From d4c0d9c5c6d70001ddd0d10a6b7631e3208a7ca5 Mon Sep 17 00:00:00 2001 From: calvix Date: Wed, 1 Nov 2023 08:03:47 +0100 Subject: [PATCH] avoid-panic-if-oidc-do-not-exists (#208) * avoid-panic-if-oidc-do-not-exists * nancy-yay --- .nancy-ignore | 1 + CHANGELOG.md | 1 + pkg/iam/error.go | 5 +++++ pkg/iam/iam.go | 3 +++ 4 files changed, 10 insertions(+) diff --git a/.nancy-ignore b/.nancy-ignore index dd6bf497..388bd1c7 100644 --- a/.nancy-ignore +++ b/.nancy-ignore @@ -2,6 +2,7 @@ CVE-2019-10743 until=2023-12-31 CVE-2022-29153 until=2023-12-31 CVE-2019-19355 until=2023-12-31 CVE-2023-3978 +CVE-2023-39325 # pkg:golang/github.com/hashicorp/consul/sdk@v0.13.0 CVE-2021-41803 until=2023-12-31 diff --git a/CHANGELOG.md b/CHANGELOG.md index 235ec806..032e8767 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Remove SecretReconciler. - Refactor Reconcilers. +- Do not panic when OIDC setting is missing for EKS cluster. ### Added diff --git a/pkg/iam/error.go b/pkg/iam/error.go index c70f2828..fd5c9981 100644 --- a/pkg/iam/error.go +++ b/pkg/iam/error.go @@ -3,8 +3,13 @@ package iam import ( "github.com/aws/aws-sdk-go/aws/awserr" awsiam "github.com/aws/aws-sdk-go/service/iam" + "github.com/giantswarm/microerror" ) +var invalidClusterError = µerror.Error{ + Kind: "invalidClusterError", +} + func IsNotFound(err error) bool { if aerr, ok := err.(awserr.Error); ok { if aerr.Code() == awsiam.ErrCodeNoSuchEntityException { diff --git a/pkg/iam/iam.go b/pkg/iam/iam.go index d27d8e4f..61e31304 100644 --- a/pkg/iam/iam.go +++ b/pkg/iam/iam.go @@ -597,6 +597,9 @@ func (s *IAMService) GetIRSAOpenIDForEKS(clusterName string) (string, error) { if err != nil { return "", microerror.Mask(err) } + if cluster == nil || cluster.Cluster == nil || cluster.Cluster.Identity == nil || cluster.Cluster.Identity.Oidc == nil || cluster.Cluster.Identity.Oidc.Issuer == nil { + return "", microerror.Maskf(invalidClusterError, "cluster %s does not have OIDC identity", clusterName) + } id := strings.TrimPrefix(*cluster.Cluster.Identity.Oidc.Issuer, "https://")