[image-builder-mk3] log errors for auth

kylos101 · kylos101 · commit 8082e7634a7b · 2023-08-28T21:26:22.000Z
This will help us troubleshoot:
* credential reload via watch
* potential ECR authN issues
* potential additionalAuth issues
diff --git a/components/image-builder-mk3/pkg/auth/auth.go b/components/image-builder-mk3/pkg/auth/auth.go
@@ -64,11 +64,13 @@ func (a *DockerConfigFileAuth) loadFromFile(fn string) (err error) {
 	defer func() {
 		if err != nil {
 			err = fmt.Errorf("error loading Docker config from %s: %w", fn, err)
+			log.WithError(err).Errorf("Failed loading from file: %s", fn)
 		}
 	}()
 
 	cntnt, err := os.ReadFile(fn)
 	if err != nil {
+		log.WithError(err).Errorf("Failed reading file: %s", fn)
 		return err
 	}
 	hash := sha256.New()
@@ -83,6 +85,7 @@ func (a *DockerConfigFileAuth) loadFromFile(fn string) (err error) {
 	cfg := configfile.New(fn)
 	err = cfg.LoadFromReader(bytes.NewReader(cntnt))
 	if err != nil {
+		log.WithError(err).Errorf("Read file failed: %s", fn)
 		return err
 	}
 
@@ -159,6 +162,7 @@ func (ath *ECRAuthenticator) Authenticate(ctx context.Context, registry string)
 	if time.Since(ath.ecrAuthLastRefreshTime) > ecrTokenRefreshTime {
 		tknout, err := ath.ecrc.GetAuthorizationToken(ctx, &ecr.GetAuthorizationTokenInput{})
 		if err != nil {
+			log.WithError(err).Errorf("Failed getting auth token")
 			return nil, err
 		}
 		if len(tknout.AuthorizationData) == 0 {
@@ -167,6 +171,7 @@ func (ath *ECRAuthenticator) Authenticate(ctx context.Context, registry string)
 
 		pwd, err := base64.StdEncoding.DecodeString(aws.ToString(tknout.AuthorizationData[0].AuthorizationToken))
 		if err != nil {
+			log.WithError(err).Errorf("Failed decoding token")
 			return nil, err
 		}
 
@@ -299,6 +304,7 @@ func (a AllowedAuthFor) GetAuthFor(ctx context.Context, auth RegistryAuthenticat
 
 	ref, err := reference.ParseNormalizedNamed(refstr)
 	if err != nil {
+		log.WithError(err).Errorf("Failed parsing normalized name")
 		return nil, xerrors.Errorf("cannot parse image ref: %v", err)
 	}
 	reg := reference.Domain(ref)
@@ -359,6 +365,8 @@ func (a AllowedAuthFor) additionalAuth(domain string) *Authentication {
 			res.Username = segs[0]
 			res.Password = strings.Join(segs[1:], ":")
 		}
+	} else {
+		log.WithError(err).Errorf("Failed getting additional auth")
 	}
 	return res
 }

Original file line number	Diff line number	Diff line change
`@@ -64,11 +64,13 @@ func (a *DockerConfigFileAuth) loadFromFile(fn string) (err error) {`
`64`	`64`	`defer func() {`
`65`	`65`	`if err != nil {`
`66`	`66`	`err = fmt.Errorf("error loading Docker config from %s: %w", fn, err)`
	`67`	`+ log.WithError(err).Errorf("Failed loading from file: %s", fn)`
`67`	`68`	`}`
`68`	`69`	`}()`
`69`	`70`
`70`	`71`	`cntnt, err := os.ReadFile(fn)`
`71`	`72`	`if err != nil {`
	`73`	`+ log.WithError(err).Errorf("Failed reading file: %s", fn)`
`72`	`74`	`return err`
`73`	`75`	`}`
`74`	`76`	`hash := sha256.New()`
`@@ -83,6 +85,7 @@ func (a *DockerConfigFileAuth) loadFromFile(fn string) (err error) {`
`83`	`85`	`cfg := configfile.New(fn)`
`84`	`86`	`err = cfg.LoadFromReader(bytes.NewReader(cntnt))`
`85`	`87`	`if err != nil {`
	`88`	`+ log.WithError(err).Errorf("Read file failed: %s", fn)`
`86`	`89`	`return err`
`87`	`90`	`}`
`88`	`91`
`@@ -159,6 +162,7 @@ func (ath *ECRAuthenticator) Authenticate(ctx context.Context, registry string)`
`159`	`162`	`if time.Since(ath.ecrAuthLastRefreshTime) > ecrTokenRefreshTime {`
`160`	`163`	`tknout, err := ath.ecrc.GetAuthorizationToken(ctx, &ecr.GetAuthorizationTokenInput{})`
`161`	`164`	`if err != nil {`
	`165`	`+ log.WithError(err).Errorf("Failed getting auth token")`
`162`	`166`	`return nil, err`
`163`	`167`	`}`
`164`	`168`	`if len(tknout.AuthorizationData) == 0 {`
`@@ -167,6 +171,7 @@ func (ath *ECRAuthenticator) Authenticate(ctx context.Context, registry string)`
`167`	`171`
`168`	`172`	`pwd, err := base64.StdEncoding.DecodeString(aws.ToString(tknout.AuthorizationData[0].AuthorizationToken))`
`169`	`173`	`if err != nil {`
	`174`	`+ log.WithError(err).Errorf("Failed decoding token")`
`170`	`175`	`return nil, err`
`171`	`176`	`}`
`172`	`177`
`@@ -299,6 +304,7 @@ func (a AllowedAuthFor) GetAuthFor(ctx context.Context, auth RegistryAuthenticat`
`299`	`304`
`300`	`305`	`ref, err := reference.ParseNormalizedNamed(refstr)`
`301`	`306`	`if err != nil {`
	`307`	`+ log.WithError(err).Errorf("Failed parsing normalized name")`
`302`	`308`	`return nil, xerrors.Errorf("cannot parse image ref: %v", err)`
`303`	`309`	`}`
`304`	`310`	`reg := reference.Domain(ref)`
`@@ -359,6 +365,8 @@ func (a AllowedAuthFor) additionalAuth(domain string) *Authentication {`
`359`	`365`	`res.Username = segs[0]`
`360`	`366`	`res.Password = strings.Join(segs[1:], ":")`
`361`	`367`	`}`
	`368`	`+ } else {`
	`369`	`+ log.WithError(err).Errorf("Failed getting additional auth")`
`362`	`370`	`}`
`363`	`371`	`return res`
`364`	`372`	`}`