CDH: return formatted brief error message to RPC caller

Xynnn007 · Xynnn007 · commit a6a6160052c1 · 2025-05-12T10:26:57.000+08:00
This commit defines a more formatted error printing when RPC fails to be
called by a remote caller. Also, it includes a simple error reason for
image pulling failures.

Signed-off-by: Xynnn007 &lt;xynnn@linux.alibaba.com&gt;
diff --git a/confidential-data-hub/hub/src/bin/grpc_server/mod.rs b/confidential-data-hub/hub/src/bin/grpc_server/mod.rs
@@ -53,7 +53,7 @@ impl SealedSecretService for Arc<Cdh> {
             .map_err(|e| {
                 let detailed_error = format_error!(e);
                 error!("[gRPC CDH] Call CDH to unseal secret failed:\n{detailed_error}");
-                Status::internal(format!("[ERROR] CDH unseal secret failed: {}", e))
+                Status::internal(format!("[CDH] [ERROR]: {e}"))
             })?;
 
         debug!("[gRPC CDH] Unseal secret successfully!");
@@ -80,7 +80,7 @@ impl GetResourceService for Arc<Cdh> {
             .map_err(|e| {
                 let detailed_error = format_error!(e);
                 error!("[gRPC CDH] Call CDH to get resource failed:\n{detailed_error}");
-                Status::internal(format!("[ERROR] CDH get resource failed: {}", e))
+                Status::internal(format!("[CDH] [ERROR]: {e}"))
             })?;
 
         debug!("[gRPC CDH] Get resource successfully!");
@@ -109,7 +109,7 @@ impl SecureMountService for Arc<Cdh> {
         let mount_path = self.inner.secure_mount(storage).await.map_err(|e| {
             let detailed_error = format_error!(e);
             error!("[gRPC CDH] Call CDH to secure mount failed:\n{detailed_error}");
-            Status::internal(format!("[ERROR] CDH secure mount failed: {}", e))
+            Status::internal(format!("[CDH] [ERROR]: {e}"))
         })?;
 
         debug!("[gRPC CDH] Secure mount successfully!");
@@ -136,7 +136,7 @@ impl ImagePullService for Arc<Cdh> {
             .map_err(|e| {
                 let detailed_error = format_error!(e);
                 error!("[gRPC CDH] Call CDH to pull image failed:\n{detailed_error}");
-                Status::internal(format!("[ERROR] CDH image pulling failed: {}", e))
+                Status::internal(format!("[CDH] [ERROR]: {e}"))
             })?;
 
         debug!("[gRPC CDH] Pull image successfully!");
@@ -185,7 +185,7 @@ impl KeyProviderService for Arc<Cdh> {
             .map_err(|e| {
                 let detailed_error = format_error!(e);
                 error!("[gRPC CDH] Call CDH to Unwrap Key failed:\n{detailed_error}");
-                Status::internal(format!("[ERROR] CDH Unwrap Key failed: {}", e))
+                Status::internal(format!("[CDH] [ERROR]: {e}"))
             })?;
 
         // Construct output structure and serialize it as the return value of gRPC
diff --git a/confidential-data-hub/hub/src/bin/ttrpc_server/mod.rs b/confidential-data-hub/hub/src/bin/ttrpc_server/mod.rs
@@ -55,7 +55,7 @@ impl SealedSecretService for Server {
             error!("[ttRPC CDH] UnsealSecret :\n{detailed_error}");
             let mut status = Status::new();
             status.set_code(Code::INTERNAL);
-            status.set_message("[CDH] [ERROR]: Unseal Secret failed".into());
+            status.set_message(format!("[CDH] [ERROR]: {e}"));
             Error::RpcStatus(status)
         })?;
 
@@ -79,7 +79,7 @@ impl GetResourceService for Server {
             error!("[ttRPC CDH] GetResource :\n{detailed_error}");
             let mut status = Status::new();
             status.set_code(Code::INTERNAL);
-            status.set_message("[CDH] [ERROR]: Get Resource failed".into());
+            status.set_message(format!("[CDH] [ERROR]: {e}"));
             Error::RpcStatus(status)
         })?;
 
@@ -121,7 +121,7 @@ impl KeyProviderService for Server {
             error!("[ttRPC CDH] UnWrapKey :\n{detailed_error}");
             let mut status = Status::new();
             status.set_code(Code::INTERNAL);
-            status.set_message("[CDH] [ERROR]: UnwrapKey failed".to_string());
+            status.set_message(format!("[CDH] [ERROR]: {e}"));
             Error::RpcStatus(status)
         })?;
 
@@ -167,7 +167,7 @@ impl SecureMountService for Server {
             error!("[ttRPC CDH] Secure Mount :\n{detailed_error}");
             let mut status = Status::new();
             status.set_code(Code::INTERNAL);
-            status.set_message("[CDH] [ERROR]: secure mount failed".to_string());
+            status.set_message(format!("[CDH] [ERROR]: {e}"));
             Error::RpcStatus(status)
         })?;
 
@@ -195,7 +195,7 @@ impl ImagePullService for Server {
                 error!("[ttRPC CDH] Pull Image :\n{detailed_error}");
                 let mut status = Status::new();
                 status.set_code(Code::INTERNAL);
-                status.set_message("[CDH] [ERROR]: pull image failed".to_string());
+                status.set_message(format!("[CDH] [ERROR]: {e}"));
                 Error::RpcStatus(status)
             })?;
 
diff --git a/confidential-data-hub/hub/src/error.rs b/confidential-data-hub/hub/src/error.rs
@@ -16,27 +16,52 @@ pub enum Error {
         source: kms::Error,
     },
 
-    #[error("get resource failed")]
+    #[error("Get Resource failed")]
     GetResource {
         #[source]
         source: kms::Error,
     },
 
-    #[error("decrypt image (unwrap key) failed")]
+    #[error("Decrypt Image (UnwrapKey) failed")]
     ImageDecryption(#[from] image::Error),
 
     #[error("init Hub failed: {0}")]
     InitializationFailed(String),
 
-    #[error("unseal secret failed")]
+    #[error("Unseal Secret failed")]
     UnsealSecret(#[from] secret::SecretError),
 
-    #[error("secure mount failed")]
+    #[error("Secure Mount failed")]
     SecureMount(#[from] storage::Error),
 
-    #[error("image pull failed")]
+    #[error("Image Pull failed: {source}")]
     ImagePull {
         #[source]
-        source: anyhow::Error,
+        source: image_rs::PullImageError,
     },
 }
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use anyhow::anyhow;
+    use rstest::rstest;
+
+    #[rstest]
+    #[case(Error::KbsClient { source: kms::Error::KbsClientError("details".into()) }, "kbs client initialization failed")]
+    #[case(Error::GetResource { source: kms::Error::KbsClientError("details".into()) }, "Get Resource failed")]
+    #[case(
+        Error::UnsealSecret(secret::SecretError::VersionError),
+        "Unseal Secret failed"
+    )]
+    #[case(
+        Error::SecureMount(storage::Error::StorageTypeNotRecognized(
+            strum::ParseError::VariantNotFound
+        )),
+        "Secure Mount failed"
+    )]
+    #[case(Error::ImagePull {source: image_rs::PullImageError::SignatureValidationFailed{source: anyhow!("details")}}, "Image Pull failed: Image policy rejected")]
+    fn test_brief_message(#[case] error: Error, #[case] expected: &str) {
+        let brief_message = error.to_string();
+        assert_eq!(brief_message, expected);
+    }
+}
