From 539e6577a4bc95b3903fa7b49935a2296529e8e1 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Wed, 2 Sep 2020 15:03:12 +0000 Subject: [PATCH] Better ingress error message on permission denied --- pkg/broker/ingress/handler.go | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/pkg/broker/ingress/handler.go b/pkg/broker/ingress/handler.go index c766204415..4329e93c35 100644 --- a/pkg/broker/ingress/handler.go +++ b/pkg/broker/ingress/handler.go @@ -34,6 +34,8 @@ import ( "github.com/google/wire" "go.opencensus.io/trace" "go.uber.org/zap" + grpccode "google.golang.org/grpc/codes" + grpcstatus "google.golang.org/grpc/status" "k8s.io/apimachinery/pkg/types" "knative.dev/eventing/pkg/kncloudevents" "knative.dev/eventing/pkg/logging" @@ -52,6 +54,11 @@ const ( // For probes. heathCheckPath = "/healthz" + + // for permission denied error msg + // TODO(cathyzhyi) point to official doc rather than github doc + deniedErrMsg string = `Failed to publish to PubSub because permission denied. +Please refer to "Configure the Authentication Mechanism for GCP" at https://github.com/google/knative-gcp/blob/master/docs/install/install-gcp-broker.md` ) // HandlerSet provides a handler with a real HTTPMessageReceiver and pubsub MultiTopicDecoupleSink. @@ -158,10 +165,15 @@ func (h *Handler) ServeHTTP(response nethttp.ResponseWriter, request *nethttp.Re if res := h.decouple.Send(ctx, broker, *event); !cev2.IsACK(res) { h.logger.Error("Error publishing to PubSub", zap.String("broker", broker.String()), zap.Error(res)) statusCode = nethttp.StatusInternalServerError - if errors.Is(res, ErrNotFound) { + + switch { + case errors.Is(res, ErrNotFound): statusCode = nethttp.StatusNotFound - } else if errors.Is(res, ErrNotReady) { + case errors.Is(res, ErrNotReady): statusCode = nethttp.StatusServiceUnavailable + case grpcstatus.Code(res) == grpccode.PermissionDenied: + nethttp.Error(response, deniedErrMsg, statusCode) + return } nethttp.Error(response, "Failed to publish to PubSub", statusCode) return