feat: error checking for initial API token call (#1080)

MrGiga · kayman-mk · web-flow · commit 6b3740a5c63a · 2024-02-08T23:03:03.000+01:00
## Description

If the API token is invalid or expired, the current implementation does
not return that error to inform the end user. This implementation adds
error checking, returns that error and then does not continue. This
should make debugging much easier compared to it's current state. From
my research there are two possible error formats.

First error response: 401 unauthorized
{"message":"401 Unauthorized"}

Second possible error response: Token has expired
{"error":"invalid_token","error_description":"Token is expired. You can
either do re-authorization or token refresh."}

## Migrations required

None

## Verification

Provide a bad or expired API token to the module. It should fail and
output the reason for failure.

---------

Co-authored-by: Matthias Kay &lt;matthias.kay@hlag.com&gt;
diff --git a/template/gitlab-runner.tftpl b/template/gitlab-runner.tftpl
@@ -49,7 +49,7 @@ then
     # fetch gitlab token from SSM
     gitlab_token=$(aws ssm get-parameter --name "${secure_parameter_store_gitlab_token_name}" --with-decryption --region "${secure_parameter_store_region}" | jq -r ".Parameter | .Value")
 
-    token=$(curl ${curl_cacert} --request POST -L "${runners_gitlab_url}/api/v4/user/runners" \
+    response = $(curl ${curl_cacert} --request POST -L "${runners_gitlab_url}/api/v4/user/runners" \
       --header "private-token: $gitlab_token" \
       --form "tag_list=${gitlab_runner_tag_list}" \
       --form "description=${gitlab_runner_description}" \
@@ -58,8 +58,16 @@ then
       --form "maximum_timeout=${gitlab_runner_maximum_timeout}" \
       --form "runner_type=${gitlab_runner_type}_type" \
       $runner_type_param \
-      --form "access_level=${gitlab_runner_access_level}" \
-      | jq -r '.token')
+      --form "access_level=${gitlab_runner_access_level}")
+
+    token = $(echo response | jq -r '.token')
+    if [[ "$token" == null ]]
+        message = $(echo response | jq -r '.message // .error_description')
+        if [[ "$message" != null ]]
+            echo "ERROR: Couldn't register the Runner. GitLab API call returned $message".
+            exit 1
+        fi
+    fi
   else
     gitlab_runner_registration_token=${gitlab_runner_registration_token}
 
