fix(vault_store): Correctly return expected errors (#2081)

* fix(vault_store): Correctly return errors
4 years ago · 6f4cee88bf
parent ce0507ee99
commit 6f4cee88bf
3 changed files with 18 additions and 13 deletions
--- a/internal/credential/vault/client_certificate.go
+++ b/internal/credential/vault/client_certificate.go
@ -75,7 +75,7 @@ func (c *ClientCertificate) SetTableName(n string) {
 func (c *ClientCertificate) encrypt(ctx context.Context, cipher wrapping.Wrapper) error {
 	const op = "vault.(ClientCertificate).encrypt"
 	if len(c.CertificateKey) == 0 {
-		errors.New(ctx, errors.InvalidParameter, op, "no certificate key defined")
+		return errors.New(ctx, errors.InvalidParameter, op, "no certificate key defined")
 	}
 	if err := structwrapping.WrapStruct(ctx, cipher, c.ClientCertificate, nil); err != nil {
 		return errors.Wrap(ctx, err, op, errors.WithCode(errors.Encrypt))
@ -86,7 +86,7 @@ func (c *ClientCertificate) encrypt(ctx context.Context, cipher wrapping.Wrapper
 	}
 	c.KeyId = keyId
 	if err := c.hmacCertificateKey(ctx, cipher); err != nil {
-		errors.Wrap(ctx, err, op)
+		return errors.Wrap(ctx, err, op)
 	}
 	return nil
 }
--- a/internal/credential/vault/client_certificate_test.go
+++ b/internal/credential/vault/client_certificate_test.go
@ -6,6 +6,7 @@ import (

 	"github.com/hashicorp/boundary/internal/credential/vault/store"
 	"github.com/hashicorp/boundary/internal/db"
+	"github.com/hashicorp/boundary/internal/errors"
 	"github.com/hashicorp/boundary/internal/iam"
 	"github.com/hashicorp/boundary/internal/kms"
 	"github.com/stretchr/testify/assert"
@ -49,11 +50,12 @@ func TestClientCertificate_New(t *testing.T) {
 	}

 	tests := []struct {
-		name           string
-		args           args
-		want           *ClientCertificate
-		wantErr        bool
-		wantEncryptErr bool
+		name               string
+		args               args
+		want               *ClientCertificate
+		wantErr            bool
+		wantEncryptErr     bool
+		wantEncryptErrCode errors.Code
 	}{
 		{
 			name: "missing-certificate",
@ -64,7 +66,7 @@ func TestClientCertificate_New(t *testing.T) {
 			wantErr: true,
 		},
 		{
-			name: "valid-missing-key",
+			name: "missing-key",
 			args: args{
 				certificate: []byte(certPem),
 			},
@ -73,7 +75,8 @@ func TestClientCertificate_New(t *testing.T) {
 					Certificate: []byte(certPem),
 				},
 			},
-			wantEncryptErr: true,
+			wantEncryptErr:     true,
+			wantEncryptErrCode: errors.InvalidParameter,
 		},
 		{
 			name: "valid",
@ -116,10 +119,12 @@ func TestClientCertificate_New(t *testing.T) {
 			err = got.encrypt(ctx, databaseWrapper)
 			if tt.wantEncryptErr {
 				require.Error(err)
-			} else {
-				require.NoError(err)
-				require.NoError(got.decrypt(ctx, databaseWrapper))
+				assert.Truef(errors.Match(errors.T(tt.wantEncryptErrCode), err), "%v", err)
+				return
 			}
+
+			require.NoError(err)
+			assert.NoError(got.decrypt(ctx, databaseWrapper))
 		})
 	}
 }
--- a/internal/credential/vault/vault_token.go
+++ b/internal/credential/vault/vault_token.go
@ -122,7 +122,7 @@ func (t *Token) encrypt(ctx context.Context, cipher wrapping.Wrapper) error {
 	}
 	keyId, err := cipher.KeyId(ctx)
 	if err != nil {
-		errors.Wrap(ctx, err, op, errors.WithCode(errors.Encrypt), errors.WithMsg("error fetching wrapper key id"))
+		return errors.Wrap(ctx, err, op, errors.WithCode(errors.Encrypt), errors.WithMsg("error fetching wrapper key id"))
 	}
 	t.KeyId = keyId
 	return nil