("error: could not parse kubernetes secret")`
`147`	`143`	`}`
`148`	`144`
`149`	`145`	`loginconfig := auth.LoginConfig{}`
`150`	`146`	`err = config.LoadYAMLConfig(string(data), &loginconfig)`
`151`	`147`	`if err != nil {`
`152`		`- return errors.Wrap(err, "failed to create wssd session: parse yaml login config failed")`
	`148`	`+ return nil, errors.Wrap(err, "failed to create wssd session: parse yaml login config failed")`
`153`	`149`	`}`
`154`	`150`
`155`	`151`	`authenticationClient, err := authentication.NewAuthenticationClientAuthMode(cloudFqdn, loginconfig)`
`156`	`152`	`if err != nil {`
`157`		`- return err`
	`153`	`+ return nil, err`
`158`	`154`	`}`
`159`	`155`
`160`	`156`	`_, err = authenticationClient.LoginWithConfig(ctx, "", loginconfig, true)`
`161`	`157`	`if err != nil && !azurestackhci.ResourceAlreadyExists(err) {`
`162`		`- return errors.Wrap(err, "failed to create wssd session: login failed")`
	`158`	`+ return nil, errors.Wrap(err, "failed to create wssd session: login failed")`
`163`	`159`	`}`
`164`	`160`	`if _, err := os.Stat(wssdconfigpath); err != nil {`
`165`		`- return errors.Wrapf(err, "Missing wssdconfig %s after login", wssdconfigpath)`
	`161`	`+ return nil, errors.Wrapf(err, "Missing wssdconfig %s after login", wssdconfigpath)`
`166`	`162`	`}`
`167`	`163`	`klog.Infof("AzureStackHCI: Login successful")`
`168`		`- return nil`
	`164`	`+ return auth.NewAuthorizerFromEnvironment(cloudFqdn)`
`169`	`165`	`}`
`170`	`166`
`171`	`167`	`func GetSecret(ctx context.Context, cli client.Client, name string) (*corev1.Secret, error) {`