Skip to content

Commit

Permalink
controller: add credential check on startup
Browse files Browse the repository at this point in the history
  • Loading branch information
@torresdal
torresdal committed Feb 25, 2021
1 parent c0ba6bd commit ea38e3e
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 2 deletions.
12 changes: 12 additions & 0 deletions cmd/azure-keyvault-controller/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,12 @@ func main() {
os.Exit(1)
}

err = validateCredentials(vaultAuth)
if err != nil {
klog.ErrorS(err, "failed to get authorizer from azure key vault credentials")
os.Exit(1)
}

vaultService := vault.NewService(vaultAuth)
recorder := eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: controllerAgentName})

Expand All @@ -170,6 +176,12 @@ func main() {
controller.Run(stopCh)
}

func validateCredentials(credentials credentialprovider.Credentials) error {
klog.V(4).InfoS("checking credentials by getting authorizer")
_, err := credentials.Authorizer()
return err
}

func createMetricsServer(metricsPort string) {
router := mux.NewRouter()
httpURL := fmt.Sprintf(":%s", metricsPort)
Expand Down
4 changes: 2 additions & 2 deletions cmd/azure-keyvault-secrets-webhook/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -367,8 +367,8 @@ func getCredentials() (credentialprovider.Credentials, credentialprovider.Creden
}

func validateCredentials(credentials credentialprovider.Credentials) error {
klog.V(4).InfoS("checking credentials by getting authorizer from credentials")
_, err := config.credentials.Authorizer()
klog.V(4).InfoS("checking credentials by getting authorizer")
_, err := credentials.Authorizer()
return err
}

Expand Down

0 comments on commit ea38e3e

Please sign in to comment.