From 6f4cee88bf13ec367ccb1dcf31b1be8081969284 Mon Sep 17 00:00:00 2001 From: Louis Ruch Date: Tue, 17 May 2022 12:20:01 -0700 Subject: [PATCH] fix(vault_store): Correctly return expected errors (#2081) * fix(vault_store): Correctly return errors --- .../credential/vault/client_certificate.go | 4 +-- .../vault/client_certificate_test.go | 25 +++++++++++-------- internal/credential/vault/vault_token.go | 2 +- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/internal/credential/vault/client_certificate.go b/internal/credential/vault/client_certificate.go index 057fa29f9f..0813f6813a 100644 --- a/internal/credential/vault/client_certificate.go +++ b/internal/credential/vault/client_certificate.go @@ -75,7 +75,7 @@ func (c *ClientCertificate) SetTableName(n string) { func (c *ClientCertificate) encrypt(ctx context.Context, cipher wrapping.Wrapper) error { const op = "vault.(ClientCertificate).encrypt" if len(c.CertificateKey) == 0 { - errors.New(ctx, errors.InvalidParameter, op, "no certificate key defined") + return errors.New(ctx, errors.InvalidParameter, op, "no certificate key defined") } if err := structwrapping.WrapStruct(ctx, cipher, c.ClientCertificate, nil); err != nil { return errors.Wrap(ctx, err, op, errors.WithCode(errors.Encrypt)) @@ -86,7 +86,7 @@ func (c *ClientCertificate) encrypt(ctx context.Context, cipher wrapping.Wrapper } c.KeyId = keyId if err := c.hmacCertificateKey(ctx, cipher); err != nil { - errors.Wrap(ctx, err, op) + return errors.Wrap(ctx, err, op) } return nil } diff --git a/internal/credential/vault/client_certificate_test.go b/internal/credential/vault/client_certificate_test.go index 21af5dd262..4e2842379e 100644 --- a/internal/credential/vault/client_certificate_test.go +++ b/internal/credential/vault/client_certificate_test.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/boundary/internal/credential/vault/store" "github.com/hashicorp/boundary/internal/db" + "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/iam" "github.com/hashicorp/boundary/internal/kms" "github.com/stretchr/testify/assert" @@ -49,11 +50,12 @@ func TestClientCertificate_New(t *testing.T) { } tests := []struct { - name string - args args - want *ClientCertificate - wantErr bool - wantEncryptErr bool + name string + args args + want *ClientCertificate + wantErr bool + wantEncryptErr bool + wantEncryptErrCode errors.Code }{ { name: "missing-certificate", @@ -64,7 +66,7 @@ func TestClientCertificate_New(t *testing.T) { wantErr: true, }, { - name: "valid-missing-key", + name: "missing-key", args: args{ certificate: []byte(certPem), }, @@ -73,7 +75,8 @@ func TestClientCertificate_New(t *testing.T) { Certificate: []byte(certPem), }, }, - wantEncryptErr: true, + wantEncryptErr: true, + wantEncryptErrCode: errors.InvalidParameter, }, { name: "valid", @@ -116,10 +119,12 @@ func TestClientCertificate_New(t *testing.T) { err = got.encrypt(ctx, databaseWrapper) if tt.wantEncryptErr { require.Error(err) - } else { - require.NoError(err) - require.NoError(got.decrypt(ctx, databaseWrapper)) + assert.Truef(errors.Match(errors.T(tt.wantEncryptErrCode), err), "%v", err) + return } + + require.NoError(err) + assert.NoError(got.decrypt(ctx, databaseWrapper)) }) } } diff --git a/internal/credential/vault/vault_token.go b/internal/credential/vault/vault_token.go index a0ac6efa5a..8729816989 100644 --- a/internal/credential/vault/vault_token.go +++ b/internal/credential/vault/vault_token.go @@ -122,7 +122,7 @@ func (t *Token) encrypt(ctx context.Context, cipher wrapping.Wrapper) error { } keyId, err := cipher.KeyId(ctx) if err != nil { - errors.Wrap(ctx, err, op, errors.WithCode(errors.Encrypt), errors.WithMsg("error fetching wrapper key id")) + return errors.Wrap(ctx, err, op, errors.WithCode(errors.Encrypt), errors.WithMsg("error fetching wrapper key id")) } t.KeyId = keyId return nil