Handle HTTP error codes in file loader

[sylr]

GitHub release files like https://github.com/fluxcd/helm-controller/releases/download/v0.14.0/helm-controller.crds.yaml
seems to be hosted on Azure and it seems that there are egress limits that can be reached, e.g.:

<?xml version="1.0" encoding="utf-8"?><Error><Code>ServerBusy</Code><Message>Egress is over the account limit.
RequestId:f4a46b38-001e-0046-2437-ec16e2000000
Time:2021-12-08T13:28:03.8542138Z</Message></Error>

This patch allows to have a clear Error message instead of just missing Resource metadata:

Error: accumulating resources: accumulation err='accumulating resources from 'https://github.com/fluxcd/source-controller/releases/download/v0.19.0/source-controller.crds.yaml': URL returned error 503 (Service Unavailable)': evalsymlink failure on '/private/var/folders/hq/ttl6jyh539q55fz6282w0jyc0000gn/T/kustomize-3508224975/releases/download/v0.19.0/source-controller.crds.yaml' : lstat /private/var/folders/hq/ttl6jyh539q55fz6282w0jyc0000gn/T/kustomize-3508224975/releases: no such file or directory

Signed-off-by: Sylvain Rabot [email protected]

[k8s-ci-robot]

Hi @sylr. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[KnVerey]

/ok-to-test

[k8s-ci-robot]

@sylr: This PR has multiple commits, and the default merge method is: merge.
You can request commits to be squashed using the label: tide/merge-method-squash

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[natasha41575]

If we get an HTTP error, wouldn't the line 374 ldr, err := kt.ldr.New(path) take care of this case?

[sylr]

The problem with the error handling of line 374 is that it wraps the initial error with the error of the ldr.New() call and we end up with a very long error which half does not make any sens, i.e., no such file or directory for an URL:

Error: accumulating resources: accumulation err='accumulating resources from 'https://github.com/fluxcd/source-controller/releases/download/v0.19.0/source-controller.crds.yaml': URL returned error 503 (Service Unavailable)': evalsymlink failure on '/private/var/folders/hq/ttl6jyh539q55fz6282w0jyc0000gn/T/kustomize-3508224975/releases/download/v0.19.0/source-controller.crds.yaml' : lstat /private/var/folders/hq/ttl6jyh539q55fz6282w0jyc0000gn/T/kustomize-3508224975/releases: no such file or directory

[natasha41575]

Understood, thanks! In that case, can we move these two lines to within the error handling of line 374? E.g.

			ldr, err := kt.ldr.New(path)
			if err != nil {
			    if errors.Is(errF, load.ErrorHTTP) {
				    return nil, errF
                }
				return nil, errors.Wrapf(
					err, "accumulation err='%s'", errF.Error())
			}

Perhaps this is messier, but the intent of this code is:

1. Try to load the resource as a file.
2. If that fails, then regardless of the reason for the error, try to load it as a directory.
3. If that also fails, return the error from step 1.

I would like to keep the code as close to its original thought process as possible, while still supporting the improved error message you've added.

[sylr]

I don't like it to be honest, this feels really weird.

[natasha41575]

Can you elaborate? My intent is so that the code is changed as little as possible while still handling your error case. If we are improving the error message, IMO the check should go in the error handling. It will be helpful to have more justification than "this feels really weird" if you want to put it elsewhere.

[thatsmydoing]

It would be very strange to expect that to load from the filesystem, and if it is somehow happening, I don't think it is behaviour we should preserve.

Unfortunately, that code path also handles remote bases which can have https schemes and it does cause breakage.

[sylr]

Can you share a kustomization example that reproduces the breakage you are talking about ? Thank you.

[natasha41575]

It appears the test changed by #4030 used to pass and may have been broken by this PR. @sylr Would you be able to investigate and confirm?

[thatsmydoing]

resources:
  - https://github.com/kubernetes-sigs/kustomize.git//examples/multibases/dev/?ref=v1.0.6

works fine in kustomize 4.4 but gives a 404 not found error in 4.5

[sylr]

@natasha41575 absolutely, I'll try to fix that today or tomorrow.

[natasha41575]

So the error we will get is accumulating resources: accumulating resources from 'https://github.com/thisisa404.yaml': HTTP error: status code 404 (not found). That's a pretty good description, probably much more helpful than whatever we were outputting before.

[natasha41575]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: natasha41575, sylr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [natasha41575]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment