Fixes bug in error handling within the VerifyFileExists method

[doodlesbykumbi]

What does this PR do?

Fixes bug in error handling within the VerifyFileExists method that resulted in a panic when the error from os.Stat was not ErrNotExist. The fix includes introducing the CAKC058 error and log message for when the path to a file exists but is not a regular file.

What ticket does this PR close?

Resolves ##252

Checklists

Change log

• The CHANGELOG has been updated, or
• This PR does not include user-facing changes and doesn't require a CHANGELOG update

Test coverage

• This PR includes new unit and integration tests to go with the code changes, or
• The changes in this PR do not require tests

Documentation

• Docs (e.g. READMEs) were updated in this PR, and/or there is a follow-on issue to update docs, or
• This PR does not require updating any documentation

Manual tests

If you are preparing for a release, have you run the following manual tests to verify existing functionality continues to function as expected?

• Manually run Kubernetes-Conjur demo with a local authn-k8s client image build

[diverdane]

I think we really should add checking for and logging of permissions errors (in addition to logging errors that indicate non-regular files). There are a few reasons why I'm thinking that we're getting hit with permissions errors when checking for the existence of the authenticator client certificate:

• If you look at the first (top) entry in the crash traceback:

   github.com/cyberark/conjur-authn-k8s-client/pkg/utils.VerifyFileExists(0x84dc32, 0x1a, 0x0, 0xc00043e000)
   	/opt/conjur-authn-k8s-client/pkg/utils/file.go:50 +0xb1
  

  the first 2 hexadecimal arguments shown on the stack, i.e. 0x84dc32, 0x1a, represent a pointer and a length for the path string argument being passed to the function. (The last two represent the return value, which also happened to get added to the stack when Golang gets compiled/run).

  This says that the length of the string path being passed is 0x1a, or 26 decimal. This is EXACTLY what we're expecting in this case, because we're checking for the authenticator client cert at the path /etc/conjur/ssl/client.pem, which is 26 characters long. So it appears that at least the length of the string is not junk... which leads me to believe that the pointer pointing to the text is probably not junk either.

• The applications are able to authenticate when version 0.16.1 of the authenticator was used, but fail to authenticate when 0.19.1 is used.

  One of the differences between v0.16.1 and v0.19.1 that might affect access to the cert at /etc/conjur/ssl/client.pem is that the Dockerfile for building the authenticator was changed a bit between these versions:
  - For v0.16.1, the /etc/conjur/ssl directory is created with permissions 0777, and that directory is created by user root in the Docker build process.
  - For v0.19.1, the /etc/conjur/ssl directory is created with permissions 0770, and that directory is created by user authenticator (and the container's user is set to authenticator).

  Everything looks like it should be okay and the /etc/conjur/ssl/client.pem should be readable in both cases, but it does seem a bit suspicious.

  I started to add this check in, and it was pretty easy in the functional/production code, but the UT for this is difficult as it's hard to trigger a permissions error in calls to os.Stat(). So this needs to be mocked. I'm close to having something that might work.

[diverdane]

@doodlesbykumbi I've added error logging for a file permissions error (for reasons listed earlier), but unit testing this required a restructuring of the mocking that was done for testing files.go.

Let me know what you think... if this looks like a bad idea you can do a force push to remove this change.

[diverdane]

Looks fantastic. Mocking the way it should be done. :)
I had some minor suggestions to consider, but I don't have a preference on these one way or another, so your choice.

[diverdane]

It might be a little clearer if we skip the statError and isRegular assignments in this particular case since we're not mocking these when useOSUtils is true.

[diverdane]

I'm equivocating on whether these would be more clearly named mockStatError and mockIsRegular in this struct (rather than statError and isRegular)? Although it's pretty obvious what it's used for, so I'll defer to your choice.

[shulifink]

@suefran - can you please take this?

[suefran]

I'm on it, thanks!

[diverdane]

LGTM!!!

Since there's another approval