Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return better errors for unavailable error codes #2336

Merged
merged 7 commits into from
Aug 2, 2023
Merged

Return better errors for unavailable error codes #2336

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
fb9f206
Return better errors for unavailable error codes
pkwarren Aug 2, 2023
f94a893
fix review comments
pkwarren Aug 2, 2023
37f512a
fix to work with go 1.19
pkwarren Aug 2, 2023
31e9500
rename
pkwarren Aug 2, 2023
f182b8c
update
pkwarren Aug 2, 2023
261d8db
Merge branch 'main' into pkw/BSR-2351-tls-error
pkwarren Aug 2, 2023
8d5229c
improve comments
pkwarren Aug 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 3 additions & 1 deletion private/buf/bufcli/errors.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,9 @@ func wrapError(err error) error {
if dnsError := (&net.DNSError{}); errors.As(err, &dnsError) && dnsError.IsNotFound {
return fmt.Errorf(`%s Are you sure "%s" is a valid remote address?`, msg, dnsError.Name)
}

if tlsErr := wrappedTLSError(err); tlsErr != nil {
return fmt.Errorf("tls certificate verification: %w", tlsErr)
}
return errors.New(msg)
}
return fmt.Errorf("Failure: %s", connectErr.Message())
Expand Down
34 changes: 34 additions & 0 deletions private/buf/bufcli/errors_tls_go119.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
// Copyright 2020-2023 Buf Technologies, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//go:build !go1.20

package bufcli

import (
"errors"
"strings"
)

// wrappedTLSError returns an unwrapped TLS error or nil if the error is another type of error.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to see a bit more documentation here as to the motivation for this, so that in the future we understand why this is here in case we need to debug

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok - this is just a temporary thing until Go 1.21 is released and we can remove and just use errors.As which will be a lot more readable. I'll update to add more details though.

func wrappedTLSError(err error) error {
wrapped := errors.Unwrap(err)
if wrapped == nil {
return nil
}
if strings.HasPrefix(wrapped.Error(), "x509:") && strings.HasSuffix(wrapped.Error(), "certificate is not trusted") {
return wrapped
}
return nil
}
30 changes: 30 additions & 0 deletions private/buf/bufcli/errors_tls_go120.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
// Copyright 2020-2023 Buf Technologies, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//go:build go1.20

package bufcli

import (
"crypto/tls"
"errors"
)

// wrappedTLSError returns an unwrapped TLS error or nil if the error is another type of error.
func wrappedTLSError(err error) error {
if tlsErr := (&tls.CertificateVerificationError{}); errors.As(err, &tlsErr) {
return tlsErr
}
return nil
}
3 changes: 3 additions & 0 deletions private/buf/cmd/buf/command/registry/registrylogin/registrylogin.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,9 @@ func inner(
authnService := connectclient.Make(clientConfig, remote, registryv1alpha1connect.NewAuthnServiceClient)
resp, err := authnService.GetCurrentUser(ctx, connect.NewRequest(&registryv1alpha1.GetCurrentUserRequest{}))
if err != nil {
if connectErr := new(connect.Error); errors.As(err, &connectErr) && connectErr.Code() == connect.CodeUnavailable {
return connectErr
}
// We don't want to use the default error from wrapError here if the error
// an unauthenticated error.
return errors.New("invalid token provided")
Comment on lines +191 to 196
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought you were going to invoke wrapError here.

Expand Down