Giters

gardener / gardener-extension-provider-azure

Gardener extension controller for the Azure cloud provider (https://azure.microsoft.com).

Home Page:https://gardener.cloud

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Error code not added

ialidzhikov opened this issue · comments

commented

How to categorize this issue?

/area quality
/area ops-productivity
/kind bug
/kind regression
/platform azure

What happened:
Worker is failing to be deleted with the following error:

status:
  lastError:
    description: 'Error deleting Worker: Failed while waiting for all machine resources
      to be deleted: machine shoot--foo--bar-bar-wrk-z2-85796-nrlwz failed:
      Error occurred with decoding machine error status while getting VM status, aborting
      without retry. machine code: machine codes error: code = [Internal] message
      = [azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for
      request to https://management.azure.com/subscriptions/<uid>/resourcegroups/shoot--foo--bar?api-version=2020-10-01:
      StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code
      = ''401''. Response body: {"error":"invalid_client","error_description":"AADSTS7000222:
      The provided client secret keys for app ''<uid>''
      are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret,
      or consider using certificate credentials for added security: https://aka.ms/certCreds.\r\nTrace
      ID: <uid>\r\nCorrelation ID: <uid>\r\nTimestamp:
      2023-04-06 23:11:05Z","error_codes":[7000222],"timestamp":"2023-04-06 23:11:05Z","trace_id":"<uid>","correlation_id":"<uid>","error_uri":"https://login.microsoftonline.com/error?code=7000222"}
      Endpoint https://login.microsoftonline.com/<uid>/oauth2/token?api-version=1.0]
      Set machine status to termination. Now, getting VM Status'
    lastUpdateTime: "2023-04-06T23:34:58Z"

This error message should have been categotized as ERR_INFRA_UNAUTHENTICATED as it contains the string invalid_client which should be matched in

gardener-extension-provider-azure/pkg/apis/azure/helper/error_codes.go

Line 24 in 5277ad3

unauthenticatedRegexp = regexp.MustCompile(`(?i)(InvalidAuthenticationTokenTenant|Authentication failed|invalid character|invalid_client|InvalidAccessKeyId|cannot fetch token|InvalidSecretAccessKey|InvalidSubscriptionId)`)

What you expected to happen:
The Worker lastError to have the error code ERR_INFRA_UNAUTHENTICATED added.

How to reproduce it (as minimally and precisely as possible):
See above.

Anything else we need to know?:

Environment:

  • Gardener version (if relevant):
  • Extension version: v1.34.2
  • Kubernetes version (use kubectl version):
  • Cloud provider or hardware configuration:
  • Others:
commented

Fixed by #681
/close