fix client creation error when one of the auth infos are invalid

Signed-off-by: Utkarsh Srivastava <[email protected]>
meshery · Dec 24, 2020 · 9ae6998 · 9ae6998
1 parent 6d53664
commit 9ae6998
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 4 deletions.
diff --git a/adapter/configure.go b/adapter/configure.go
@@ -1,6 +1,8 @@
 package adapter
 
 import (
+	"os"
+
 	"github.com/layer5io/meshkit/models"
 	mesherykube "github.com/layer5io/meshkit/utils/kubernetes"
 	yaml "gopkg.in/yaml.v2"
@@ -84,13 +86,15 @@ func (h *Adapter) validateKubeconfig(kubeconfig []byte) error {
 		return ErrValidateKubeconfig(err)
 	}
 
-	err = clientcmdapi.FlattenConfig(clientcmdConfig)
-	if err != nil {
+	if err := filterK8sConfigAuthInfos(clientcmdConfig.AuthInfos); err != nil {
 		return ErrValidateKubeconfig(err)
 	}
 
-	err = clientcmdapi.MinifyConfig(clientcmdConfig)
-	if err != nil {
+	if err := clientcmdapi.FlattenConfig(clientcmdConfig); err != nil {
+		return ErrValidateKubeconfig(err)
+	}
+
+	if err := clientcmdapi.MinifyConfig(clientcmdConfig); err != nil {
 		return ErrValidateKubeconfig(err)
 	}
 
@@ -141,3 +145,33 @@ func (h *Adapter) createMesheryKubeclient(kubeconfig []byte) error {
 	h.MesheryKubeclient = client
 	return nil
 }
+
+// filterK8sConfigAuthInfos takes in the authInfos map and deletes any invalid
+// authInfo.
+//
+// An authInfo is invalid if the certificate path mentioned in it is either
+// invalid or is inaccessible to the adapter
+//
+// The function will throw an error if after filtering the authInfos it becomes
+// empty which indicates that the kubeconfig cannot be used for communicating
+// with the kubernetes server.
+func filterK8sConfigAuthInfos(authInfos map[string]*clientcmdapi.AuthInfo) error {
+	for key, authInfo := range authInfos {
+		// If clientCertficateData is not present then proceed to check
+		// the client certicate path
+		if len(authInfo.ClientCertificateData) == 0 {
+			if _, err := os.Stat(authInfo.ClientCertificate); err != nil {
+				// If the path is inaccessible or invalid then delete that authinfo
+				delete(authInfos, key)
+			}
+		}
+	}
+
+	// In the end if the authInfos map is empty then the kubeconfig is
+	// invalid and cannot be used for communicating with kubernetes
+	if len(authInfos) == 0 {
+		return ErrAuthInfosInvalidMsg
+	}
+
+	return nil
+}
diff --git a/adapter/error.go b/adapter/error.go
@@ -38,6 +38,10 @@ const (
 var (
 	ErrGetName   = errors.NewDefault(ErrGetNameCode, "Unable to get mesh name")
 	ErrOpInvalid = errors.NewDefault(ErrOpInvalidCode, "Invalid operation")
+
+	// ErrAuthInfosInvalidMsg is the error message when the all of auth infos have invalid or inaccessbile paths
+	// as there certificate paths
+	ErrAuthInfosInvalidMsg = fmt.Errorf("none of the auth infos are valid either the certificate path is invalid or is inaccessible")
 )
 
 func ErrCreateInstance(err error) error {