VDS: Log and record Vault request failures #508

benashz · 2023-12-08T13:11:28Z

The VDS controller failed to report whenever a secret sync action had failed. With this PR all secret failures are recorded to the event recorder and logged.

Sample log output:

2023-12-08T13:26:25Z    ERROR   syncSecret      Vault request failed    {"controller": "vaultdynamicsecret", "controllerGroup": "secrets.hashicorp.com", "controllerKind": "VaultDynamicSecret", "VaultDynamicSecret": {"name":"create-static-create-static-creds-0","namespace":"vds-a1xdxdsw4y-k8s-ns"}, "namespace": "vds-a1xdxdsw4y-k8s-ns", "name": "create-static-create-static-creds-0", "reconcileID": "24d2a885-2123-4295-a2f3-98333ff59f10", "path": "vds-a1xdxdsw4y-db/static-creds/dev-postgres-static", "method": "GET", "error": "Error making API request.\n\nURL: GET http://vault.vault.svc.cluster.local:8200/v1/vds-a1xdxdsw4y-db/static-creds/dev-postgres-static\nCode: 403. Errors:\n\n* 1 error occurred:\n\t* permission denied\n\n"}
github.com/hashicorp/vault-secrets-operator/controllers.(*VaultDynamicSecretReconciler).syncSecret
        /workspace/controllers/vaultdynamicsecret_controller.go:304
github.com/hashicorp/vault-secrets-operator/controllers.(*VaultDynamicSecretReconciler).Reconcile
        /workspace/controllers/vaultdynamicsecret_controller.go:210
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile
        /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:119
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
        /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:316
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
        /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
        /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227

Sample event:

6m34s       Warning   SecretSyncError   vaultdynamicsecret/create-static-create-static-creds-0   Failed to sync the secret, horizon=6.60288929s, err=Error making API request....

Fixes #507

adrianmoisey · 2023-12-08T13:17:55Z

This fix looks like exactly what I was looking for, thanks!

kschoche

Lgtm

benashz requested a review from a team as a code owner December 8, 2023 13:11

benashz requested review from kschoche and tvoran December 8, 2023 13:17

benashz added this to the v0.4.3 milestone Dec 8, 2023

VDS: Log and record Vault request failures

6dafc2e

benashz force-pushed the VAULT-22567/vds-report-all-syncSecret-errors branch from 6a02913 to 6dafc2e Compare December 8, 2023 13:26

kschoche approved these changes Dec 8, 2023

View reviewed changes

benashz merged commit b4a7416 into main Dec 8, 2023

benashz deleted the VAULT-22567/vds-report-all-syncSecret-errors branch December 8, 2023 15:12

adrianmoisey pushed a commit to adrianmoisey/vault-secrets-operator that referenced this pull request Jan 16, 2024

VDS: Log and record Vault request failures (hashicorp#508)

2153598

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

VDS: Log and record Vault request failures #508

VDS: Log and record Vault request failures #508

benashz commented Dec 8, 2023 •

edited

Loading

adrianmoisey commented Dec 8, 2023

kschoche left a comment

VDS: Log and record Vault request failures #508

VDS: Log and record Vault request failures #508

Conversation

benashz commented Dec 8, 2023 • edited Loading

adrianmoisey commented Dec 8, 2023

kschoche left a comment

Choose a reason for hiding this comment

benashz commented Dec 8, 2023 •

edited

Loading