secrets: improve plugin error messages (#27330)

Author: mismithhisler

client/allocrunner/taskrunner/secrets/plugin_provider.go

@@ -14,8 +14,12 @@ type ExternalPluginProvider struct {
 	// plugin is the commonplugin to be executed by this secret
 	plugin commonplugins.SecretsPlugin
 
-	// name of the plugin and also the executable
-	name string
+	// pluginName refers to the provider parameter of the secret block
+	// and is here mainly for debugging purposes
+	pluginName string
+
+	// secretName is the secret block name executing the plugin
+	secretName string
 
 	// path is the secret location used in Fetch
 	path string
@@ -26,26 +30,27 @@ type Response struct {
 	Error  *string           `json:"error,omitempty"`
 }
 
-func NewExternalPluginProvider(plugin commonplugins.SecretsPlugin, name string, path string) *ExternalPluginProvider {
+func NewExternalPluginProvider(plugin commonplugins.SecretsPlugin, pluginName, secretName, path string) *ExternalPluginProvider {
 	return &ExternalPluginProvider{
-		plugin: plugin,
-		name:   name,
-		path:   path,
+		plugin:     plugin,
+		pluginName: pluginName,
+		secretName: secretName,
+		path:       path,
 	}
 }
 
 func (p *ExternalPluginProvider) Fetch(ctx context.Context) (map[string]string, error) {
 	resp, err := p.plugin.Fetch(ctx, p.path)
 	if err != nil {
-		return nil, fmt.Errorf("failed to fetch secret from plugin %s: %w", p.name, err)
+		return nil, fmt.Errorf("failed executing plugin %q for secret %q: %w", p.pluginName, p.secretName, err)
 	}
 	if resp.Error != nil {
-		return nil, fmt.Errorf("error returned from secret plugin %s: %s", p.name, *resp.Error)
+		return nil, fmt.Errorf("provider %q for secret %q response contained error: %q", p.pluginName, p.secretName, *resp.Error)
 	}
 
 	formatted := make(map[string]string, len(resp.Result))
 	for k, v := range resp.Result {
-		formatted[fmt.Sprintf("secret.%s.%s", p.name, k)] = v
+		formatted[fmt.Sprintf("secret.%s.%s", p.secretName, k)] = v
 	}
 
 	return formatted, nil

client/allocrunner/taskrunner/secrets/plugin_provider_test.go

@@ -42,7 +42,7 @@ func TestExternalPluginProvider_Fetch(t *testing.T) {
 		mockSecretPlugin := new(MockSecretPlugin)
 		mockSecretPlugin.On("Fetch", mock.Anything).Return(nil, errors.New("something bad"))
 
-		testProvider := NewExternalPluginProvider(mockSecretPlugin, "test", "test")
+		testProvider := NewExternalPluginProvider(mockSecretPlugin, "test-provider", "test", "test")
 
 		vars, err := testProvider.Fetch(t.Context())
 		must.ErrorContains(t, err, "something bad")
@@ -57,10 +57,10 @@ func TestExternalPluginProvider_Fetch(t *testing.T) {
 			Error:  &testError,
 		}, nil)
 
-		testProvider := NewExternalPluginProvider(mockSecretPlugin, "test", "test")
+		testProvider := NewExternalPluginProvider(mockSecretPlugin, "test-provider", "test", "test")
 
 		vars, err := testProvider.Fetch(t.Context())
-		must.ErrorContains(t, err, "error returned from secret plugin")
+		must.ErrorContains(t, err, "provider \"test-provider\" for secret \"test\" response contained error")
 		must.Nil(t, vars)
 	})
 
@@ -73,7 +73,7 @@ func TestExternalPluginProvider_Fetch(t *testing.T) {
 			Error: nil,
 		}, nil)
 
-		testProvider := NewExternalPluginProvider(mockSecretPlugin, "test", "test")
+		testProvider := NewExternalPluginProvider(mockSecretPlugin, "test-provider", "test", "test")
 
 		result, err := testProvider.Fetch(t.Context())
 		must.NoError(t, err)

client/allocrunner/taskrunner/secrets_hook.go

@@ -213,7 +213,7 @@ func (h *secretsHook) buildSecretProviders(secretDir string) ([]TemplateProvider
 				multierror.Append(mErr, err)
 				continue
 			}
-			pluginProvider = append(pluginProvider, secrets.NewExternalPluginProvider(plug, s.Name, s.Path))
+			pluginProvider = append(pluginProvider, secrets.NewExternalPluginProvider(plug, s.Provider, s.Name, s.Path))
 		}
 	}