Skip to content

Commit a3b7785

Browse files
buccarelbuccarel
authored
fix(secretmanager): fix error handling in ReadCredentials (#399)
Signed-off-by: Mattia Buccarella <[email protected]>
1 parent 38505dc commit a3b7785

File tree

2 files changed

+71
-1
lines changed

2 files changed

+71
-1
lines changed

internal/credentials/aws/secretmanager.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,9 +116,11 @@ func (m *Manager) ReadCredentials(ctx context.Context, secretID string, creds an
116116
case (&types.ResourceNotFoundException{}).ErrorCode():
117117
return fmt.Errorf("%w: path=%s", credentials.ErrNotFound, secretID)
118118
default:
119-
return err
119+
return fmt.Errorf("getting AWS Secret Value: %w", err)
120120
}
121121
}
122+
123+
return fmt.Errorf("getting AWS Secret Value: %w", err)
122124
}
123125

124126
return json.Unmarshal([]byte(*resp.SecretString), creds)

internal/credentials/aws/secretmanager_test.go

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,12 +18,14 @@ package aws
1818
import (
1919
"context"
2020
"encoding/json"
21+
"errors"
2122
"reflect"
2223
"testing"
2324

2425
"github.com/aws/aws-sdk-go-v2/aws"
2526
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
2627
"github.com/aws/aws-sdk-go-v2/service/sso/types"
28+
"github.com/aws/smithy-go"
2729
"github.com/chainloop-dev/chainloop/internal/credentials"
2830
mclient "github.com/chainloop-dev/chainloop/internal/credentials/aws/mocks"
2931
"github.com/stretchr/testify/assert"
@@ -67,6 +69,72 @@ const defaultRegion = "default-region"
6769
const defaultAccessKey = "access-key-not-a-real-key"
6870
const defaultSecretKey = "secret-key-not-a-real-key"
6971

72+
func (s *testSuite) TestReadCredentialsErrorHandling() {
73+
fakeSecretID := "fakeSecretID"
74+
genericErr := errors.New("generic error")
75+
genericAPIErr := &smithy.GenericAPIError{Code: "AnotherAPIError", Message: "Some message"}
76+
77+
testCases := []struct {
78+
name string
79+
wantedError error
80+
expectedError error
81+
}{
82+
{
83+
"GetSecretValue returns no error",
84+
nil,
85+
nil,
86+
}, {
87+
"GetSecretValue returns a smithy.APIError error of type 'resource not found'",
88+
&smithy.GenericAPIError{Code: "ResourceNotFoundException", Message: "Some message"},
89+
credentials.ErrNotFound,
90+
}, {
91+
"GetSecretValue returns a smithy.APIError error of type 'other type'",
92+
genericAPIErr,
93+
genericAPIErr,
94+
}, {
95+
"GetSecretValue returns an error that is not smithy.APIError",
96+
genericErr,
97+
genericErr,
98+
},
99+
}
100+
101+
for _, tc := range testCases {
102+
s.Run(tc.name, func() {
103+
// re-set the manager mocked expectations
104+
initMockedManager(s)
105+
m := s.mockedManager
106+
mc, _ := m.client.(*mclient.SecretsManagerIface)
107+
ctx := context.Background()
108+
109+
// mock response for method GetSecretValue(..)
110+
var getSecretValueResp secretsmanager.GetSecretValueOutput
111+
if tc.wantedError == nil {
112+
validAPICreds := &credentials.APICreds{Host: "h", Key: "k"}
113+
mockedResp, _ := json.Marshal(validAPICreds)
114+
getSecretValueResp = secretsmanager.GetSecretValueOutput{
115+
SecretString: aws.String(string(mockedResp)),
116+
}
117+
}
118+
119+
// mock call to GetSecretValue to return the wanted error
120+
mc.On("GetSecretValue", ctx, &secretsmanager.GetSecretValueInput{
121+
SecretId: aws.String(fakeSecretID),
122+
}).Return(&getSecretValueResp, tc.wantedError)
123+
124+
// call
125+
creds := &credentials.APICreds{}
126+
err := m.ReadCredentials(ctx, fakeSecretID, creds)
127+
128+
// test
129+
if tc.expectedError == nil {
130+
require.NoError(s.T(), err)
131+
} else {
132+
require.ErrorIs(s.T(), err, tc.expectedError)
133+
}
134+
})
135+
}
136+
}
137+
70138
func (s *testSuite) TestReadWriteCredentials() {
71139
assert := assert.New(s.T())
72140
validOCICreds := &credentials.OCIKeypair{Repo: "test-repo", Username: "username", Password: "password"}

0 commit comments

Comments
 (0)