Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return better errors for unavailable error codes #2336

Merged
merged 7 commits into from Aug 2, 2023
Merged

Return better errors for unavailable error codes #2336

merged 7 commits into from Aug 2, 2023

Conversation

pkwarren
Copy link
Member

@pkwarren pkwarren commented Aug 2, 2023

If we can determine that the error from login is due to a connect unavailable error, we should return more details to aid in troubleshooting. Update wrapError to return a better error message in case of a TLS certificate error (could be a MITM attack or an untrusted certificate).

@pkwarren
Return better errors for unavailable error codes
fb9f206 
If we can determine that the error from login is due to a connect
unavailable error, we should return more details to aid in
troubleshooting. Update wrapError to return a better error message in
case of a TLS certificate error (could be a MITM attack or an untrusted
certificate).
@pkwarren
Copy link
Member Author

pkwarren commented Aug 2, 2023

When testing locally, the behavior is:

Before:

$ printf '...' | buf registry login <remote> --token-stdin --username <username>
Failure: invalid token provided

After:

$ printf '...' | buf registry login <remote> --token-stdin --username <username>
tls: failed to verify certificate: x509: “api.<remote>” certificate is not trusted

unmultimedio
unmultimedio reviewed Aug 2, 2023
View reviewed changes
Copy link
Member

@unmultimedio unmultimedio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

private/buf/bufcli/errors.go Outdated Show resolved Hide resolved
private/buf/cmd/buf/command/registry/registrylogin/registrylogin.go
Comment on lines +191 to 196
if connectErr := new(connect.Error); errors.As(err, &connectErr) && connectErr.Code() == connect.CodeUnavailable {
return connectErr
}
// We don't want to use the default error from wrapError here if the error
// an unauthenticated error.
return errors.New("invalid token provided")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought you were going to invoke wrapError here.

bufdev
bufdev reviewed Aug 2, 2023
View reviewed changes
private/buf/bufcli/errors_tls_go119.go
"strings"
)

// wrappedTLSError returns an unwrapped TLS error or nil if the error is another type of error.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to see a bit more documentation here as to the motivation for this, so that in the future we understand why this is here in case we need to debug

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok - this is just a temporary thing until Go 1.21 is released and we can remove and just use errors.As which will be a lot more readable. I'll update to add more details though.

@pkwarren pkwarren requested a review from bufdev August 2, 2023 19:25
@pkwarren pkwarren merged commit 3bd5bea into main Aug 2, 2023
7 checks passed
@pkwarren pkwarren deleted the pkw/BSR-2351-tls-error branch August 2, 2023 21:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bufdev bufdev bufdev approved these changes

@unmultimedio unmultimedio Awaiting requested review from unmultimedio

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@pkwarren @bufdev @unmultimedio