Change internal errors methods and adapt code.

This commit is contained in:
Mariano Cano 2021-11-24 18:22:20 -08:00
parent 9d38a17031
commit abeabed80b
20 changed files with 66 additions and 43 deletions

View file

@ -324,7 +324,7 @@ func (h *caHandler) Provisioners(w http.ResponseWriter, r *http.Request) {
p, next, err := h.Authority.GetProvisioners(cursor, limit)
if err != nil {
WriteError(w, errs.InternalServerErr(err))
WriteError(w, errs.InternalServerErr(err, "error getting provisioners"))
return
}
JSON(w, &ProvisionersResponse{

View file

@ -1090,7 +1090,7 @@ func Test_caHandler_Provisioners(t *testing.T) {
expectedError400 := errs.BadRequest("limit 'abc' is not an integer")
expectedError400Bytes, err := json.Marshal(expectedError400)
assert.FatalError(t, err)
expectedError500 := errs.InternalServer("force")
expectedError500 := errs.InternalServer("error getting provisioners")
expectedError500Bytes, err := json.Marshal(expectedError500)
assert.FatalError(t, err)
for _, tt := range tests {

View file

@ -44,7 +44,7 @@ func (h *caHandler) Rekey(w http.ResponseWriter, r *http.Request) {
certChain, err := h.Authority.Rekey(r.TLS.PeerCertificates[0], body.CsrPEM.CertificateRequest.PublicKey)
if err != nil {
WriteError(w, errs.Wrap(http.StatusInternalServerError, err, "cahandler.Rekey"))
WriteError(w, errs.InternalServerErr(err, "error rekeying certificate"))
return
}
certChainPEM := certChainToPEM(certChain)

View file

@ -16,7 +16,7 @@ func (h *caHandler) Renew(w http.ResponseWriter, r *http.Request) {
certChain, err := h.Authority.Renew(r.TLS.PeerCertificates[0])
if err != nil {
WriteError(w, errs.Wrap(http.StatusInternalServerError, err, "cahandler.Renew"))
WriteError(w, errs.InternalServerErr(err, "error renewing certificate"))
return
}
certChainPEM := certChainToPEM(certChain)

View file

@ -344,7 +344,7 @@ func (h *caHandler) SSHSign(w http.ResponseWriter, r *http.Request) {
func (h *caHandler) SSHRoots(w http.ResponseWriter, r *http.Request) {
keys, err := h.Authority.GetSSHRoots(r.Context())
if err != nil {
WriteError(w, errs.InternalServerErr(err))
WriteError(w, errs.InternalServerErr(err, "error getting ssh roots"))
return
}
@ -369,7 +369,7 @@ func (h *caHandler) SSHRoots(w http.ResponseWriter, r *http.Request) {
func (h *caHandler) SSHFederation(w http.ResponseWriter, r *http.Request) {
keys, err := h.Authority.GetSSHFederation(r.Context())
if err != nil {
WriteError(w, errs.InternalServerErr(err))
WriteError(w, errs.InternalServerErr(err, "error getting federated ssh roots"))
return
}
@ -404,7 +404,7 @@ func (h *caHandler) SSHConfig(w http.ResponseWriter, r *http.Request) {
ts, err := h.Authority.GetSSHConfig(r.Context(), body.Type, body.Data)
if err != nil {
WriteError(w, errs.InternalServerErr(err))
WriteError(w, errs.InternalServerErr(err, "error getting ssh config"))
return
}
@ -415,7 +415,7 @@ func (h *caHandler) SSHConfig(w http.ResponseWriter, r *http.Request) {
case provisioner.SSHHostCert:
cfg.HostTemplates = ts
default:
WriteError(w, errs.InternalServer("it should hot get here"))
WriteError(w, errs.Internal("it should hot get here"))
return
}
@ -436,7 +436,7 @@ func (h *caHandler) SSHCheckHost(w http.ResponseWriter, r *http.Request) {
exists, err := h.Authority.CheckSSHHost(r.Context(), body.Principal, body.Token)
if err != nil {
WriteError(w, errs.InternalServerErr(err))
WriteError(w, errs.InternalServerErr(err, "error checking for host"))
return
}
JSON(w, &SSHCheckPrincipalResponse{
@ -453,7 +453,7 @@ func (h *caHandler) SSHGetHosts(w http.ResponseWriter, r *http.Request) {
hosts, err := h.Authority.GetSSHHosts(r.Context(), cert)
if err != nil {
WriteError(w, errs.InternalServerErr(err))
WriteError(w, errs.InternalServerErr(err, "error getting ssh hosts"))
return
}
JSON(w, &SSHGetHostsResponse{
@ -475,7 +475,7 @@ func (h *caHandler) SSHBastion(w http.ResponseWriter, r *http.Request) {
bastion, err := h.Authority.GetSSHBastion(r.Context(), body.User, body.Hostname)
if err != nil {
WriteError(w, errs.InternalServerErr(err))
WriteError(w, errs.InternalServerErr(err, "error getting ssh bastion"))
return
}

View file

@ -63,7 +63,7 @@ func (h *caHandler) SSHRekey(w http.ResponseWriter, r *http.Request) {
}
oldCert, _, err := provisioner.ExtractSSHPOPCert(body.OTT)
if err != nil {
WriteError(w, errs.InternalServerErr(err))
WriteError(w, errs.InternalServerErr(err, "error exacting ssh certificate"))
}
newCert, err := h.Authority.RekeySSH(ctx, oldCert, publicKey, signOpts...)

View file

@ -55,7 +55,7 @@ func (h *caHandler) SSHRenew(w http.ResponseWriter, r *http.Request) {
}
oldCert, _, err := provisioner.ExtractSSHPOPCert(body.OTT)
if err != nil {
WriteError(w, errs.InternalServerErr(err))
WriteError(w, errs.InternalServerErr(err, "error extraction ssh certificate"))
}
newCert, err := h.Authority.RenewSSH(ctx, oldCert)

View file

@ -53,14 +53,13 @@ func (h *Handler) GetProvisioner(w http.ResponseWriter, r *http.Request) {
func (h *Handler) GetProvisioners(w http.ResponseWriter, r *http.Request) {
cursor, limit, err := api.ParseCursor(r)
if err != nil {
api.WriteError(w, admin.WrapError(admin.ErrorBadRequestType, err,
"error parsing cursor & limit query params"))
api.WriteError(w, err)
return
}
p, next, err := h.auth.GetProvisioners(cursor, limit)
if err != nil {
api.WriteError(w, errs.InternalServerErr(err))
api.WriteError(w, errs.InternalServerErr(err, "error getting provisioners"))
return
}
api.JSON(w, &GetProvisionersResponse{

View file

@ -227,7 +227,10 @@ func (a *Authority) Authorize(ctx context.Context, token string) ([]provisioner.
_, signOpts, err := a.authorizeSSHRekey(ctx, token)
return signOpts, errs.Wrap(http.StatusInternalServerError, err, "authority.Authorize", opts...)
default:
return nil, errs.InternalServer("authority.Authorize; method %d is not supported", append([]interface{}{m}, opts...)...)
return nil, errs.ApplyOptions(
errs.InternalServer("method %d is not supported", m),
opts...,
)
}
}

View file

@ -722,7 +722,7 @@ func TestAuthority_Authorize(t *testing.T) {
auth: a,
token: "foo",
ctx: provisioner.NewContextWithMethod(context.Background(), 15),
err: errors.New("authority.Authorize; method 15 is not supported"),
err: errors.New("method 15 is not supported"),
code: http.StatusInternalServerError,
}
},

View file

@ -619,7 +619,7 @@ func (p *AWS) authorizeToken(token string) (*awsPayload, error) {
return nil, errs.Wrapf(http.StatusUnauthorized, err, "aws.authorizeToken; error parsing aws token")
}
if len(jwt.Headers) == 0 {
return nil, errs.InternalServer("aws.authorizeToken; error parsing token, header is missing")
return nil, errs.BadRequest("error parsing token, header is missing")
}
var unsafeClaims awsPayload

View file

@ -126,7 +126,7 @@ func (p *SSHPOP) authorizeToken(token string, audiences []string) (*sshPOPPayloa
}
sshCryptoPubKey, ok := sshCert.Key.(ssh.CryptoPublicKey)
if !ok {
return nil, errs.InternalServer("sshpop.authorizeToken; sshpop public key could not be cast to ssh CryptoPublicKey")
return nil, errs.Internal("sshpop public key could not be cast to ssh CryptoPublicKey")
}
pubKey := sshCryptoPubKey.CryptoPublicKey()

View file

@ -15,7 +15,7 @@ func (a *Authority) Root(sum string) (*x509.Certificate, error) {
crt, ok := val.(*x509.Certificate)
if !ok {
return nil, errs.InternalServer("stored value is not a *x509.Certificate")
return nil, errs.Internal("stored value is not a *x509.Certificate")
}
return crt, nil
}
@ -49,7 +49,7 @@ func (a *Authority) GetFederation() (federation []*x509.Certificate, err error)
crt, ok := v.(*x509.Certificate)
if !ok {
federation = nil
err = errs.InternalServer("stored value is not a *x509.Certificate")
err = errs.Internal("stored value is not a *x509.Certificate")
return false
}
federation = append(federation, crt)

View file

@ -22,7 +22,7 @@ func TestRoot(t *testing.T) {
code int
}{
"not-found": {"foo", errors.New("certificate with fingerprint foo was not found"), http.StatusNotFound},
"invalid-stored-certificate": {"invaliddata", errors.New("stored value is not a *x509.Certificate"), http.StatusInternalServerError},
"invalid-stored-certificate": {"invaliddata", errors.New(errs.InternalServerErrorDefaultMsg), http.StatusInternalServerError},
"success": {"189f573cfa159251e445530847ef80b1b62a3a380ee670dcb49e33ed34da0616", nil, http.StatusOK},
}

View file

@ -177,7 +177,7 @@ func (a *Authority) SignSSH(ctx context.Context, key ssh.PublicKey, opts provisi
}
default:
return nil, errs.InternalServer("authority.SignSSH: invalid extra option type %T", o)
return nil, errs.Internal("invalid extra SignOption of type %T", o)
}
}
@ -231,7 +231,7 @@ func (a *Authority) SignSSH(ctx context.Context, key ssh.PublicKey, opts provisi
}
signer = a.sshCAHostCertSignKey
default:
return nil, errs.InternalServer("authority.SignSSH: unexpected ssh certificate type: %d", certTpl.CertType)
return nil, errs.Internal("invalid ssh certificate of type '%d'", certTpl.CertType)
}
// Sign certificate.
@ -297,7 +297,7 @@ func (a *Authority) RenewSSH(ctx context.Context, oldCert *ssh.Certificate) (*ss
}
signer = a.sshCAHostCertSignKey
default:
return nil, errs.InternalServer("renewSSH: unexpected ssh certificate type: %d", certTpl.CertType)
return nil, errs.Internal("invalid ssh certificate of type '%d'", certTpl.CertType)
}
// Sign certificate.
@ -323,7 +323,7 @@ func (a *Authority) RekeySSH(ctx context.Context, oldCert *ssh.Certificate, pub
case provisioner.SSHCertValidator:
validators = append(validators, o)
default:
return nil, errs.InternalServer("rekeySSH; invalid extra option type %T", o)
return nil, errs.Internal("invalid extra SignOption of type %T", o)
}
}

View file

@ -901,7 +901,7 @@ func TestAuthority_RekeySSH(t *testing.T) {
hostSigner: signer,
key: pub,
signOpts: []provisioner.SignOption{userOptions},
err: errors.New("rekeySSH; invalid extra option type"),
err: errors.New(errs.InternalServerErrorDefaultMsg),
code: http.StatusInternalServerError,
}
},

View file

@ -113,7 +113,10 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
certEnforcers = append(certEnforcers, k)
default:
return nil, errs.InternalServer("authority.Sign; invalid extra option type %T", append([]interface{}{k}, opts...)...)
return nil, errs.ApplyOptions(
errs.Internal("invalid extra SignOption of type %T", k),
opts...,
)
}
}

View file

@ -268,7 +268,7 @@ func TestAuthority_Sign(t *testing.T) {
csr: csr,
extraOpts: append(extraOpts, "42"),
signOpts: signOpts,
err: errors.New("authority.Sign; invalid extra option type string"),
err: errors.New(errs.InternalServerErrorDefaultMsg),
code: http.StatusInternalServerError,
}
},

View file

@ -163,7 +163,7 @@ func TestClient_Version(t *testing.T) {
expectedErr error
}{
{"ok", ok, 200, false, nil},
{"500", errs.InternalServer("force"), 500, true, errors.New(errs.InternalServerErrorDefaultMsg)},
{"500", errs.InternalServer("force"), 500, true, errors.New(errs.InternalServerPrefix)},
{"404", errs.NotFound("force"), 404, true, errors.New(errs.NotFoundDefaultMsg)},
}
@ -193,7 +193,7 @@ func TestClient_Version(t *testing.T) {
if got != nil {
t.Errorf("Client.Version() = %v, want nil", got)
}
assert.HasPrefix(t, tt.expectedErr.Error(), err.Error())
assert.HasPrefix(t, err.Error(), tt.expectedErr.Error())
default:
if !reflect.DeepEqual(got, tt.response) {
t.Errorf("Client.Version() = %v, want %v", got, tt.response)
@ -214,7 +214,7 @@ func TestClient_Health(t *testing.T) {
expectedErr error
}{
{"ok", ok, 200, false, nil},
{"not ok", errs.InternalServer("force"), 500, true, errors.New(errs.InternalServerErrorDefaultMsg)},
{"not ok", errs.InternalServer("force"), 500, true, errors.New(errs.InternalServerPrefix)},
}
srv := httptest.NewServer(nil)
@ -244,7 +244,7 @@ func TestClient_Health(t *testing.T) {
if got != nil {
t.Errorf("Client.Health() = %v, want nil", got)
}
assert.HasPrefix(t, tt.expectedErr.Error(), err.Error())
assert.HasPrefix(t, err.Error(), tt.expectedErr.Error())
default:
if !reflect.DeepEqual(got, tt.response) {
t.Errorf("Client.Health() = %v, want %v", got, tt.response)
@ -648,7 +648,7 @@ func TestClient_Provisioners(t *testing.T) {
if got != nil {
t.Errorf("Client.Provisioners() = %v, want nil", got)
}
assert.HasPrefix(t, errs.InternalServerErrorDefaultMsg, err.Error())
assert.HasPrefix(t, err.Error(), errs.InternalServerPrefix)
default:
if !reflect.DeepEqual(got, tt.response) {
t.Errorf("Client.Provisioners() = %v, want %v", got, tt.response)

View file

@ -172,9 +172,11 @@ func StatusCodeError(code int, e error, opts ...Option) error {
opts = append(opts, withDefaultMessage(ForbiddenDefaultMsg))
return NewErr(http.StatusForbidden, e, opts...)
case http.StatusInternalServerError:
return InternalServerErr(e, opts...)
opts = append(opts, withDefaultMessage(InternalServerErrorDefaultMsg))
return NewErr(http.StatusInternalServerError, e, opts...)
case http.StatusNotImplemented:
return NotImplementedErr(e, opts...)
opts = append(opts, withDefaultMessage(NotImplementedDefaultMsg))
return NewErr(http.StatusNotImplemented, e, opts...)
default:
return UnexpectedErr(code, e, opts...)
}
@ -201,9 +203,13 @@ var (
// directly sent to the cli.
BadRequestPrefix = "The request could not be completed: "
// ForbiddenPrefix is the prefix added to the forbidden messates that are
// ForbiddenPrefix is the prefix added to the forbidden messages that are
// sent to the cli.
ForbiddenPrefix = "The request was forbidden by the certificate authority: "
// InternalServerPrefix is the prefix added to the internal server error
// messages that are sent to the cli.
InternalServerPrefix = "The certificate authority encountered an Internal Server Error: "
)
func formatMessage(status int, msg string) string {
@ -212,6 +218,8 @@ func formatMessage(status int, msg string) string {
return BadRequestPrefix + msg + "."
case http.StatusForbidden:
return ForbiddenPrefix + msg + "."
case http.StatusInternalServerError:
return InternalServerPrefix + msg + "."
default:
return msg
}
@ -315,16 +323,26 @@ func ApplyOptions(err error, opts ...interface{}) error {
return err
}
// Internal creates a generic 500 error message with the a formatted error in
// the logs.
func Internal(format string, args ...interface{}) error {
return InternalErr(fmt.Errorf(format, args...))
}
// Internal creates a generic 500 error message with the given error in the
// logs.
func InternalErr(err error) error {
return NewError(http.StatusInternalServerError, err, InternalServerErrorDefaultMsg)
}
// InternalServer creates a 500 error with the given format and arguments.
func InternalServer(format string, args ...interface{}) error {
args = append(args, withDefaultMessage(InternalServerErrorDefaultMsg))
return Errorf(http.StatusInternalServerError, format, args...)
return New(http.StatusInternalServerError, format, args...)
}
// InternalServerErr returns a 500 error with the given error.
func InternalServerErr(err error, opts ...Option) error {
opts = append(opts, withDefaultMessage(InternalServerErrorDefaultMsg))
return NewErr(http.StatusInternalServerError, err, opts...)
func InternalServerErr(err error, format string, args ...interface{}) error {
return NewError(http.StatusInternalServerError, err, format, args...)
}
// NotImplemented creates a 501 error with the given format and arguments.