improve k8s error messages

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>

Author: inteon

pkg/datagatherer/oidc/oidc.go

@@ -4,8 +4,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"net/url"
+	"strings"
 
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/rest"
+	"k8s.io/klog/v2"
 
 	"github.com/jetstack/preflight/api"
 	"github.com/jetstack/preflight/pkg/datagatherer"
@@ -86,7 +91,7 @@ func (g *DataGathererOIDC) fetchOIDCConfig(ctx context.Context) (map[string]any,
 	// Fetch the OIDC discovery document from the well-known endpoint.
 	bytes, err := g.cl.Get().AbsPath("/.well-known/openid-configuration").Do(ctx).Raw()
 	if err != nil {
-		return nil, fmt.Errorf("failed to get OIDC discovery document: %v", err)
+		return nil, fmt.Errorf("failed to get OIDC discovery document: %s", k8sErrorMessage(err))
 	}
 
 	var oidcResponse map[string]any
@@ -106,7 +111,7 @@ func (g *DataGathererOIDC) fetchJWKS(ctx context.Context) (map[string]any, error
 	// So we are using the default path instead, which we think should work in most cases.
 	bytes, err := g.cl.Get().AbsPath("/openid/v1/jwks").Do(ctx).Raw()
 	if err != nil {
-		return nil, fmt.Errorf("failed to get JWKS from jwks_uri: %v", err)
+		return nil, fmt.Errorf("failed to get JWKS from jwks_uri: %s", k8sErrorMessage(err))
 	}
 
 	var jwksResponse map[string]any
@@ -116,3 +121,35 @@ func (g *DataGathererOIDC) fetchJWKS(ctx context.Context) (map[string]any, error
 
 	return jwksResponse, nil
 }
+
+// based on https://github.com/kubernetes/kubectl/blob/a64ceaeab69eed1f11a9e1bd91cf2c1446de811c/pkg/cmd/util/helpers.go#L244
+func k8sErrorMessage(err error) string {
+	if status, isStatus := err.(apierrors.APIStatus); isStatus {
+		switch s := status.Status(); {
+		case s.Reason == metav1.StatusReasonUnauthorized:
+			return fmt.Sprintf("error: You must be logged in to the server (%s)", s.Message)
+		case len(s.Reason) > 0:
+			return fmt.Sprintf("Error from server (%s): %s", s.Reason, err.Error())
+		default:
+			return fmt.Sprintf("Error from server: %s", err.Error())
+		}
+	}
+
+	if apierrors.IsUnexpectedObjectError(err) {
+		return fmt.Sprintf("Server returned an unexpected response: %s", err.Error())
+	}
+
+	if t, isURL := err.(*url.Error); isURL {
+		klog.V(4).Infof("Connection error: %s %s: %v", t.Op, t.URL, t.Err)
+		if strings.Contains(t.Err.Error(), "connection refused") {
+			host := t.URL
+			if server, err := url.Parse(t.URL); err == nil {
+				host = server.Host
+			}
+			return fmt.Sprintf("The connection to the server %s was refused - did you specify the right host or port?", host)
+		}
+		return fmt.Sprintf("Unable to connect to the server: %v", t.Err)
+	}
+
+	return fmt.Sprintf("error: %v", err)
+}

pkg/datagatherer/oidc/oidc_test.go

@@ -109,7 +109,7 @@ func TestFetch_Errors(t *testing.T) {
 	if res.OIDCConfig != nil {
 		t.Fatalf("expected nil OIDCConfig on error, got %#v", res.OIDCConfig)
 	}
-	if res.OIDCConfigError != "failed to get OIDC discovery document: an error on the server (\"boom\") has prevented the request from succeeding" {
+	if res.OIDCConfigError != "failed to get OIDC discovery document: Error from server (InternalError): an error on the server (\"boom\") has prevented the request from succeeding" {
 		t.Fatalf("unexpected OIDCConfigError: %q", res.OIDCConfigError)
 	}
 	if res.JWKS != nil {