Guard against missing S3 credentials

Author: stefanprodan

api/v1alpha1/bucket_types.go

@@ -69,6 +69,11 @@ type BucketSpec struct {
 	Ignore *string `json:"ignore,omitempty"`
 }
 
+const (
+	GenericBucketProvider string = "generic"
+	AmazonBucketProvider  string = "aws"
+)
+
 // BucketStatus defines the observed state of a bucket
 type BucketStatus struct {
 	// ObservedGeneration is the last observed generation.

controllers/bucket_controller.go

@@ -175,6 +175,15 @@ func (r *BucketReconciler) reconcile(ctx context.Context, bucket sourcev1.Bucket
 	ctxTimeout, cancel := context.WithTimeout(ctx, bucket.GetTimeout())
 	defer cancel()
 
+	exists, err := s3Client.BucketExists(ctxTimeout, bucket.Spec.BucketName)
+	if err != nil {
+		return sourcev1.BucketNotReady(bucket, sourcev1.BucketOperationFailedReason, err.Error()), err
+	}
+	if !exists {
+		err = fmt.Errorf("bucket '%s' not found", bucket.Spec.BucketName)
+		return sourcev1.BucketNotReady(bucket, sourcev1.BucketOperationFailedReason, err.Error()), err
+	}
+
 	// download bucket content
 	for object := range s3Client.ListObjects(ctxTimeout, bucket.Spec.BucketName, minio.ListObjectsOptions{Recursive: true}) {
 		if object.Err != nil {
@@ -270,10 +279,14 @@ func (r *BucketReconciler) auth(ctx context.Context, bucket sourcev1.Bucket) (*m
 			return nil, fmt.Errorf("invalid '%s' secret data: required fields 'accesskey' and 'secretkey'", secret.Name)
 		}
 		opt.Creds = credentials.NewStaticV4(accesskey, secretkey, "")
-	} else if bucket.Spec.Provider == "aws" {
+	} else if bucket.Spec.Provider == sourcev1.AmazonBucketProvider {
 		opt.Creds = credentials.NewIAM("")
 	}
 
+	if opt.Creds == nil {
+		return nil, fmt.Errorf("no bucket credentials found")
+	}
+
 	return minio.New(bucket.Spec.Endpoint, &opt)
 }