From de448a8cb3ec39f110aa9831099ebf176a40dac4 Mon Sep 17 00:00:00 2001 From: Abhijit Mukherjee Date: Mon, 27 Feb 2023 15:06:57 +0530 Subject: [PATCH] handled no record found during connect cluster with no org setting set (#168) Signed-off-by: mabhi --- pkg/sentry/authz/authz.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/pkg/sentry/authz/authz.go b/pkg/sentry/authz/authz.go index 76427f1..2c2b087 100644 --- a/pkg/sentry/authz/authz.go +++ b/pkg/sentry/authz/authz.go @@ -320,6 +320,7 @@ func GetAuthorization(ctx context.Context, req *sentryrpc.GetUserAuthorizationRe var rolePrevilage int var highestRole string var enforceOrgAdminOnlySecretAccess, isOrgAdmin bool + const defaultSaValiditySeconds = 28800 resp = new(sentryrpc.GetUserAuthorizationResponse) @@ -329,13 +330,19 @@ func GetAuthorization(ctx context.Context, req *sentryrpc.GetUserAuthorizationRe orgID := cnAttr.OrganizationID partnerID := cnAttr.PartnerID // fetch at org level - ks, err := kss.Get(ctx, orgID, "", cnAttr.IsSSO) - if err != nil { + kubeSetting, err := kss.Get(ctx, orgID, "", cnAttr.IsSSO) + if err == constants.ErrNotFound { + // set default org level settings + kubeSetting = &sentry.KubeconfigSetting{ + SaValiditySeconds: defaultSaValiditySeconds, + } + + } else if err != nil { _log.Errorf("unable to fetch k8s service as per org level kubectl settings for orgID:%s %v", orgID, cnAttr.IsSSO) return nil, fmt.Errorf("unable to fetch k8s service %s", err.Error()) } - expiryTime := time.Now().Add(time.Second * time.Duration(ks.SaValiditySeconds)).Unix() + expiryTime := time.Now().Add(time.Second * time.Duration(kubeSetting.SaValiditySeconds)).Unix() fmtSaValidityDuration := strconv.FormatInt(expiryTime, 10) if cnAttr.SystemUser { return getSystemUserAuthz(cnAttr, fmtSaValidityDuration)