diff options
| author | Morten Tokle <mortent@vespa.ai> | 2024-01-02 08:45:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-02 08:45:03 +0100 |
| commit | f10979f97f25a7d989dc26b958bd2321f258112e (patch) | |
| tree | 7af237ef30f72ea4790693497c29991f1eb8a274 /configserver | |
| parent | 777cf152a7f23b3e3362f447ee8ddfe2e72f86d1 (diff) | |
| parent | 83d0e649b2c77283f5be3abac4bd3296d6f46f9a (diff) | |
Merge pull request #29638 from vespa-engine/mortent/propagate-secretstore-error
Propagate more useful error message to vespa log
Diffstat (limited to 'configserver')
3 files changed, 52 insertions, 5 deletions
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/SecretStoreExternalIdRetriever.java b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/SecretStoreExternalIdRetriever.java index 5afb2188fac..c6f9a0268c1 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/SecretStoreExternalIdRetriever.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/SecretStoreExternalIdRetriever.java @@ -4,7 +4,10 @@ package com.yahoo.vespa.config.server.tenant; import com.yahoo.config.model.api.TenantSecretStore; import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.TenantName; +import com.yahoo.container.jdisc.secretstore.SecretNotFoundException; import com.yahoo.container.jdisc.secretstore.SecretStore; +import com.yahoo.vespa.config.server.http.InvalidApplicationException; + import java.util.List; import java.util.stream.Collectors; @@ -19,10 +22,14 @@ public class SecretStoreExternalIdRetriever { return tenantSecretStores.stream() .map(tenantSecretStore -> { var secretName = secretName(tenant, system, tenantSecretStore.getName()); - String secret = secretStore.getSecret(secretName); - if (secret == null) - throw new RuntimeException("No secret found in secret store for " + secretName); - return tenantSecretStore.withExternalId(secret); + try { + String secret = secretStore.getSecret(secretName); + if (secret == null) + throw new InvalidApplicationException("No secret found in secret store for " + secretName); + return tenantSecretStore.withExternalId(secret); + } catch (SecretNotFoundException e) { + throw new InvalidApplicationException("Could not find externalId for secret store: %s".formatted(tenantSecretStore.getName())); + } }) .toList(); } diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/MockSecretStore.java b/configserver/src/test/java/com/yahoo/vespa/config/server/MockSecretStore.java index bd469cb8f0b..ac97fe0ba05 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/MockSecretStore.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/MockSecretStore.java @@ -1,6 +1,7 @@ // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.config.server; +import com.yahoo.container.jdisc.secretstore.SecretNotFoundException; import com.yahoo.container.jdisc.secretstore.SecretStore; import java.util.HashMap; @@ -13,7 +14,7 @@ public class MockSecretStore implements SecretStore { public String getSecret(String key) { if(secrets.containsKey(key)) return secrets.get(key).get(0); - throw new RuntimeException("Key not found: " + key); + throw new SecretNotFoundException("Key not found: " + key); } @Override diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/SecretStoreExternalIdRetrieverTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/SecretStoreExternalIdRetrieverTest.java new file mode 100644 index 00000000000..96c7d9e6957 --- /dev/null +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/SecretStoreExternalIdRetrieverTest.java @@ -0,0 +1,39 @@ +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +package com.yahoo.vespa.config.server.tenant; + +import com.yahoo.config.model.api.TenantSecretStore; +import com.yahoo.config.provision.SystemName; +import com.yahoo.config.provision.TenantName; +import com.yahoo.vespa.config.server.MockSecretStore; +import com.yahoo.vespa.config.server.http.InvalidApplicationException; +import org.junit.jupiter.api.Test; + +import java.util.List; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; + +/** + * @author mortent + */ +public class SecretStoreExternalIdRetrieverTest { + private final MockSecretStore secretStore = new MockSecretStore(); + private final TenantName tenantName = TenantName.from("myTenant"); + private final TenantSecretStore tenantSecretStore = new TenantSecretStore("name", "123456789012", "role"); + + @Test + public void fills_external_ids() { + secretStore.put(SecretStoreExternalIdRetriever.secretName(tenantName, SystemName.PublicCd, "name"), "externalId"); + + List<TenantSecretStore> tenantSecretStores = SecretStoreExternalIdRetriever.populateExternalId(secretStore, tenantName, SystemName.PublicCd, List.of(tenantSecretStore)); + assertEquals(1, tenantSecretStores.size()); + assertEquals("externalId", tenantSecretStores.get(0).getExternalId().get()); + } + + @Test + public void reports_application_package_error_when_external_id_not_found() { + InvalidApplicationException exception = assertThrows(InvalidApplicationException.class, () -> SecretStoreExternalIdRetriever.populateExternalId(secretStore, tenantName, SystemName.PublicCd, List.of(tenantSecretStore))); + assertEquals("Could not find externalId for secret store: name", exception.getMessage()); + } +} |