check twice for forbidden before return (fixes #554)#555
Conversation
Signed-off-by: Sebastian Höffner <info@sebastian-hoeffner.de>
shoeffner
force-pushed
the
forbidden-check
branch
from
82967f6 to
c5ba117
Compare
|
I signed-off the commit and force-pushed it, the changes remain the same. |
|
hi @shoeffner |
|
Hm, you are right, using an else instead might already do the trick, or am I missing something? Have to try it out though. diff --git a/client/client.go b/client/client.go
index 09564f1..40dc56c 100644
--- a/client/client.go
+++ b/client/client.go
@@ -116,8 +116,9 @@ func (c *Client) SendRequest(method string, path string, payload interface{}, st
return "", "", http.StatusBadGateway, err
}
}
+ } else {
+ return "", "", resp.StatusCode, fmt.Errorf("[ERROR] forbidden: status=%s, code=%d \nIf you are using a robot account, this is likely due to RBAC limitations. See: https://github.com/goharbor/community/blob/main/proposals/new/Robot-Account-Expand.md", resp.Status, resp.StatusCode)
}
- return "", "", resp.StatusCode, fmt.Errorf("[ERROR] forbidden: status=%s, code=%d \nIf you are using a robot account, this is likely due to RBAC limitations. See: https://github.com/goharbor/community/blob/main/proposals/new/Robot-Account-Expand.md", resp.Status, resp.StatusCode)
}
body, err := io.ReadAll(resp.Body) |
|
No, I remember: The reason is that otherwise an unsuccessful login attempt via OIDC will not get the same error message but fall into With the second check, we can present the forbidden message to both, actual robots and failed OIDC attempts (because the |
|
indeed, thank you! |
2 participants
5248a3a introduced better error handling for FORBIDDEN errors.
This caused a slight regression in the authentication handling for OIDC logins (introduced in #497).
This PR moves the error message outside of the "retry" block.