feedback

pulumi · Oct 11, 2024 · 6d80189 · 6d80189
1 parent 2e98163
commit 6d80189
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 42 deletions.
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -45,10 +45,7 @@
 				"-v=false",
 				"--workspace=${input:workdir}",
 				"-s=dev"
-			],
-			"env": {
-				"AWS_REGION": "us-west-1",
-			}
+			]
 		},
 		{
 			"name": "Agent (kubernetes)",
@@ -67,8 +64,7 @@
 			],
 			"env": {
 				"POD_NAMESPACE": "default",
-				"POD_SA_NAME": "fake",
-				"AWS_REGION": "us-west-1",
+				"POD_SA_NAME": "fake"
 			}
 		}
 	],

diff --git a/agent/cmd/root.go b/agent/cmd/root.go
@@ -58,6 +58,7 @@ to use to perform stack operations.`,
 
 		// initialize a command-specific logger
 		log = zap.L().Named("cmd").Named(cmd.Name()).Sugar()
+		cmd.SilenceErrors = true
 		return nil
 	},
 	PersistentPostRun: func(cmd *cobra.Command, args []string) {
@@ -71,6 +72,9 @@ to use to perform stack operations.`,
 func Execute() {
 	err := rootCmd.Execute()
 	if err != nil {
+		if log != nil {
+			log.Error(err.Error())
+		}
 		os.Exit(1)
 	}
 }

diff --git a/agent/cmd/serve.go b/agent/cmd/serve.go
@@ -71,9 +71,10 @@ var serveCmd = &cobra.Command{
 				return fmt.Errorf("--kube-workspace-name is required when auth mode is kubernetes")
 			}
 		}
+		cmd.SilenceUsage = true
 		return nil
 	},
-	Run: func(cmd *cobra.Command, args []string) {
+	RunE: func(cmd *cobra.Command, args []string) error {
 		ctx := cmd.Context()
 
 		log.Infow("Pulumi Kubernetes Agent", "version", version.Version)
@@ -94,8 +95,7 @@ var serveCmd = &cobra.Command{
 		case AuthModeKubernetes:
 			kubeConfig, err := GetKubeConfig()
 			if err != nil {
-				log.Fatalw("unable to load the kubeconfig", zap.Error(err))
-				os.Exit(1)
+				return fmt.Errorf("unable to load the kubeconfig: %w", err)
 			}
 
 			authFunc, err = server.NewKubeAuth(log.Desugar(), kubeConfig, server.KubeAuthOptions{
@@ -105,8 +105,7 @@ var serveCmd = &cobra.Command{
 				},
 			})
 			if err != nil {
-				log.Fatalw("unable to initialize the Kubernetes authorizer", zap.Error(err))
-				os.Exit(1)
+				return fmt.Errorf("unable to initialize the Kubernetes authorizer: %w", err)
 			}
 			log.Infow("activated the Kubernetes authorization mode",
 				zap.String("workspace.namespace", _workspaceNamespace), zap.String("workspace.name", _workspaceName))
@@ -116,19 +115,16 @@ var serveCmd = &cobra.Command{
 		workspaceOpts := []auto.LocalWorkspaceOption{}
 		workDir, err := filepath.EvalSymlinks(_workDir) // resolve the true location of the workspace
 		if err != nil {
-			log.Fatalw("unable to resolve the workspace directory", zap.Error(err))
-			os.Exit(1)
+			return fmt.Errorf("unable to resolve the workspace directory: %w", err)
 		}
 		workspaceOpts = append(workspaceOpts, auto.WorkDir(workDir))
 		workspace, err := auto.NewLocalWorkspace(ctx, workspaceOpts...)
 		if err != nil {
-			log.Fatalw("unable to open the workspace", zap.Error(err))
-			os.Exit(1)
+			return fmt.Errorf("unable to open the workspace: %w", err)
 		}
 		proj, err := workspace.ProjectSettings(ctx)
 		if err != nil {
-			log.Fatalw("unable to get the project settings", zap.Error(err))
-			os.Exit(1)
+			return fmt.Errorf("unable to get the project settings: %w", err)
 		}
 		log.Infow("opened a local workspace", "workspace", workDir,
 			"project", proj.Name, "runtime", proj.Runtime.Name())
@@ -145,8 +141,7 @@ var serveCmd = &cobra.Command{
 			}
 			log.Infow("installing project dependencies")
 			if err := workspace.Install(ctx, opts); err != nil {
-				log.Fatalw("installation failed", zap.Error(err))
-				os.Exit(1)
+				return fmt.Errorf("unable to install project dependencies: %w", err)
 			}
 			log.Infow("installation completed")
 		} else {
@@ -159,8 +154,7 @@ var serveCmd = &cobra.Command{
 			StackName: _stack,
 		})
 		if err != nil {
-			log.Fatalw("unable to make an automation server", zap.Error(err))
-			os.Exit(1)
+			return fmt.Errorf("unable to make an automation server: %w", err)
 		}
 		address := fmt.Sprintf("%s:%d", _host, _port)
 		log.Infow("starting the RPC server", "address", address)
@@ -170,19 +164,18 @@ var serveCmd = &cobra.Command{
 		// Start the grpc server
 		lis, err := net.Listen("tcp", address)
 		if err != nil {
-			log.Errorw("fatal: unable to start the RPC server", zap.Error(err))
-			os.Exit(1)
+			return fmt.Errorf("unable to listen on %s: %w", address, err)
 		}
 		log.Infow("server listening", "address", lis.Addr(), "workspace", workDir)
 
 		ctx, cancel := context.WithCancel(ctx)
 		setupSignalHandler(cancel)
 		if err := s.Serve(ctx, lis); err != nil {
-			log.Errorw("fatal: server failure", zap.Error(err))
-			os.Exit(1)
+			return fmt.Errorf("unexpected serve error: %w", err)
 		}
 
 		log.Infow("server stopped")
+		return nil
 	},
 }
 

diff --git a/agent/pkg/server/auth.go b/agent/pkg/server/auth.go
@@ -70,11 +70,6 @@ func formattedServiceAccountPermissionsErrorMessage() string {
 	return fmt.Sprintf(ServiceAccountPermissionsErrorMessage, saName.Namespace, saName.Name, saName.Namespace, saName.Name)
 }
 
-type AuthClient interface {
-	authenticationv1.AuthenticationV1Interface
-	authorizationv1.AuthorizationV1Interface
-}
-
 type KubeAuthOptions struct {
 	WorkspaceName types.NamespacedName
 }

diff --git a/agent/pkg/server/auth_test.go b/agent/pkg/server/auth_test.go
@@ -102,7 +102,6 @@ func TestKubernetes(t *testing.T) {
 		authHeaderValue *string
 		authn           authenticator.TokenFunc
 		authz           authorizer.AuthorizerFunc
-		wantErr         any
 		wantStatus      *grpc_status.Status
 		wantTags        gstruct.Keys
 	}{
@@ -201,13 +200,13 @@ func TestKubernetes(t *testing.T) {
 
 			if tt.authn == nil {
 				tt.authn = func(ctx context.Context, token string) (*authenticator.Response, bool, error) {
-					g.Fail("unexpected call to AuthenticateToken")
+					t.Error("unexpected call to AuthenticateToken")
 					return nil, false, nil
 				}
 			}
 			if tt.authz == nil {
 				tt.authz = func(ctx context.Context, a authorizer.Attributes) (authorized authorizer.Decision, reason string, err error) {
-					g.Fail("unexpected call to Authorize")
+					t.Error("unexpected call to Authorize")
 					return authorizer.DecisionNoOpinion, "", nil
 				}
 			}
@@ -230,10 +229,6 @@ func TestKubernetes(t *testing.T) {
 
 			// execute the auth function
 			ctx, err := kubeAuth.Authenticate(ctx)
-			if tt.wantErr != nil {
-				g.Expect(err).To(gomega.MatchError(tt.wantErr))
-				return
-			}
 
 			// validate the tags, some of which are set even if the function fails
 			if tt.wantTags != nil {

diff --git a/operator/internal/controller/auto/utils.go b/operator/internal/controller/auto/utils.go
@@ -14,10 +14,6 @@ import (
 	"google.golang.org/protobuf/types/known/structpb"
 )
 
-const (
-	ServiceAccountTokenFile = "/var/run/secrets/kubernetes.io/serviceaccount/token"
-)
-
 func connect(ctx context.Context, addr string) (*grpc.ClientConn, error) {
 	if os.Getenv("WORKSPACE_LOCALHOST") != "" {
 		addr = os.Getenv("WORKSPACE_LOCALHOST")
@@ -27,7 +23,7 @@ func connect(ctx context.Context, addr string) (*grpc.ClientConn, error) {
 	tokenFile := os.Getenv("WORKSPACE_TOKEN_FILE")
 	if token == "" && tokenFile == "" {
 		// use in-cluster configuration using the operator's service account token
-		tokenFile = ServiceAccountTokenFile
+		tokenFile = "/var/run/secrets/kubernetes.io/serviceaccount/token"
 	}
 	creds, err := agentclient.NewTokenCredentials(token, tokenFile)
 	if err != nil {