Skip to content
This repository has been archived by the owner on Feb 16, 2023. It is now read-only.

Improve Credential Errors #223

Merged
merged 16 commits into from
Dec 15, 2020
Merged

Improve Credential Errors #223

merged 16 commits into from
Dec 15, 2020

Conversation

Marton6
Copy link
Member

@Marton6 Marton6 commented Nov 11, 2020

This PR:

  • improves the error returned when the credential is password-protected, but no passphrase reader is provided.
  • wraps all errors that occur when loading a credential with a message that includes the credential's source
  • adds the SECRETHUB_CREDENTIAL_PASSPHRASE environment variable, which is checked if no passphrase reader is provided, but the credential is password-protected

@Marton6
Add CredentialSource interface and include credential source in errors
65cbf97 
This interface is meant to be implemented by credential readers and
add more information to credential-related errors. If implemented by
a credential reader, every credential parsing, decoding and decrypting
error will also include the source of the credential (path to credential
file or environment variable name).
@Marton6
Use credential.FromEnv for reading environment variable
27c7b3d
@Marton6
Prevent credentials.FromEnv from delaying env var read
2bcd529
@Marton6
Add more detailed no passphrase error
bbe89cb
@Marton6
Check SECRETHUB_CREDENTIAL_PASSPHRASE envvar if no passphrase reader …
4de867f 
…is given
@Marton6
Run goimports
6c73171
@Marton6
Make SECRETHUB_CREDENTIAL_PASSPHRASE have priority over passphrase re…
12e9d3d 
…ader
This was referenced Nov 11, 2020
Closed
Closed
Marton6
Marton6 commented Nov 11, 2020
View reviewed changes
pkg/secrethub/credentials/readers.go Outdated Show resolved Hide resolved
pkg/secrethub/credentials/providers.go Outdated Show resolved Hide resolved
SimonBarendse
SimonBarendse previously approved these changes Nov 16, 2020
View reviewed changes
Copy link
Member

@SimonBarendse SimonBarendse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! Big improvement 😄

pkg/secrethub/credentials/key.go Outdated Show resolved Hide resolved
pkg/secrethub/credentials/providers.go Outdated Show resolved Hide resolved
pkg/secrethub/credentials/providers.go Outdated Show resolved Hide resolved
pkg/secrethub/credentials/encoding.go Outdated Show resolved Hide resolved
Marton6 and others added 4 commits December 2, 2020 16:04
@Marton6 @SimonBarendse
Update pkg/secrethub/credentials/key.go
a86d7da 
Co-authored-by: Simon Barendse <SimonBarendse@users.noreply.github.com>
@Marton6 @SimonBarendse
Refactor err check
57d464b 
Co-authored-by: Simon Barendse <SimonBarendse@users.noreply.github.com>
@Marton6
Remove unused import
53bddab
@Marton6 @SimonBarendse
Improve 'Need Passphrase' error
48e536f 
Co-authored-by: Simon Barendse <SimonBarendse@users.noreply.github.com>
@Marton6
Copy link
Member Author

Marton6 commented Dec 2, 2020
edited
Loading

Apparently the errors are still not wrapped correctly. For example in case of an invalid credential supplied through the SECRETHUB_CREDENTIAL environment variable. I'll investigate the issue.

@SimonBarendse SimonBarendse dismissed their stale review December 2, 2020 15:08

Dismissing per request of @Marton6

@Marton6 Marton6 mentioned this pull request Dec 4, 2020
Merged
@Marton6
Copy link
Member Author

Marton6 commented Dec 4, 2020

It seems that the issue with errors not being wrapped correctly was related to the CLI code. I implemented the necessary changes in: secrethub/secrethub-cli#358

SimonBarendse
SimonBarendse approved these changes Dec 11, 2020
View reviewed changes
pkg/secrethub/credentials/key.go Outdated Show resolved Hide resolved
pkg/secrethub/credentials/readers.go Outdated Show resolved Hide resolved
jpcoenen and others added 4 commits December 15, 2020 13:55
@jpcoenen
Add option set set a default passphrase that is used for the default …
fd75ad8 
…key credential

This allows setting a passphrase without having to provide a credential itself, which can be used to make configuring the Terraform provider easier.
@jpcoenen
Merge pull request #225 from secrethub/feature/default-passphrase-reader
e69aa69 
Add option set set a default passphrase reader
@Marton6
Delay reading of credential from environment variable
d81fe5a
@Marton6
Wrap errors regarding credential passphrase and specify passphrase so…
e5f45b9 
…urce
@SimonBarendse @Marton6
fix need passphrase error message
38d7f3b 
Co-authored-by: Marton Soos <marton.soos@secrethub.io>
@Marton6 Marton6 merged commit 2ff078d into develop Dec 15, 2020
@Marton6 Marton6 deleted the feature/improve-credential-errors branch December 15, 2020 16:20
@SimonBarendse SimonBarendse mentioned this pull request Feb 4, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@SimonBarendse SimonBarendse SimonBarendse approved these changes

@jpcoenen jpcoenen Awaiting requested review from jpcoenen

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Marton6 @jpcoenen @SimonBarendse