Skip to content

Commit

Permalink
avoid-panic-if-oidc-do-not-exists (#208)
Browse files Browse the repository at this point in the history
* avoid-panic-if-oidc-do-not-exists

* nancy-yay
  • Loading branch information
calvix authored Nov 1, 2023
1 parent 1748938 commit d4c0d9c
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 0 deletions.
1 change: 1 addition & 0 deletions .nancy-ignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ CVE-2019-10743 until=2023-12-31
CVE-2022-29153 until=2023-12-31
CVE-2019-19355 until=2023-12-31
CVE-2023-3978
CVE-2023-39325

# pkg:golang/github.com/hashicorp/consul/[email protected]
CVE-2021-41803 until=2023-12-31
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

- Remove SecretReconciler.
- Refactor Reconcilers.
- Do not panic when OIDC setting is missing for EKS cluster.

### Added

Expand Down
5 changes: 5 additions & 0 deletions pkg/iam/error.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,13 @@ package iam
import (
"github.com/aws/aws-sdk-go/aws/awserr"
awsiam "github.com/aws/aws-sdk-go/service/iam"
"github.com/giantswarm/microerror"
)

var invalidClusterError = &microerror.Error{
Kind: "invalidClusterError",
}

func IsNotFound(err error) bool {
if aerr, ok := err.(awserr.Error); ok {
if aerr.Code() == awsiam.ErrCodeNoSuchEntityException {
Expand Down
3 changes: 3 additions & 0 deletions pkg/iam/iam.go
Original file line number Diff line number Diff line change
Expand Up @@ -597,6 +597,9 @@ func (s *IAMService) GetIRSAOpenIDForEKS(clusterName string) (string, error) {
if err != nil {
return "", microerror.Mask(err)
}
if cluster == nil || cluster.Cluster == nil || cluster.Cluster.Identity == nil || cluster.Cluster.Identity.Oidc == nil || cluster.Cluster.Identity.Oidc.Issuer == nil {
return "", microerror.Maskf(invalidClusterError, "cluster %s does not have OIDC identity", clusterName)
}

id := strings.TrimPrefix(*cluster.Cluster.Identity.Oidc.Issuer, "https://")

Expand Down

0 comments on commit d4c0d9c

Please sign in to comment.