Vault: detailed errors for remaining paths (#115)

Vault: detailed errors for remaining paths

Remaining error messages updated for:

path_creds.go
path_static_creds.go
path_rotate_root.go
path_static_role.go

Acceptance tests
vault-plugin-secrets-openstack % make functional
Running acceptance tests...
=== RUN   TestPlugin
=== RUN   TestPlugin/TestCloudLifecycle
=== RUN   TestPlugin/TestCloudLifecycle/WriteCloud
=== RUN   TestPlugin/TestCloudLifecycle/ReadCloud
=== RUN   TestPlugin/TestCloudLifecycle/ListClouds
=== RUN   TestPlugin/TestCloudLifecycle/ListClouds/method-LIST
=== PAUSE TestPlugin/TestCloudLifecycle/ListClouds/method-LIST
=== RUN   TestPlugin/TestCloudLifecycle/ListClouds/method-GET
=== PAUSE TestPlugin/TestCloudLifecycle/ListClouds/method-GET
=== CONT  TestPlugin/TestCloudLifecycle/ListClouds/method-LIST
=== CONT  TestPlugin/TestCloudLifecycle/ListClouds/method-GET
=== RUN   TestPlugin/TestCloudLifecycle/DeleteCloud
=== RUN   TestPlugin/TestCredsLifecycle
=== RUN   TestPlugin/TestCredsLifecycle/root_token
=== RUN   TestPlugin/TestCredsLifecycle/user_token
=== RUN   TestPlugin/TestCredsLifecycle/user_password
=== RUN   TestPlugin/TestInfo
info_test.go:42:
Error Trace:    info_test.go:42
Error:          Should NOT be empty, but was &{    }
Test:           TestPlugin/TestInfo
=== RUN   TestPlugin/TestRoleLifecycle
=== RUN   TestPlugin/TestRoleLifecycle/WriteRole
=== RUN   TestPlugin/TestRoleLifecycle/ReadRole
=== RUN   TestPlugin/TestRoleLifecycle/ListRoles
=== RUN   TestPlugin/TestRoleLifecycle/ListRoles/method-LIST
=== PAUSE TestPlugin/TestRoleLifecycle/ListRoles/method-LIST
=== RUN   TestPlugin/TestRoleLifecycle/ListRoles/method-GET
=== PAUSE TestPlugin/TestRoleLifecycle/ListRoles/method-GET
=== CONT  TestPlugin/TestRoleLifecycle/ListRoles/method-LIST
=== CONT  TestPlugin/TestRoleLifecycle/ListRoles/method-GET
=== RUN   TestPlugin/TestRoleLifecycle/DeleteRole
=== RUN   TestPlugin/TestRootRotate
rotate_test.go:65: Cloud with name default1 was created
rotate_test.go:68: Cloud with name rc1k was created
plugin_test.go:337: Cloud with name rc1k has been removed
plugin_test.go:337: Cloud with name default1 has been removed
=== RUN   TestPlugin/TestStaticCredsLifecycle
=== RUN   TestPlugin/TestStaticCredsLifecycle/user_password
=== RUN   TestPlugin/TestStaticCredsLifecycle/user_token_project_id
=== RUN   TestPlugin/TestStaticCredsLifecycle/user_token_project_name
=== RUN   TestPlugin/TestStaticRoleLifecycle
=== RUN   TestPlugin/TestStaticRoleLifecycle/WriteRole
=== RUN   TestPlugin/TestStaticRoleLifecycle/ReadRole
=== RUN   TestPlugin/TestStaticRoleLifecycle/ListRoles
=== RUN   TestPlugin/TestStaticRoleLifecycle/ListRoles/method-LIST
=== PAUSE TestPlugin/TestStaticRoleLifecycle/ListRoles/method-LIST
=== RUN   TestPlugin/TestStaticRoleLifecycle/ListRoles/method-GET
=== PAUSE TestPlugin/TestStaticRoleLifecycle/ListRoles/method-GET
=== CONT  TestPlugin/TestStaticRoleLifecycle/ListRoles/method-LIST
=== CONT  TestPlugin/TestStaticRoleLifecycle/ListRoles/method-GET
=== RUN   TestPlugin/TestStaticRoleLifecycle/DeleteRole
--- FAIL: TestPlugin (26.68s)
--- PASS: TestPlugin/TestCloudLifecycle (0.09s)
--- PASS: TestPlugin/TestCloudLifecycle/WriteCloud (0.09s)
--- PASS: TestPlugin/TestCloudLifecycle/ReadCloud (0.00s)
--- PASS: TestPlugin/TestCloudLifecycle/ListClouds (0.00s)
--- PASS: TestPlugin/TestCloudLifecycle/ListClouds/method-LIST (0.00s)
--- PASS: TestPlugin/TestCloudLifecycle/ListClouds/method-GET (0.00s)
--- PASS: TestPlugin/TestCloudLifecycle/DeleteCloud (0.00s)
--- PASS: TestPlugin/TestCredsLifecycle (5.86s)
--- PASS: TestPlugin/TestCredsLifecycle/root_token (1.61s)
--- PASS: TestPlugin/TestCredsLifecycle/user_token (2.19s)
--- PASS: TestPlugin/TestCredsLifecycle/user_password (1.06s)
--- FAIL: TestPlugin/TestInfo (0.01s)
--- PASS: TestPlugin/TestRoleLifecycle (0.63s)
--- PASS: TestPlugin/TestRoleLifecycle/WriteRole (0.61s)
--- PASS: TestPlugin/TestRoleLifecycle/ReadRole (0.00s)
--- PASS: TestPlugin/TestRoleLifecycle/ListRoles (0.00s)
--- PASS: TestPlugin/TestRoleLifecycle/ListRoles/method-LIST (0.01s)
--- PASS: TestPlugin/TestRoleLifecycle/ListRoles/method-GET (0.01s)
--- PASS: TestPlugin/TestRoleLifecycle/DeleteRole (0.00s)
--- PASS: TestPlugin/TestRootRotate (4.76s)
--- PASS: TestPlugin/TestStaticCredsLifecycle (12.35s)
--- PASS: TestPlugin/TestStaticCredsLifecycle/user_password (3.39s)
--- PASS: TestPlugin/TestStaticCredsLifecycle/user_token_project_id (3.90s)
--- PASS: TestPlugin/TestStaticCredsLifecycle/user_token_project_name (3.97s)
--- PASS: TestPlugin/TestStaticRoleLifecycle (2.81s)
--- PASS: TestPlugin/TestStaticRoleLifecycle/WriteRole (1.09s)
--- PASS: TestPlugin/TestStaticRoleLifecycle/ReadRole (0.01s)
--- PASS: TestPlugin/TestStaticRoleLifecycle/ListRoles (0.00s)
--- PASS: TestPlugin/TestStaticRoleLifecycle/ListRoles/method-GET (0.00s)
--- PASS: TestPlugin/TestStaticRoleLifecycle/ListRoles/method-LIST (0.00s)
--- PASS: TestPlugin/TestStaticRoleLifecycle/DeleteRole (0.00s)
FAIL
FAIL    github.com/opentelekomcloud/vault-plugin-secrets-openstack/acceptance   27.274s
FAIL
make: *** [functional] Error 1

Reviewed-by: Aloento
Reviewed-by: Anton Sidelnikov

Author: artem-lifshits

openstack/path_creds.go

@@ -277,7 +277,7 @@ func (b *backend) tokenRevoke(ctx context.Context, r *logical.Request, d *framew
 	sharedCloud := b.getSharedCloud(cloudName)
 	client, err := sharedCloud.getClient(ctx, r.Storage)
 	if err != nil {
-		return nil, err
+		return nil, logical.CodedError(http.StatusConflict, common.LogHttpError(err).Error())
 	}
 
 	err = tokens.Revoke(client, token).Err
@@ -306,7 +306,7 @@ func (b *backend) userDelete(ctx context.Context, r *logical.Request, _ *framewo
 	sharedCloud := b.getSharedCloud(cloudName)
 	client, err := sharedCloud.getClient(ctx, r.Storage)
 	if err != nil {
-		return nil, err
+		return nil, logical.CodedError(http.StatusConflict, common.LogHttpError(err).Error())
 	}
 
 	err = users.Delete(client, userID).ExtractErr()

openstack/path_rotate_root.go

@@ -3,6 +3,10 @@ package openstack
 import (
 	"context"
 	"fmt"
+	"github.com/opentelekomcloud/vault-plugin-secrets-openstack/openstack/common"
+	"github.com/opentelekomcloud/vault-plugin-secrets-openstack/vars"
+
+	"net/http"
 
 	"github.com/gophercloud/gophercloud/openstack/identity/v3/tokens"
 	"github.com/gophercloud/gophercloud/openstack/identity/v3/users"
@@ -52,16 +56,16 @@ func (b *backend) rotateRootCredentials(ctx context.Context, req *logical.Reques
 	sharedCloud := b.getSharedCloud(cloudName)
 	client, err := sharedCloud.getClient(ctx, req.Storage)
 	if err != nil {
-		return nil, err
+		return nil, logical.CodedError(http.StatusConflict, common.LogHttpError(err).Error())
 	}
 	user, err := tokens.Get(client, client.Token()).ExtractUser()
 	if err != nil {
-		return nil, err
+		return nil, logical.CodedError(http.StatusConflict, common.LogHttpError(err).Error())
 	}
 
 	cloudConfig, err := sharedCloud.getCloudConfig(ctx, req.Storage)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf(vars.ErrCloudConf)
 	}
 
 	newPassword, err := sharedCloud.passwords.Generate(ctx)
@@ -78,7 +82,8 @@ func (b *backend) rotateRootCredentials(ctx context.Context, req *logical.Reques
 		OriginalPassword: cloudConfig.Password,
 	}).ExtractErr()
 	if err != nil {
-		return nil, err
+		errorMessage := fmt.Sprintf("error changing root password: %s", common.LogHttpError(err).Error())
+		return nil, logical.CodedError(http.StatusConflict, errorMessage)
 	}
 	cloudConfig.Password = newPassword
 

openstack/path_static_creds.go

@@ -7,6 +7,9 @@ import (
 	"github.com/gophercloud/gophercloud/openstack/identity/v3/users"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/logical"
+	"github.com/opentelekomcloud/vault-plugin-secrets-openstack/openstack/common"
+	"github.com/opentelekomcloud/vault-plugin-secrets-openstack/vars"
+	"net/http"
 )
 
 const (
@@ -79,17 +82,18 @@ func (b *backend) pathStaticCredsRead(ctx context.Context, r *logical.Request, d
 	sharedCloud := b.getSharedCloud(role.Cloud)
 	cloudConfig, err := sharedCloud.getCloudConfig(ctx, r.Storage)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf(vars.ErrCloudConf)
 	}
 
 	client, err := sharedCloud.getClient(ctx, r.Storage)
 	if err != nil {
-		return nil, err
+		return nil, logical.CodedError(http.StatusConflict, common.LogHttpError(err).Error())
 	}
 
 	user, err := users.Get(client, role.UserID).Extract()
 	if err != nil {
-		return nil, err
+		errorMessage := fmt.Sprintf("error querying static user: %s", common.LogHttpError(err).Error())
+		return nil, logical.CodedError(http.StatusConflict, errorMessage)
 	}
 
 	var data map[string]interface{}
@@ -162,7 +166,7 @@ func (b *backend) rotateStaticCreds(ctx context.Context, r *logical.Request, d *
 
 	client, err := sharedCloud.getClient(ctx, r.Storage)
 	if err != nil {
-		return nil, err
+		return nil, logical.CodedError(http.StatusConflict, common.LogHttpError(err).Error())
 	}
 
 	newPassword, err := Passwords{}.Generate(ctx)
@@ -172,7 +176,8 @@ func (b *backend) rotateStaticCreds(ctx context.Context, r *logical.Request, d *
 
 	_, err = users.Update(client, role.UserID, users.UpdateOpts{Password: newPassword}).Extract()
 	if err != nil {
-		return nil, fmt.Errorf("error rotating user password for user `%s`: %s", role.Username, err)
+		errorMessage := fmt.Sprintf("error rotating user password for user `%s`: %s", role.Username, common.LogHttpError(err))
+		return nil, logical.CodedError(http.StatusConflict, errorMessage)
 	}
 
 	role.Secret = newPassword
@@ -256,7 +261,7 @@ func (b *backend) rotateUserPassword(ctx context.Context, req *logical.Request,
 	var userId string
 	client, err := cloud.getClient(ctx, req.Storage)
 	if err != nil {
-		return userId, err
+		return userId, common.LogHttpError(err)
 	}
 	opts := users.ListOpts{Name: user}
 	allPages, err := users.List(client, opts).AllPages()
@@ -279,7 +284,7 @@ func (b *backend) rotateUserPassword(ctx context.Context, req *logical.Request,
 
 	_, err = users.Update(client, userId, users.UpdateOpts{Password: password}).Extract()
 	if err != nil {
-		return userId, fmt.Errorf("error rotating user password for user `%s`: %s", user, err)
+		return userId, fmt.Errorf("error rotating user password for user `%s`: %s", user, common.LogHttpError(err))
 	}
 	return userId, nil
 }

openstack/path_static_role.go

@@ -3,6 +3,7 @@ package openstack
 import (
 	"context"
 	"fmt"
+	"github.com/opentelekomcloud/vault-plugin-secrets-openstack/vars"
 	"time"
 
 	"github.com/hashicorp/vault/sdk/framework"
@@ -232,7 +233,7 @@ func (b *backend) pathStaticRoleUpdate(ctx context.Context, req *logical.Request
 	cloud := b.getSharedCloud(cloudName)
 	cloudConfig, err := cloud.getCloudConfig(ctx, req.Storage)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf(vars.ErrCloudConf)
 	}
 	if cloudConfig == nil {
 		return logical.ErrorResponse("cloud `%s` doesn't exist", cloudName), nil