英文:
Handling a disabled azure key vault secret using go azure sdk?
问题
我正在尝试扩展一个用Go编写的Kubernetes操作员,以处理已禁用的Azure Key Vault Secrets。该操作员使用Azure SDK for Go和Azure autorest库。
我对Go非常陌生,我在处理错误时无法填充ServiceError结构体。
我正在查看的代码片段如下:(在此处查看)
response, err := sm.client.GetSecret(ctx, fmt.Sprintf(azureVaultURLFmt, sm.azureVaultName), secretID, "")
if err != nil {
if e, ok := err.(autorest.DetailedError); ok && e.StatusCode.(int) == 404 {
return []byte{}, nil
}
return []byte{}, err
}
目前,它处理了缺失的密钥,如注释中所述的404 HTTP状态码。然而,我想处理读取禁用密钥时的错误情况,它会作为403出现,并在ServiceError
中提供额外的错误信息。然而,无论我尝试什么,我都没有找到如何访问ServiceError结构体。
我尝试了以下代码:
if e, ok := err.(azure.ServiceError); ok {
log.V(0).Info("Go an azure service error")
return []byte{}, nil
}
但是这段代码从未被调用。
使用原始代码,我使用vscode附加了delve调试器,我可以看到e
变量有一个额外的隐藏data
变量,它似乎包含了ServiceError
和DetailedError
结构体,但我无法访问ServiceError
。
DetailedError结构体上有一个ServiceError
字节数组。我是否应该手动调用UnmarshallJSON
或类似的方法?我认为它应该以某种方式自动执行,但我不确定如何操作。
我漏掉了什么?
英文:
I am trying an extend Kubernetes operator written in Go to handle Azure Key Vault Secrets that have been disabled. The operator is using the Azure SDK for Go as well as the Azure autorest library.
I am very new to Go and I'm struggling to populate the ServiceError struct when there is an error
The snippet of code I'm looking at is this: (see in context)
response, err := sm.client.GetSecret(ctx, fmt.Sprintf(azureVaultURLFmt, sm.azureVaultName), secretID, "")
if err != nil {
if e, ok := err.(autorest.DetailedError); ok && e.StatusCode.(int) == 404 {
return []byte{}, nil
}
return []byte{}, err
}
At present it handles missing secrets as noted by the 404 http status code. However I want to handle the error situation when you read a disabled secret which surfaces as a 403, and with extra error information in the ServiceError
. However, no matter what I try I haven't managed to figure out how to get at the ServiceError struct.
I tried doing:
if e, ok := err.(azure.ServiceError); ok {
log.V(0).Info("Go an azure service error")
return []byte{}, nil
}
But the code is never called.
Using the original code, I attached the delve debugger with vscode, and I can see that the e
variable had an extra hidden data
variable that appeared to contain both the ServiceError
and DetailedError
struct, but I just can't get at the ServiceError
.
The DetailedError struct has a ServiceError
byte array on it. Am I supposed to manually call UnmarshallJSON
or something like that? I think it's supposed to magically do it for me somehow, but I'm just not sure how.
What am I missing?
答案1
得分: 0
所以我通过使用调试器并检查err
对象找到了一个解决方法。虽然不是特别漂亮,但确实有效。
response, err := sm.client.GetSecret(ctx, fmt.Sprintf(azureVaultURLFmt, sm.azureVaultName), secretID, "")
if err != nil {
// 我们可以忽略一些错误
if de, ok := err.(autorest.DetailedError); ok {
if re, ok := de.Original.(*azure.RequestError); ok {
if re.ServiceError.Code == "SecretNotFound" {
// 秘密不存在是可以的,因为这意味着我们将创建一个新的秘密
return []byte{}, nil
} else if code, ok := re.ServiceError.InnerError["code"].(string); ok && code == "SecretDisabled" {
// 禁用的秘密也可以,因为这意味着我们将创建秘密的新版本
return []byte{}, nil
}
}
}
return []byte{}, err
}
英文:
So I managed to find a workaround by using a debugger and inspecting the err
object. It isn't particularly pretty, but it does work.
response, err := sm.client.GetSecret(ctx, fmt.Sprintf(azureVaultURLFmt, sm.azureVaultName), secretID, "")
if err != nil {
// We can ignore some errors
if de, ok := err.(autorest.DetailedError); ok {
if re, ok := de.Original.(*azure.RequestError); ok {
if re.ServiceError.Code == "SecretNotFound" {
// Secret not existing is fine, as that means we will create a new secret
return []byte{}, nil
} else if code, ok := re.ServiceError.InnerError["code"].(string); ok && code == "SecretDisabled" {
// Disabled secret also fine, as it means we will create a new version of the secret
return []byte{}, nil
}
}
}
return []byte{}, err
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论