devtron-labs · gireesh-naidu · Sep 17, 2024 · Sep 17, 2024
@@ -86,7 +86,7 @@ type HelmAppService interface {
 	UpdateApplicationWithChartInfoWithExtraValues(ctx context.Context, appIdentifier *helmBean.AppIdentifier, chartRepository *gRPC.ChartRepository, extraValues map[string]interface{}, extraValuesYamlUrl string, useLatestChartVersion bool) (*openapi.UpdateReleaseResponse, error)
 	TemplateChart(ctx context.Context, templateChartRequest *openapi2.TemplateChartRequest) (*openapi2.TemplateChartResponse, error)
 	GetNotes(ctx context.Context, request *gRPC.InstallReleaseRequest) (string, error)
-	ValidateOCIRegistry(ctx context.Context, OCIRegistryRequest *gRPC.RegistryCredential) bool
+	ValidateOCIRegistry(ctx context.Context, OCIRegistryRequest *gRPC.RegistryCredential) (bool, error)
 	GetRevisionHistoryMaxValue(appType bean.SourceAppType) int32
 	GetResourceTreeForExternalResources(ctx context.Context, clusterId int, clusterConfig *gRPC.ClusterConfig, resources []*gRPC.ExternalResourceDetail) (*gRPC.ResourceTreeResponse, error)
 	CheckIfNsExistsForClusterIds(clusterIdToNsMap map[int]string) error
@@ -1022,13 +1022,13 @@ func (impl *HelmAppServiceImpl) GetNotes(ctx context.Context, request *gRPC.Inst
 	return notesTxt, err
 }
 
-func (impl *HelmAppServiceImpl) ValidateOCIRegistry(ctx context.Context, OCIRegistryRequest *gRPC.RegistryCredential) bool {
+func (impl *HelmAppServiceImpl) ValidateOCIRegistry(ctx context.Context, OCIRegistryRequest *gRPC.RegistryCredential) (bool, error) {
 	response, err := impl.helmAppClient.ValidateOCIRegistry(ctx, OCIRegistryRequest)
 	if err != nil {
 		impl.logger.Errorw("error in fetching chart", "err", err)
-		return false
+		return false, err
 	}
-	return response.IsLoggedIn
+	return response.IsLoggedIn, nil
 }
 
 func (impl *HelmAppServiceImpl) DecodeAppId(appId string) (*helmBean.AppIdentifier, error) {

@@ -24,7 +24,6 @@ import (
 
 	"github.com/devtron-labs/devtron/api/restHandler/common"
 	repository "github.com/devtron-labs/devtron/internal/sql/repository/dockerRegistry"
-	"github.com/devtron-labs/devtron/internal/util"
 	chartProviderService "github.com/devtron-labs/devtron/pkg/appStore/chartProvider"
 	"github.com/devtron-labs/devtron/pkg/auth/authorisation/casbin"
 	"github.com/devtron-labs/devtron/pkg/auth/user"
@@ -233,13 +232,8 @@ func (impl DockerRegRestHandlerImpl) SaveDockerRegistryConfig(w http.ResponseWri
 	//RBAC enforcer Ends
 
 	// valid registry credentials from kubelink
-	if isValid := impl.dockerRegistryConfig.ValidateRegistryCredentials(&bean); !isValid {
-		impl.logger.Errorw("registry credentials validation err, SaveDockerRegistryConfig", "err", err, "payload", bean)
-		err = &util.ApiError{
-			HttpStatusCode:  http.StatusBadRequest,
-			InternalMessage: "Invalid authentication credentials. Please verify.",
-			UserMessage:     "Invalid authentication credentials. Please verify.",
-		}
+	if err = impl.dockerRegistryConfig.ValidateRegistryCredentials(&bean); err != nil {
+		impl.logger.Errorw("registry credentials validation err, SaveDockerRegistryConfig", "err", err)
 		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 		return
 	}
@@ -349,13 +343,8 @@ func (impl DockerRegRestHandlerImpl) ValidateDockerRegistryConfig(w http.Respons
 		bean.Cert = existingStore.Cert
 	}
 	// valid registry credentials from kubelink
-	if isValid := impl.dockerRegistryConfig.ValidateRegistryCredentials(&bean); !isValid {
-		impl.logger.Errorw("registry credentials validation err, SaveDockerRegistryConfig", "err", err, "payload", bean)
-		err = &util.ApiError{
-			HttpStatusCode:  http.StatusBadRequest,
-			InternalMessage: "Invalid authentication credentials. Please verify.",
-			UserMessage:     "Invalid authentication credentials. Please verify.",
-		}
+	if err = impl.dockerRegistryConfig.ValidateRegistryCredentials(&bean); err != nil {
+		impl.logger.Errorw("registry credentials validation err, SaveDockerRegistryConfig", "err", err)
 		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 		return
 	}

@@ -46,7 +46,7 @@ type DockerRegistryConfig interface {
 	Delete(storeId string) (string, error)
 	DeleteReg(bean *types.DockerArtifactStoreBean) error
 	CheckInActiveDockerAccount(storeId string) (bool, error)
-	ValidateRegistryCredentials(bean *types.DockerArtifactStoreBean) bool
+	ValidateRegistryCredentials(bean *types.DockerArtifactStoreBean) error
 	ConfigureOCIRegistry(bean *types.DockerArtifactStoreBean, isUpdate bool, userId int32, tx *pg.Tx) error
 	CreateOrUpdateOCIRegistryConfig(ociRegistryConfig *repository.OCIRegistryConfig, userId int32, tx *pg.Tx) error
 	FilterOCIRegistryConfigForSpecificRepoType(ociRegistryConfigList []*repository.OCIRegistryConfig, repositoryType string) *repository.OCIRegistryConfig
@@ -578,13 +578,8 @@ func (impl DockerRegistryConfigImpl) Update(bean *types.DockerArtifactStoreBean)
 	bean.PluginId = existingStore.PluginId
 
 	store := NewDockerArtifactStore(bean, true, existingStore.CreatedOn, time.Now(), existingStore.CreatedBy, bean.User)
-	if isValid := impl.ValidateRegistryCredentials(bean); !isValid {
-		impl.logger.Errorw("registry credentials validation err, SaveDockerRegistryConfig", "err", err, "payload", bean)
-		err = &util.ApiError{
-			HttpStatusCode:  http.StatusBadRequest,
-			InternalMessage: "Invalid authentication credentials. Please verify.",
-			UserMessage:     "Invalid authentication credentials. Please verify.",
-		}
+	if err = impl.ValidateRegistryCredentials(bean); err != nil {
+		impl.logger.Errorw("registry credentials validation err, SaveDockerRegistryConfig", "err", err)
 		return nil, err
 	}
 	err = impl.dockerArtifactStoreRepository.Update(store, tx)
@@ -888,12 +883,14 @@ func (impl DockerRegistryConfigImpl) CheckInActiveDockerAccount(storeId string)
 	return exist, nil
 }
 
-func (impl DockerRegistryConfigImpl) ValidateRegistryCredentials(bean *types.DockerArtifactStoreBean) bool {
+const ociRegistryInvalidCredsMsg = "Invalid authentication credentials. Please verify."
+
+func (impl DockerRegistryConfigImpl) ValidateRegistryCredentials(bean *types.DockerArtifactStoreBean) error {
 	if bean.IsPublic ||
 		bean.RegistryType == repository.REGISTRYTYPE_GCR ||
 		bean.RegistryType == repository.REGISTRYTYPE_ARTIFACT_REGISTRY ||
 		bean.RegistryType == repository.REGISTRYTYPE_OTHER {
-		return true
+		return nil
 	}
 	request := &bean2.RegistryCredential{
 		RegistryUrl:  bean.RegistryURL,
@@ -906,5 +903,21 @@ func (impl DockerRegistryConfigImpl) ValidateRegistryCredentials(bean *types.Doc
 		IsPublic:     bean.IsPublic,
 		Connection:   bean.Connection,
 	}
-	return impl.helmAppService.ValidateOCIRegistry(context.Background(), request)
+
+	isLoggedIn, err := impl.helmAppService.ValidateOCIRegistry(context.Background(), request)
+	if err != nil {
+		impl.logger.Errorw("error in fetching chart", "err", err)
+		return util.NewApiError().
+			WithUserMessage("error in validating oci registry").
+			WithInternalMessage(err.Error()).
+			WithHttpStatusCode(http.StatusInternalServerError)
+	}
+	if !isLoggedIn {
+		return util.NewApiError().
+			WithUserMessage(ociRegistryInvalidCredsMsg).
+			WithInternalMessage(ociRegistryInvalidCredsMsg).
+			WithHttpStatusCode(http.StatusBadRequest)
+	}
+
+	return nil
 }
@@ -63,8 +63,9 @@ func NewServerCacheServiceImpl(logger *zap.SugaredLogger, serverEnvConfig *serve
 	// check if the release is installed or not
 	isDevtronHelmReleaseInstalled, err := impl.helmAppService.IsReleaseInstalled(context.Background(), &appIdentifier)
 	if err != nil {
-		log.Println("not able to check if the devtron helm release exists or not.", "error", err)
-		return nil, err
+		logger.Errorw("not able to check if the devtron helm release exists or not.", "error", err)
+		// return nil, err
+		// not returning the error as it will bring down orchestrator
 	}
 
 	// if not installed, treat it as OSS kubectl user