fix: expose Cloudflare token errors in GatewayClass condition

Signed-off-by: Tom Plant <[email protected]>
pl4nty · Oct 13, 2024 · 4f07230 · 4f07230
1 parent fb68395
commit 4f07230
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/internal/controller/gatewayclass_controller.go b/internal/controller/gatewayclass_controller.go
@@ -2,6 +2,7 @@ package controller
 
 import (
 	"context"
+	"fmt"
 	"time"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -56,22 +57,28 @@ func (r *GatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request
 	}
 
 	// validate parameters
-	var ok bool
+	msg := ""
 	_, api, err := InitCloudflareApi(ctx, r.Client, gatewayClass.Name)
 	if err == nil {
 		token, err := api.User.Tokens.Verify(ctx)
 		if err == nil {
-			ok = token.Status == "active"
+			if token.Status != "active" {
+				msg = fmt.Sprintf("Token status is %s, is not active. Please check the Cloudflare dashboard", token.Status)
+			}
+		} else {
+			msg = err.Error() + " Ensure ACCOUNT_ID and TOKEN are valid"
 		}
+	} else {
+		msg = err.Error() + " Ensure ACCOUNT_ID and TOKEN are set"
 	}
 
 	var condition metav1.Condition
-	if !ok {
+	if msg != "" {
 		condition = metav1.Condition{
 			Type:               string(gatewayv1.GatewayClassConditionStatusAccepted),
 			Status:             metav1.ConditionFalse,
 			Reason:             string(gatewayv1.GatewayClassReasonInvalidParameters),
-			Message:            "Unable to initialize Cloudflare API from secret in GatewayClass parameterRef. Ensure ACCOUNT_ID and TOKEN are set",
+			Message:            "Unable to initialize Cloudflare API. " + msg,
 			ObservedGeneration: gatewayClass.Generation,
 		}
 	} else {