USER PROBLEM

We are loading CA files provided by the cluster. Defined paths include kubernetes paths and openshift paths. That means - it is expected that some paths are not available.

The logging level is defined as Error. And we are logging errors like this on GKE clusters:

auth/m2m: 2025/05/05 19:57:04.279093 verifier.go:129: Error: Failed to read CA file for token verifier {"path": "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt", "error": "open /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt: no such file or directory"}
auth/m2m: 2025/05/05 19:57:04.279407 verifier.go:129: Error: Failed to read CA file for token verifier {"path": "/etc/pki/injected-ca-trust/tls-ca-bundle.pem", "error": "open /etc/pki/injected-ca-trust/tls-ca-bundle.pem: no such file or directory"}

This can be confusing for customers who are operating our application.

MORE INFO

• https://redhat-internal.slack.com/archives/C08CM7QDETH/p1746462237400229
• https://github.com/stackrox/stackrox/blob/c2bda74ef0cb2c7f8b6093493ecee5953c867a2a/central/auth/m2m/verifier.go#L129
• PR: https://github.com/stackrox/stackrox/pull/9613
• initial implementation used Debug level but it was changed after PR review comment: https://github.com/stackrox/stackrox/pull/9613/commits/a73530660357c5450af863aff53dd76859dc6dd6

FIX

• change log level to warning or info for the log that outputs information about unavailable CA file
• keep the log level at Error for line that output information that adding of Cert to pool failed (justification: if a file exists and this action fails, that means the file is corrupted or there are other problems, and user action is required).