Image Automation not providing error message when git-repo has no write-access

[nabadger]

We use an ssh-deploy key to have flux talk to repos (we use gitlab.com)

When we don't enable write-access on the git-repo for the deploy-key, flux (correctly) fails to write the image updates, but does not provide a nice error message as to why.

We get the following: (this is also output when using flux get image update)

message: 'unknown error: remote: '

apiVersion: v1
items:
- apiVersion: image.toolkit.fluxcd.io/v1alpha1
  kind: ImageUpdateAutomation
  metadata:
    annotations:
    generation: 2
    labels:
      kustomize.toolkit.fluxcd.io/checksum: 0a827fca90af236d1cb0d0e2c757681441c6ccfa
      kustomize.toolkit.fluxcd.io/name: flux-system
      kustomize.toolkit.fluxcd.io/namespace: flux-system
    name: <redacted>
    namespace: flux-system
  spec:
    checkout:
      branch: test-flux2-image-updates
      gitRepositoryRef:
        name:<redacted>
    commit:
      authorEmail: [email protected]
      authorName: fluxcdbot
      messageTemplate: '[ci skip] update image'
    interval: 1m0s
    update:
      setters: {}
  status:
    conditions:
    - lastTransitionTime: "2021-01-28T14:01:47Z"
      message: 'unknown error: remote: '
      reason: ReconciliationFailed
      status: "False"
      type: Ready
    observedGeneration: 2

[jonaskello]

I had the same issue in discussion #876 (seems github does not link discussions to issues so just adding that here for reference :-)).

[squaremo]

The response given by gitlab is:

========================================================================                                 

This deploy key does not have write access to this project.                                              

========================================================================

go-git takes just the first line, which is blank. libgit2 reports the whole text, so you get:

$ flux get image update 
NAME            READY   MESSAGE                                                                                 LAST RUN        SUSPENDED 
my-app-auto     False   remote:                                                                                                 False    
                        remote: ========================================================================                                 
                        remote:                                                                                                          
                        remote: This deploy key does not have write access to this project.                                              
                        remote:                                                                                                          
                        remote: ========================================================================                                 
                        remote:                                                                                                          

Which is much better in that it gets the message across, but upsets the table layout somewhat.

I can make a PR upstream in go-git, but either way I think the least brittle remedy is to anticipate that exact situation when using git operations, and replace it with a message that at least mentions what was being attempted.

[RogerSik]

Are #115 active? Because having the same issue here with flux v2.0.0-rc.3

Events:
  Type     Reason  Age               From                         Message
  ----     ------  ----              ----                         -------
  Warning  error   2s (x5 over 15s)  image-automation-controller  unknown error: remote:
$ 

[ChrisJBurns]

I have same issue @RogerSik using v0.31.0. What's even weirder is that in other clusters with this version of the iac, the updates are working with no issue. We deploy Flux the same way across all clusters (using the Helm Chart).

[RogerSik]

@ChrisJBurns fyi because this issue is closed I created a new one #548