Skip to content

Commit ce2efed

Browse files
javirlnjavirln
authored
fix(cas-backends): Customize validation error when credentials are not accessible (#2427)
Signed-off-by: Javier Rodriguez <[email protected]>
1 parent 0140a73 commit ce2efed

File tree

1 file changed

+5
-6
lines changed

1 file changed

+5
-6
lines changed

app/controlplane/pkg/biz/casbackend.go

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,8 @@ const (
4141
// Inline, embedded CAS backend
4242
CASBackendInline CASBackendProvider = "INLINE"
4343
CASBackendInlineDefaultMaxBytes int64 = 500 * 1024 // 500KB
44+
errMsgCredentialsAccess = "Failed to access CAS backend credentials in external Secrets Manager"
45+
errMsgCredentialsFormat = "Invalid CAS backend credentials format from external Secrets Manager"
4446
)
4547

4648
var CASBackendInlineDescription = "Embed artifacts content in the attestation (fallback)"
@@ -565,7 +567,7 @@ func (CASBackendValidationStatus) Values() (kinds []string) {
565567
}
566568

567569
// Validate that the repository is valid and reachable
568-
func (uc *CASBackendUseCase) PerformValidation(ctx context.Context, id string) (err error) {
570+
func (uc *CASBackendUseCase) PerformValidation(ctx context.Context, id string) error {
569571
validationStatus := CASBackendValidationFailed
570572
var validationError *string
571573

@@ -592,11 +594,6 @@ func (uc *CASBackendUseCase) PerformValidation(ctx context.Context, id string) (
592594
}
593595

594596
defer func() {
595-
// If the actual validation logic failed we do not update the underlying repository
596-
if err != nil {
597-
return
598-
}
599-
600597
// Update the validation status and error
601598
uc.logger.Infow("msg", "updating validation status", "ID", id, "status", validationStatus, "error", validationError)
602599
if err := uc.repo.UpdateValidationStatus(ctx, backendUUID, validationStatus, validationError); err != nil {
@@ -643,12 +640,14 @@ func (uc *CASBackendUseCase) PerformValidation(ctx context.Context, id string) (
643640
var creds any
644641
if err := uc.credsRW.ReadCredentials(ctx, backend.SecretName, &creds); err != nil {
645642
uc.logger.Infow("msg", "credentials not found or invalid", "ID", id, "error", err)
643+
validationError = ToPtr(errMsgCredentialsAccess)
646644
return nil
647645
}
648646

649647
credsJSON, err := json.Marshal(creds)
650648
if err != nil {
651649
uc.logger.Infow("msg", "credentials invalid", "ID", id, "error", err)
650+
validationError = ToPtr(errMsgCredentialsFormat)
652651
return nil
653652
}
654653

0 commit comments

Comments
 (0)