Skip to content

Return better errors for unavailable error codes#2336

Merged
pkwarren merged 7 commits intomainfrom
pkw/BSR-2351-tls-error
Aug 2, 2023
Merged

Return better errors for unavailable error codes#2336
pkwarren merged 7 commits intomainfrom
pkw/BSR-2351-tls-error

Conversation

@pkwarren
Copy link
Member

@pkwarren pkwarren commented Aug 2, 2023

If we can determine that the error from login is due to a connect unavailable error, we should return more details to aid in troubleshooting. Update wrapError to return a better error message in case of a TLS certificate error (could be a MITM attack or an untrusted certificate).

@pkwarren
Return better errors for unavailable error codes
fb9f206 
If we can determine that the error from login is due to a connect
unavailable error, we should return more details to aid in
troubleshooting. Update wrapError to return a better error message in
case of a TLS certificate error (could be a MITM attack or an untrusted
certificate).
@pkwarren pkwarren requested review from bufdev and unmultimedio August 2, 2023 16:32
@pkwarren
Copy link
Member Author

pkwarren commented Aug 2, 2023

When testing locally, the behavior is:

Before:

$ printf '...' | buf registry login <remote> --token-stdin --username <username>
Failure: invalid token provided

After:

$ printf '...' | buf registry login <remote> --token-stdin --username <username>
tls: failed to verify certificate: x509: “api.<remote>” certificate is not trusted

unmultimedio
unmultimedio reviewed Aug 2, 2023
View reviewed changes
Copy link
Member

@unmultimedio unmultimedio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

private/buf/cmd/buf/command/registry/registrylogin/registrylogin.go
Comment on lines +191 to 196
if connectErr := new(connect.Error); errors.As(err, &connectErr) && connectErr.Code() == connect.CodeUnavailable {
return connectErr
}
// We don't want to use the default error from wrapError here if the error
// an unauthenticated error.
return errors.New("invalid token provided")
Copy link
Member

@unmultimedio unmultimedio Aug 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought you were going to invoke wrapError here.

@pkwarren pkwarren requested a review from unmultimedio August 2, 2023 17:07
bufdev
bufdev reviewed Aug 2, 2023
View reviewed changes
private/buf/bufcli/errors_tls_go119.go
"strings"
)

// wrappedTLSError returns an unwrapped TLS error or nil if the error is another type of error.
Copy link
Member

@bufdev bufdev Aug 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to see a bit more documentation here as to the motivation for this, so that in the future we understand why this is here in case we need to debug

Copy link
Member Author

@pkwarren pkwarren Aug 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok - this is just a temporary thing until Go 1.21 is released and we can remove and just use errors.As which will be a lot more readable. I'll update to add more details though.

@pkwarren pkwarren requested a review from bufdev August 2, 2023 19:25
@pkwarren pkwarren merged commit 3bd5bea into main Aug 2, 2023
@pkwarren pkwarren deleted the pkw/BSR-2351-tls-error branch August 2, 2023 21:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bufdev bufdev bufdev approved these changes

@unmultimedio unmultimedio Awaiting requested review from unmultimedio

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pkwarren @bufdev @unmultimedio