fix: handle attempt to remove vault root

aryanjassal · aryanjassal · commit fe27433087e3 · 2024-11-11T13:23:22.000+11:00
diff --git a/src/client/handlers/VaultsSecretsRemove.ts b/src/client/handlers/VaultsSecretsRemove.ts
@@ -73,11 +73,21 @@ class VaultsSecretsRemove extends DuplexHandler<
                         success: true,
                       };
                     } catch (e) {
-                      yield {
-                        type: 'error',
-                        code: e.code,
-                        reason: secretName,
-                      };
+                      if (
+                        e.code === 'ENOENT' ||
+                        e.code === 'ENOTEMPTY' ||
+                        e.code === 'EINVAL'
+                      ) {
+                        // INVAL can be triggered if removing the root of the
+                        // vault is attempted.
+                        yield {
+                          type: 'error',
+                          code: e.code,
+                          reason: secretName,
+                        };
+                      } else {
+                        throw e;
+                      }
                     }
                   }
                 },
diff --git a/tests/client/handlers/vaults.test.ts b/tests/client/handlers/vaults.test.ts
@@ -2382,6 +2382,32 @@ describe('vaultsSecretsRemove', () => {
       vaultsErrors.ErrorVaultsVaultUndefined,
     );
   });
+  test('fails deleting vault root', async () => {
+    // Create secrets
+    const secretName = 'test-secret1';
+    const vaultId = await vaultManager.createVault('test-vault');
+    const vaultIdEncoded = vaultsUtils.encodeVaultId(vaultId);
+    await vaultManager.withVaults([vaultId], async (vault) => {
+      await vault.writeF(async (efs) => {
+        await efs.writeFile(secretName, secretName);
+      });
+    });
+    // Delete secrets
+    const response = await rpcClient.methods.vaultsSecretsRemove();
+    const writer = response.writable.getWriter();
+    await writer.write({ nameOrId: vaultIdEncoded, secretName: '/' });
+    await writer.close();
+    for await (const data of response.readable) {
+      expect(data.type).toStrictEqual('error');
+      console.log(data)
+    }
+    // Check
+    await vaultManager.withVaults([vaultId], async (vault) => {
+      await vault.readF(async (efs) => {
+        expect(await efs.exists(secretName)).toBeTruthy();
+      });
+    });
+  });
   test('deletes multiple secrets', async () => {
     // Create secrets
     const secretName1 = 'test-secret1';
