Refactor error messages to include aws error details (#53)

* refactor error messages to include aws error details

* update deps

Author: louisruch

.gitignore

@@ -4,3 +4,7 @@ plan.tfplan
 *.log
 *.out
 *.html
+
+# IntelliJ IDEA project files
+.idea
+*.iprg

go.mod

@@ -18,7 +18,7 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/stretchr/testify v1.8.4
 	google.golang.org/grpc v1.61.0
-	google.golang.org/protobuf v1.33.0
+	google.golang.org/protobuf v1.35.1
 )
 
 require (
@@ -55,10 +55,10 @@ require (
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/zclconf/go-cty v1.10.0 // indirect
-	golang.org/x/crypto v0.18.0 // indirect
-	golang.org/x/net v0.20.0 // indirect
-	golang.org/x/sys v0.16.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
 	google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe // indirect

go.sum

@@ -210,8 +210,8 @@ go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
-golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
@@ -224,8 +224,8 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
-golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -239,14 +239,14 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -269,8 +269,8 @@ google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0=
 google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=

internal/credential/state.go

@@ -114,7 +114,7 @@ func (s *AwsCredentialPersistedState) ValidateCreds(ctx context.Context) error {
 		return errors.BadRequestStatus("missing credentials config")
 	}
 	if _, err := s.CredentialsConfig.GetCallerIdentity(ctx, s.testOpts...); err != nil {
-		st, _ := errors.ParseAWSError(err, "validating credentials")
+		st, _ := errors.ParseAWSError("validating credentials", err)
 		return st.Err()
 	}
 	return nil
@@ -135,7 +135,7 @@ func (s *AwsCredentialPersistedState) RotateCreds(ctx context.Context) error {
 	if err := s.CredentialsConfig.RotateKeys(ctx, append([]awsutil.Option{
 		awsutil.WithValidityCheckTimeout(rotationWaitTimeout),
 	}, s.testOpts...)...); err != nil {
-		st, _ := errors.ParseAWSError(err, "error rotating credentials")
+		st, _ := errors.ParseAWSError("rotating credentials", err)
 		return st.Err()
 	}
 	s.CredsLastRotatedTime = time.Now()
@@ -192,7 +192,7 @@ func (s *AwsCredentialPersistedState) DeleteCreds(ctx context.Context) error {
 		}
 
 		// Otherwise treat it as an actual error.
-		st, _ := errors.ParseAWSError(err, "failed to delete access key")
+		st, _ := errors.ParseAWSError("deleting credentials", err)
 		return st.Err()
 	}
 
@@ -252,17 +252,17 @@ func AwsCredentialPersistedStateFromProto(secrets *structpb.Struct, attrs *Crede
 
 	accessKeyId, err := values.GetStringValue(secrets, ConstAccessKeyId, false)
 	if err != nil {
-		return nil, fmt.Errorf("persisted state integrity error: %w", err)
+		return nil, fmt.Errorf("persisted state integrity: %w", err)
 	}
 
 	secretAccessKey, err := values.GetStringValue(secrets, ConstSecretAccessKey, false)
 	if err != nil {
-		return nil, fmt.Errorf("persisted state integrity error: %w", err)
+		return nil, fmt.Errorf("persisted state integrity: %w", err)
 	}
 
 	credsLastRotatedTime, err := values.GetTimeValue(secrets, ConstCredsLastRotatedTime)
 	if err != nil {
-		return nil, fmt.Errorf("persisted state integrity error: %w", err)
+		return nil, fmt.Errorf("persisted state integrity: %w", err)
 	}
 
 	s, err := NewAwsCredentialPersistedState(opts...)

internal/credential/state_test.go

@@ -186,7 +186,7 @@ func TestAwsCredentialPersistedStateFromProto(t *testing.T) {
 			attrs: &CredentialAttributes{
 				Region: "us-west-2",
 			},
-			expectedErr: "persisted state integrity error: could not parse time in value \"creds_last_rotated_time\": parsing time \"notatime\" as \"2006-01-02T15:04:05.999999999Z07:00\": cannot parse \"notatime\" as \"2006\"",
+			expectedErr: "persisted state integrity: could not parse time in value \"creds_last_rotated_time\": parsing time \"notatime\" as \"2006-01-02T15:04:05.999999999Z07:00\": cannot parse \"notatime\" as \"2006\"",
 		},
 		{
 			name: "option error",
@@ -458,7 +458,7 @@ func TestAwsCatalogPersistedState_RotateCreds(t *testing.T) {
 					),
 				},
 			},
-			expectedErr:        "aws service unknown: unknown error: error rotating credentials",
+			expectedErr:        "aws service unknown: unknown error: rotating credentials",
 			expectedStatusCode: codes.Unknown,
 		},
 		{
@@ -568,7 +568,7 @@ func TestAwsCatalogPersistedState_ReplaceCreds(t *testing.T) {
 				},
 			},
 			credentialConfig:   &awsutil.CredentialsConfig{},
-			expectedErr:        "aws service unknown: unknown error: failed to delete access key",
+			expectedErr:        "aws service unknown: unknown error: deleting credentials",
 			expectedStatusCode: codes.Unknown,
 		},
 		{
@@ -693,7 +693,7 @@ func TestAwsCatalogPersistedState_DeleteCreds(t *testing.T) {
 					),
 				},
 			},
-			expectedErr:        "aws service unknown: unknown error: failed to delete access key",
+			expectedErr:        "aws service unknown: unknown error: deleting credentials",
 			expectedStatusCode: codes.Unknown,
 		},
 		{

internal/errors/error.go

@@ -81,11 +81,12 @@ func InvalidArgumentError(msg string, f map[string]string) error {
 // and credentials. This method will fallback to parsing the http status code
 // when it cannot match an aws error code. This method does not handle specific
 // service type errors such as S3 or EC2.
-func ParseAWSError(err error, msg string) (st *status.Status, permission *pb.Permission) {
+func ParseAWSError(op string, err error) (st *status.Status, permission *pb.Permission) {
 	if err == nil {
 		return nil, nil
 	}
 
+	msg := fmt.Sprintf("%s: %v", op, err)
 	// find the service name of the aws api
 	serviceName := "unknown"
 	var oe *smithy.OperationError
@@ -113,7 +114,7 @@ func ParseAWSError(err error, msg string) (st *status.Status, permission *pb.Per
 		Codes: retry.DefaultThrottleErrorCodes,
 	}
 	if throttleErr.IsErrorThrottle(err).Bool() {
-		statusMsg := fmt.Sprintf("aws service %s: throttling error: %s", serviceName, msg)
+		statusMsg := fmt.Sprintf("aws service %s: throttling: %s", serviceName, msg)
 		return status.New(codes.Unavailable, statusMsg), nil
 	}
 
@@ -126,31 +127,31 @@ func ParseAWSError(err error, msg string) (st *status.Status, permission *pb.Per
 		case awsErrorInvalidAccessKeyId:
 			fallthrough
 		case awsErrorExpiredToken:
-			statusMsg := fmt.Sprintf("aws service %s: invalid credentials error: %s", serviceName, msg)
+			statusMsg := fmt.Sprintf("aws service %s: invalid credentials: %s", serviceName, msg)
 			return status.New(codes.PermissionDenied, statusMsg), &pb.Permission{
 				State:        pb.StateType_STATE_TYPE_ERROR,
 				ErrorDetails: apiErr.ErrorMessage(),
 				CheckedAt:    timestamppb.Now(),
 			}
 		case awsErrorNoSuchBucket:
-			statusMsg := fmt.Sprintf("aws %s error: %s", serviceName, msg)
+			statusMsg := fmt.Sprintf("aws service %s: %s", serviceName, msg)
 			return status.New(codes.NotFound, statusMsg), &pb.Permission{
 				State:        pb.StateType_STATE_TYPE_ERROR,
 				ErrorDetails: apiErr.ErrorMessage(),
 				CheckedAt:    timestamppb.Now(),
 			}
 		case awsErrorBadDigest:
-			statusMsg := fmt.Sprintf("aws %s error: %s", serviceName, msg)
+			statusMsg := fmt.Sprintf("aws service %s: %s", serviceName, msg)
 			return status.New(codes.Aborted, statusMsg), nil
 		case awsErrorNoSuchKey:
 			fallthrough
 		case awsErrorInvalidObjectState:
-			statusMsg := fmt.Sprintf("aws %s error: %s", serviceName, msg)
+			statusMsg := fmt.Sprintf("aws service %s: %s", serviceName, msg)
 			return status.New(codes.NotFound, statusMsg), nil
 		case awsErrorRequestTimeout:
 			fallthrough
 		case awsErrorRequestTimeoutException:
-			statusMsg := fmt.Sprintf("aws %s error: %s", serviceName, msg)
+			statusMsg := fmt.Sprintf("aws service %s: %s", serviceName, msg)
 			return status.New(codes.DeadlineExceeded, statusMsg), nil
 		}
 	}
@@ -165,39 +166,39 @@ func ParseAWSError(err error, msg string) (st *status.Status, permission *pb.Per
 		defer httpErr.Response.Body.Close()
 		switch httpErr.HTTPStatusCode() {
 		case http.StatusBadRequest:
-			statusMsg := fmt.Sprintf("aws service %s: bad request error: %s", serviceName, msg)
+			statusMsg := fmt.Sprintf("aws service %s: bad request: %s", serviceName, msg)
 			return status.New(codes.InvalidArgument, statusMsg), nil
 		case http.StatusUnauthorized:
-			statusMsg := fmt.Sprintf("aws service %s: invalid credentials error: %s", serviceName, msg)
+			statusMsg := fmt.Sprintf("aws service %s: invalid credentials: %s", serviceName, msg)
 			return status.New(codes.PermissionDenied, statusMsg), &pb.Permission{
 				State:        pb.StateType_STATE_TYPE_ERROR,
 				ErrorDetails: buf.String(),
 				CheckedAt:    timestamppb.Now(),
 			}
 		case http.StatusForbidden:
-			statusMsg := fmt.Sprintf("aws service %s: invalid credentials error: %s", serviceName, msg)
+			statusMsg := fmt.Sprintf("aws service %s: invalid credentials: %s", serviceName, msg)
 			return status.New(codes.PermissionDenied, statusMsg), &pb.Permission{
 				State:        pb.StateType_STATE_TYPE_ERROR,
 				ErrorDetails: buf.String(),
 				CheckedAt:    timestamppb.Now(),
 			}
 		case http.StatusNotFound:
-			statusMsg := fmt.Sprintf("aws service %s: resource not found error: %s", serviceName, msg)
+			statusMsg := fmt.Sprintf("aws service %s: resource not found: %s", serviceName, msg)
 			return status.New(codes.NotFound, statusMsg), nil
 		case http.StatusTooManyRequests:
-			statusMsg := fmt.Sprintf("aws service %s: throttling error: %s", serviceName, msg)
+			statusMsg := fmt.Sprintf("aws service %s: throttling: %s", serviceName, msg)
 			return status.New(codes.Unavailable, statusMsg), nil
 		case http.StatusInternalServerError:
 			fallthrough
 		case http.StatusBadGateway:
 			fallthrough
 		case http.StatusServiceUnavailable:
-			statusMsg := fmt.Sprintf("aws service %s: connectivity error: %s", serviceName, msg)
+			statusMsg := fmt.Sprintf("aws service %s: connectivity: %s", serviceName, msg)
 			return status.New(codes.Unavailable, statusMsg), nil
 		case http.StatusRequestTimeout:
 			fallthrough
 		case http.StatusGatewayTimeout:
-			statusMsg := fmt.Sprintf("aws service %s: timeout error: %s", serviceName, msg)
+			statusMsg := fmt.Sprintf("aws service %s: timeout: %s", serviceName, msg)
 			return status.New(codes.DeadlineExceeded, statusMsg), nil
 		}
 	}