处理禁用的 Azure Key Vault 密钥保管库秘密使用 Go Azure SDK?

huangapple go评论89阅读模式
英文:

Handling a disabled azure key vault secret using go azure sdk?

问题

我正在尝试扩展一个用Go编写的Kubernetes操作员,以处理已禁用的Azure Key Vault Secrets。该操作员使用Azure SDK for Go和Azure autorest库。

我对Go非常陌生,我在处理错误时无法填充ServiceError结构体。

我正在查看的代码片段如下:(在此处查看)

	response, err := sm.client.GetSecret(ctx, fmt.Sprintf(azureVaultURLFmt, sm.azureVaultName), secretID, "")
	if err != nil {
		if e, ok := err.(autorest.DetailedError); ok && e.StatusCode.(int) == 404 {
			return []byte{}, nil
		}
		return []byte{}, err
	}

目前,它处理了缺失的密钥,如注释中所述的404 HTTP状态码。然而,我想处理读取禁用密钥时的错误情况,它会作为403出现,并在ServiceError中提供额外的错误信息。然而,无论我尝试什么,我都没有找到如何访问ServiceError结构体。

我尝试了以下代码:

		if e, ok := err.(azure.ServiceError); ok {
            log.V(0).Info("Go an azure service error")
			return []byte{}, nil
		}

但是这段代码从未被调用。

使用原始代码,我使用vscode附加了delve调试器,我可以看到e变量有一个额外的隐藏data变量,它似乎包含了ServiceErrorDetailedError结构体,但我无法访问ServiceError

DetailedError结构体上有一个ServiceError字节数组。我是否应该手动调用UnmarshallJSON或类似的方法?我认为它应该以某种方式自动执行,但我不确定如何操作。

我漏掉了什么?

英文:

I am trying an extend Kubernetes operator written in Go to handle Azure Key Vault Secrets that have been disabled. The operator is using the Azure SDK for Go as well as the Azure autorest library.

I am very new to Go and I'm struggling to populate the ServiceError struct when there is an error

The snippet of code I'm looking at is this: (see in context)

	response, err := sm.client.GetSecret(ctx, fmt.Sprintf(azureVaultURLFmt, sm.azureVaultName), secretID, "")
	if err != nil {
		if e, ok := err.(autorest.DetailedError); ok && e.StatusCode.(int) == 404 {
			return []byte{}, nil
		}
		return []byte{}, err
	}

At present it handles missing secrets as noted by the 404 http status code. However I want to handle the error situation when you read a disabled secret which surfaces as a 403, and with extra error information in the ServiceError. However, no matter what I try I haven't managed to figure out how to get at the ServiceError struct.

I tried doing:

		if e, ok := err.(azure.ServiceError); ok {
            log.V(0).Info("Go an azure service error")
			return []byte{}, nil
		}

But the code is never called.

Using the original code, I attached the delve debugger with vscode, and I can see that the e variable had an extra hidden data variable that appeared to contain both the ServiceError and DetailedError struct, but I just can't get at the ServiceError.

The DetailedError struct has a ServiceError byte array on it. Am I supposed to manually call UnmarshallJSON or something like that? I think it's supposed to magically do it for me somehow, but I'm just not sure how.

What am I missing?

答案1

得分: 0

所以我通过使用调试器并检查err对象找到了一个解决方法。虽然不是特别漂亮,但确实有效。

	response, err := sm.client.GetSecret(ctx, fmt.Sprintf(azureVaultURLFmt, sm.azureVaultName), secretID, "")
	if err != nil {
		// 我们可以忽略一些错误
		if de, ok := err.(autorest.DetailedError); ok {
			if re, ok := de.Original.(*azure.RequestError); ok {
				if re.ServiceError.Code == "SecretNotFound" {
					// 秘密不存在是可以的,因为这意味着我们将创建一个新的秘密
					return []byte{}, nil
				} else if code, ok := re.ServiceError.InnerError["code"].(string); ok && code == "SecretDisabled" {
					// 禁用的秘密也可以,因为这意味着我们将创建秘密的新版本
					return []byte{}, nil
				}
			}
		}
		return []byte{}, err
	}
英文:

So I managed to find a workaround by using a debugger and inspecting the err object. It isn't particularly pretty, but it does work.

	response, err := sm.client.GetSecret(ctx, fmt.Sprintf(azureVaultURLFmt, sm.azureVaultName), secretID, "")
	if err != nil {
		// We can ignore some errors
		if de, ok := err.(autorest.DetailedError); ok {
			if re, ok := de.Original.(*azure.RequestError); ok {
				if re.ServiceError.Code == "SecretNotFound" {
					// Secret not existing is fine, as that means we will create a new secret
					return []byte{}, nil
				} else if code, ok := re.ServiceError.InnerError["code"].(string); ok && code == "SecretDisabled" {
					// Disabled secret also fine, as it means we will create a new version of the secret
					return []byte{}, nil
				}
			}
		}
		return []byte{}, err
	}

huangapple
  • 本文由 发表于 2022年2月19日 19:59:35
  • 转载请务必保留本文链接:https://go.coder-hub.com/71184772.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定