Merge pull request #1499 from porter-dev/belanger/hotfix-gcr-pull

[POR-267] Don't always return GCR token from cache

api/server/handlers/registry/get_token.go

@@ -130,15 +130,19 @@ func (c *RegistryGetGCRTokenHandler) ServeHTTP(w http.ResponseWriter, r *http.Re
 		if reg.GCPIntegrationID != 0 && strings.Contains(reg.URL, request.ServerURL) {
 			_reg := registry.Registry(*reg)
 
-			tokenCache, err := _reg.GetGCRToken(c.Repo())
+			oauthTok, err := _reg.GetGCRToken(c.Repo())
 
-			if err != nil {
+			// if the oauth token is not nil, but the error is not nil, we still return the token
+			// but log an error
+			if oauthTok != nil && err != nil {
+				c.HandleAPIErrorNoWrite(w, r, apierrors.NewErrInternal(err))
+			} else if err != nil {
 				c.HandleAPIError(w, r, apierrors.NewErrInternal(err))
 				return
 			}
 
-			token = string(tokenCache.Token)
-			expiresAt = &tokenCache.Expiry
+			token = oauthTok.AccessToken
+			expiresAt = &oauthTok.Expiry
 			break
 		}
 	}

internal/kubernetes/config.go

@@ -313,7 +313,7 @@ func (conf *OutOfClusterConfig) CreateRawConfigFromCluster() (*api.Config, error
 			"https://www.googleapis.com/auth/cloud-platform",
 		)
 
-		if err != nil {
+		if tok == nil && err != nil {
 			return nil, err
 		}
 

internal/models/integrations/gcp.go

@@ -88,9 +88,9 @@ func (g *GCPIntegration) GetBearerToken(
 	}
 
 	// update the token cache
-	setTokenCache(tok.AccessToken, tok.Expiry)
+	err = setTokenCache(tok.AccessToken, tok.Expiry)
 
-	return tok, nil
+	return tok, err
 }
 
 // credentialsFile is the unmarshalled representation of a GCP credentials file.

internal/registry/registry.go

@@ -83,11 +83,17 @@ type gcrJWT struct {
 	ExpiresInSec int    `json:"expires_in"`
 }
 
+type gcrErr struct {
+	Code    string `json:"code"`
+	Message string `json:"message"`
+}
+
 type gcrRepositoryResp struct {
 	Repositories []string `json:"repositories"`
+	Errors       []gcrErr `json:"errors"`
 }
 
-func (r *Registry) GetGCRToken(repo repository.Repository) (*ints.TokenCache, error) {
+func (r *Registry) GetGCRToken(repo repository.Repository) (*oauth2.Token, error) {
 	getTokenCache := r.getTokenCacheFunc(repo)
 
 	gcp, err := repo.GCPIntegration().ReadGCPIntegration(
@@ -100,24 +106,11 @@ func (r *Registry) GetGCRToken(repo repository.Repository) (*ints.TokenCache, er
 	}
 
 	// get oauth2 access token
-	_, err = gcp.GetBearerToken(
+	return gcp.GetBearerToken(
 		getTokenCache,
 		r.setTokenCacheFunc(repo),
 		"https://www.googleapis.com/auth/devstorage.read_write",
 	)
-
-	if err != nil {
-		return nil, err
-	}
-
-	// it's now written to the token cache, so return
-	cache, err := getTokenCache()
-
-	if err != nil {
-		return nil, err
-	}
-
-	return cache, nil
 }
 
 func (r *Registry) listGCRRepositories(
@@ -160,6 +153,15 @@ func (r *Registry) listGCRRepositories(
 		return nil, fmt.Errorf("Could not read GCR repositories: %v", err)
 	}
 
+	if len(gcrResp.Errors) > 0 {
+		errMsg := ""
+		for _, gcrErr := range gcrResp.Errors {
+			errMsg += fmt.Sprintf(": Code %s, message %s", gcrErr.Code, gcrErr.Message)
+		}
+
+		return nil, fmt.Errorf(errMsg)
+	}
+
 	res := make([]*ptypes.RegistryRepository, 0)
 
 	parsedURL, err := url.Parse("https://" + r.URL)