Skip to content

Commit

Permalink
mod: use autorest detailed error to catch SecretDisabled errors
Browse files Browse the repository at this point in the history
Signed-off-by: Joshua Duffney <[email protected]>
  • Loading branch information
duffney committed Oct 30, 2024
1 parent 5c6c108 commit c7fd6e5
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 14 deletions.
33 changes: 20 additions & 13 deletions pkg/keymanagementprovider/azurekeyvault/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ import (
"golang.org/x/crypto/pkcs12"

kv "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault"
"github.com/Azure/go-autorest/autorest"
"github.com/Azure/go-autorest/autorest/azure"
)

Expand Down Expand Up @@ -169,20 +170,26 @@ func (s *akvKMProvider) GetCertificates(ctx context.Context) (map[keymanagementp
secretBundle, err := s.kvClient.GetSecret(ctx, s.vaultURI, keyVaultCert.Name, keyVaultCert.Version)
if err != nil {
// certificate is disabled, remove it from the map
if strings.Contains(err.Error(), "403") {
certBundle, err := s.kvClient.GetCertificate(ctx, s.vaultURI, keyVaultCert.Name, keyVaultCert.Version)
if err != nil {
return nil, nil, fmt.Errorf("failed to get certificate objectName:%s, objectVersion:%s, error: %w", keyVaultCert.Name, keyVaultCert.Version, err)
if de, ok := err.(autorest.DetailedError); ok {

Check failure on line 173 in pkg/keymanagementprovider/azurekeyvault/provider.go

View workflow job for this annotation

GitHub Actions / lint

unnecessary leading newline (whitespace)

if re, ok := de.Original.(*azure.RequestError); ok {

Check failure on line 175 in pkg/keymanagementprovider/azurekeyvault/provider.go

View workflow job for this annotation

GitHub Actions / lint

unnecessary leading newline (whitespace)

if re.ServiceError.Code == "SecretDisabled" {
certBundle, err := s.kvClient.GetCertificate(ctx, s.vaultURI, keyVaultCert.Name, keyVaultCert.Version)
if err != nil {
return nil, nil, fmt.Errorf("failed to get certificate objectName:%s, objectVersion:%s, error: %w", keyVaultCert.Name, keyVaultCert.Version, err)
}

keyVaultCert.Version = getObjectVersion(*certBundle.Kid)
isEnabled := *certBundle.Attributes.Enabled
lastRefreshed := startTime.Format(time.RFC3339)
certProperty := getStatusProperty(keyVaultCert.Name, keyVaultCert.Version, strconv.FormatBool(isEnabled), lastRefreshed)
certsStatus = append(certsStatus, certProperty)
mapKey := keymanagementprovider.KMPMapKey{Name: keyVaultCert.Name, Version: keyVaultCert.Version, Enabled: isEnabled}
keymanagementprovider.DeleteCertificateFromMap(s.resource, mapKey)
continue
}
}

keyVaultCert.Version = getObjectVersion(*certBundle.Kid)
isEnabled := *certBundle.Attributes.Enabled
lastRefreshed := startTime.Format(time.RFC3339)
certProperty := getStatusProperty(keyVaultCert.Name, keyVaultCert.Version, strconv.FormatBool(isEnabled), lastRefreshed)
certsStatus = append(certsStatus, certProperty)
mapKey := keymanagementprovider.KMPMapKey{Name: keyVaultCert.Name, Version: keyVaultCert.Version, Enabled: isEnabled}
keymanagementprovider.DeleteCertificateFromMap(s.resource, mapKey)
continue
}

return nil, nil, fmt.Errorf("failed to get secret objectName:%s, objectVersion:%s, error: %w", keyVaultCert.Name, keyVaultCert.Version, err)
Expand Down
8 changes: 7 additions & 1 deletion pkg/keymanagementprovider/azurekeyvault/provider_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
"time"

kv "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault"
"github.com/Azure/go-autorest/autorest"
"github.com/Azure/go-autorest/autorest/azure"
"github.com/Azure/go-autorest/autorest/to"
"github.com/ratify-project/ratify/internal/version"
Expand Down Expand Up @@ -242,7 +243,12 @@ func TestGetCertificates(t *testing.T) {
}, nil
},
GetSecretFunc: func(_ context.Context, _ string, _ string, _ string) (kv.SecretBundle, error) {
return kv.SecretBundle{}, errors.New("403")
err := autorest.DetailedError{
Original: &azure.RequestError{
ServiceError: &azure.ServiceError{Code: "SecretDisabled"},
},
}
return kv.SecretBundle{}, err
},
},
},
Expand Down

0 comments on commit c7fd6e5

Please sign in to comment.