operator: return error when the ServiceAccount has no secrets

We need to lend the secret to the rancher-system-agent: without that let's not even start the elemental deployment. Signed-off-by: Francesco Giudici <[email protected]>
rancher · Sep 23, 2022 · deef765 · deef765
1 parent 17d9d21
commit deef765
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/pkg/server/register.go b/pkg/server/register.go
@@ -196,10 +196,14 @@ func (i *InventoryServer) writeMachineInventoryCloudConfig(conn *websocket.Conn,
 
 	sa, err := i.serviceAccountCache.Get(registration.Status.ServiceAccountRef.Namespace,
 		registration.Status.ServiceAccountRef.Name)
-	if err != nil || len(sa.Secrets) < 1 {
+	if err != nil {
 		return err
 	}
 
+	if len(sa.Secrets) < 1 {
+		return fmt.Errorf("no secrets associated to the %s service account", sa.Name)
+	}
+
 	tokenSecret, err := i.secretCache.Get(sa.Namespace, sa.Secrets[0].Name)
 	if err != nil || tokenSecret.Type != v1.SecretTypeServiceAccountToken {
 		return err