Skip to content

🐛 Sanitize error responses in kc-agent HTTP handlers#13395

Merged
kubestellar-hive[bot] merged 1 commit into
mainfrom
fix/13394
May 13, 2026
Merged

🐛 Sanitize error responses in kc-agent HTTP handlers#13395
kubestellar-hive[bot] merged 1 commit into
mainfrom
fix/13394

Conversation

@kubestellar-hive
Copy link
Copy Markdown
Contributor

@kubestellar-hive kubestellar-hive Bot commented May 13, 2026

Fixes #13394

Summary

Replace raw err.Error() strings in pkg/agent/ HTTP responses with generic messages to prevent leaking internal cluster state (API server URLs, kubeconfig paths, resource names, RBAC details).

Changes

  • New: pkg/agent/error_sanitizer.gosanitizeAgentError() helper that classifies k8s errors into safe categories (connection issues, RBAC, not-found, conflict, validation, generic)
  • Modified: kc-agent handler files in pkg/agent/ — replaced raw err.Error() and similar client-facing error details with sanitized messages
  • Preserved: Detailed errors logged server-side via slog.Error()/existing logs for debugging

Error Classification

Error Pattern Client Message
Connection refused/timeout "cluster temporarily unavailable"
RBAC/forbidden "insufficient permissions"
Not found "resource not found"
Conflict "resource conflict"
Validation "invalid request"
Default "operation failed"
🐛 Sanitize error responses in kc-agent HTTP handlers
cc19e9f 
Replace raw err.Error() strings in pkg/agent HTTP responses with generic messages to prevent leaking internal cluster state.

Add sanitizeAgentError() for consistent classification across handlers and keep detailed errors in server-side slog output.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings May 13, 2026 03:22
Copilot AI reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.
@kubestellar-prow kubestellar-prow Bot added the dco-signoff: yes Indicates the PR's author has signed the DCO. label May 13, 2026
@netlify
Copy link
Copy Markdown

netlify Bot commented May 13, 2026
edited
Loading

Deploy Preview for kubestellarconsole canceled.

Name Link
🔨 Latest commit cc19e9f
🔍 Latest deploy log https://app.netlify.com/projects/kubestellarconsole/deploys/6a03ee8ef96279000842a7ec
@kubestellar-prow
Copy link
Copy Markdown
Contributor

kubestellar-prow Bot commented May 13, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign mikespreitzer for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
@kubestellar-prow kubestellar-prow Bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label May 13, 2026
@github-actions github-actions Bot added copilot tier/2-standard ai-generated Pull request generated by AI labels May 13, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 13, 2026

👋 Hey @kubestellar-hive[bot] — thanks for opening this PR!

🤖 This project is developed exclusively using AI coding assistants.

Please do not attempt to code anything for this project manually.
All contributions should be authored using an AI coding tool such as:

This ensures consistency in code style, architecture patterns, test coverage,
and commit quality across the entire codebase.

This is an automated message.
@kubestellar-hive kubestellar-hive Bot merged commit a2ed64b into main May 13, 2026
32 of 33 checks passed
@kubestellar-prow kubestellar-prow Bot deleted the fix/13394 branch May 13, 2026 03:29
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 13, 2026

Thank you for your contribution! Your PR has been merged.

Check out what's new:

Stay connected: Slack #kubestellar-dev | Multi-Cluster Survey
@kubestellar-hive kubestellar-hive Bot mentioned this pull request May 13, 2026
Closed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 13, 2026

Post-merge build verification passed

Both Go and frontend builds compiled successfully against merge commit a2ed64bff31504b787dcd398b1e3dce24b5938fe.
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 13, 2026

✅ Post-Merge Verification: passed

Commit: a2ed64bff31504b787dcd398b1e3dce24b5938fe
Specs run: smoke.spec.ts
Report: https://github.com/kubestellar/console/actions/runs/25776474232
This was referenced May 13, 2026
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ai-generated Pull request generated by AI copilot dco-signoff: yes Indicates the PR's author has signed the DCO. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. tier/2-standard

2 participants