Handle forbidden error when checking for knative

In some cases, kubernetes returns a 403 instead of a 404 when checking for non-existant namespaces. This fix handles that exception as well as the 404. Relates to https://gitlab.com/gitlab-org/gitlab/issues/119379

Handle forbidden error when checking for knative
In some cases, kubernetes returns a 403 instead of a 404 when checking for non-existant namespaces. This fix handles that exception as well as the 404. Relates to https://gitlab.com/gitlab-org/gitlab/issues/119379
f0631507 · Alex Ives · Thong Kuah · 3c188002 · f0631507 · f0631507
Commit f0631507 authored Dec 22, 2019 by Alex Ives Committed by Thong Kuah Dec 22, 2019
4 changed files
--- a/app/finders/clusters/knative_serving_namespace_finder.rb
+++ b/app/finders/clusters/knative_serving_namespace_finder.rb
@@ -12,6 +12,14 @@ module Clusters
      cluster.kubeclient&.get_namespace(Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE)
    rescue Kubeclient::ResourceNotFoundError
      nil
+    rescue Kubeclient::HttpError => e
+      # If the kubernetes auth engine is enabled, it will return 403
+      if e.error_code == 403
+        Gitlab::ErrorTracking.track_exception(e)
+        nil
+      else
+        raise
+      end
    end
  end
 end
--- a/changelogs/unreleased/alexives-119379-handle_http_error_instead_of_not_found.yml
+++ b/changelogs/unreleased/alexives-119379-handle_http_error_instead_of_not_found.yml
+---
+title: Handle forbidden error when checking for knative
+merge_request: 22170
+author:
+type: fixed
--- a/spec/finders/clusters/knative_serving_namespace_finder_spec.rb
+++ b/spec/finders/clusters/knative_serving_namespace_finder_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+describe Clusters::KnativeServingNamespaceFinder do
+  include KubernetesHelpers
+  let(:cluster) { create(:cluster, :project, :provided_by_gcp) }
+  let(:service) { environment.deployment_platform }
+  let(:project) { cluster.cluster_project.project }
+  let(:environment) { create(:environment, project: project) }
+  subject { Clusters::KnativeServingNamespaceFinder.new(cluster) }
+  before do
+    stub_kubeclient_discover(service.api_url)
+  end
+  it 'finds the namespace in a cluster where it exists' do
+    stub_kubeclient_get_namespace(service.api_url, namespace: Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE)
+    expect(subject.execute).to be_a Kubeclient::Resource
+  end
+  it 'returns nil in a cluster where it does not' do
+    stub_kubeclient_get_namespace(
+      service.api_url,
+        namespace: Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE,
+        response: {
+            status: [404, "Resource Not Found"]
+        }
+    )
+    expect(subject.execute).to be nil
+  end
+  it 'returns nil in a cluster where the lookup results in a 403 as it will in some versions of kubernetes' do
+    stub_kubeclient_get_namespace(
+      service.api_url,
+        namespace: Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE,
+        response: {
+            status: [403, "Resource Not Found"]
+        }
+    )
+    expect(subject.execute).to be nil
+  end
+  it 'raises an error if error code is not 404 or 403' do
+    stub_kubeclient_get_namespace(
+      service.api_url,
+        namespace: Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE,
+        response: {
+            status: [500, "Internal Server Error"]
+        }
+    )
+    expect { subject.execute }.to raise_error(Kubeclient::HttpError)
+  end
+end
--- a/spec/support/helpers/kubernetes_helpers.rb
+++ b/spec/support/helpers/kubernetes_helpers.rb
@@ -229,9 +229,9 @@ module KubernetesHelpers
      .to_return(kube_response(kube_v1_namespace_list_body))
  end
-  def stub_kubeclient_get_namespace(api_url, namespace: 'default')
+  def stub_kubeclient_get_namespace(api_url, namespace: 'default', response: kube_response({}))
    WebMock.stub_request(:get, api_url + "/api/v1/namespaces/#{namespace}")
-      .to_return(kube_response({}))
+      .to_return(response)
  end
  def stub_kubeclient_put_cluster_role(api_url, name)