From 80f9b1b636704ebad6ebb8df97c5e81dc4f815f9 Mon Sep 17 00:00:00 2001 From: Jesse Suen Date: Thu, 11 Jan 2018 04:51:35 -0800 Subject: [PATCH] Improve the error message when insufficent RBAC privileges is detected (resolves #659) --- cmd/argo/commands/get.go | 5 +++++ workflow/controller/operator.go | 11 +++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/cmd/argo/commands/get.go b/cmd/argo/commands/get.go index f9f4a6460cd8..89f83394e567 100644 --- a/cmd/argo/commands/get.go +++ b/cmd/argo/commands/get.go @@ -71,6 +71,11 @@ func printWorkflowHelper(wf *wfv1.Workflow) { const fmtStr = "%-17s %v\n" fmt.Printf(fmtStr, "Name:", wf.ObjectMeta.Name) fmt.Printf(fmtStr, "Namespace:", wf.ObjectMeta.Namespace) + serviceAccount := wf.Spec.ServiceAccountName + if serviceAccount == "" { + serviceAccount = "default" + } + fmt.Printf(fmtStr, "ServiceAccount:", serviceAccount) fmt.Printf(fmtStr, "Status:", worklowStatus(wf)) if wf.Status.Message != "" { fmt.Printf(fmtStr, "Message:", wf.Status.Message) diff --git a/workflow/controller/operator.go b/workflow/controller/operator.go index 031e613459d7..1355dfc18b30 100644 --- a/workflow/controller/operator.go +++ b/workflow/controller/operator.go @@ -501,13 +501,20 @@ func inferFailedReason(pod *apiv1.Pod) (wfv1.NodePhase, string) { continue } if ctr.Name == common.WaitContainerName { - errMsg := fmt.Sprintf("failed to save artifacts") + errDetails := "" for _, msg := range []string{annotatedMsg, ctr.State.Terminated.Message} { if msg != "" { - errMsg += ": " + msg + errDetails = msg break } } + if errDetails == "" { + // executor is expected to annotate a message to the pod upon any errors. + // If we failed to see the annotated message, it is likely the pod ran with + // insufficient privileges. Give a hint to that effect. + errDetails = fmt.Sprintf("verify serviceaccount %s:%s has necessary privileges", pod.ObjectMeta.Namespace, pod.Spec.ServiceAccountName) + } + errMsg := fmt.Sprintf("failed to save outputs: %s", errDetails) failMessages[ctr.Name] = errMsg } else { if ctr.State.Terminated.Message != "" {