feat(GODT-3172): detect missing keychain item
This commit is contained in:
parent
89bb7b6389
commit
9b1daa0373
|
@ -106,8 +106,12 @@ func loadVaultKey(vaultDir string, keychains *keychain.List) ([]byte, error) {
|
|||
|
||||
key, err := vault.GetVaultKey(kc)
|
||||
if err != nil {
|
||||
logrus.WithError(err).Warn("Not possible to retrieve vault key, generating new")
|
||||
return vault.NewVaultKey(kc)
|
||||
if keychain.IsErrKeychainNoItem(err) {
|
||||
logrus.WithError(err).Warn("no vault key found, generating new")
|
||||
return vault.NewVaultKey(kc)
|
||||
}
|
||||
|
||||
return nil, fmt.Errorf("could not check for vault key: %w", err)
|
||||
}
|
||||
|
||||
return key, nil
|
||||
|
|
|
@ -125,7 +125,7 @@ func (h *macOSHelper) Get(secretURL string) (string, string, error) {
|
|||
}
|
||||
|
||||
if len(results) == 0 {
|
||||
return "", "", errors.New("no result")
|
||||
return "", "", ErrKeychainNoItem
|
||||
}
|
||||
|
||||
if len(results) != 1 {
|
||||
|
|
|
@ -168,10 +168,14 @@ func (s *SecretServiceDBusHelper) Get(serverURL string) (string, string, error)
|
|||
serverAtt: serverURL,
|
||||
})
|
||||
|
||||
if len(items) == 0 || err != nil {
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
if len(items) == 0 {
|
||||
return "", "", ErrKeychainNoItem
|
||||
}
|
||||
|
||||
item := items[0]
|
||||
|
||||
attributes, err := service.GetAttributes(item)
|
||||
|
|
|
@ -41,8 +41,14 @@ var (
|
|||
|
||||
// ErrMacKeychainRebuild is returned on macOS with blocked or corrupted keychain.
|
||||
ErrMacKeychainRebuild = errors.New("keychain error -25293")
|
||||
|
||||
ErrKeychainNoItem = errors.New("no such keychain item")
|
||||
)
|
||||
|
||||
func IsErrKeychainNoItem(err error) bool {
|
||||
return errors.Is(err, ErrKeychainNoItem) || credentials.IsErrCredentialsNotFound(err)
|
||||
}
|
||||
|
||||
type Helpers map[string]helperConstructor
|
||||
|
||||
type List struct {
|
||||
|
@ -173,7 +179,16 @@ func (kc *Keychain) Get(userID string) (string, string, error) {
|
|||
kc.locker.Lock()
|
||||
defer kc.locker.Unlock()
|
||||
|
||||
return kc.helper.Get(kc.secretURL(userID))
|
||||
id, key, err := kc.helper.Get(kc.secretURL(userID))
|
||||
if err != nil {
|
||||
return id, key, err
|
||||
}
|
||||
|
||||
if key == "" {
|
||||
return id, key, ErrKeychainNoItem
|
||||
}
|
||||
|
||||
return id, key, err
|
||||
}
|
||||
|
||||
func (kc *Keychain) Put(userID, secret string) error {
|
||||
|
|
|
@ -114,3 +114,16 @@ func TestInsertReadRemove(t *testing.T) {
|
|||
require.NotContains(t, actualList, id)
|
||||
}
|
||||
}
|
||||
|
||||
func TestIsErrKeychainNoItem(t *testing.T) {
|
||||
r := require.New(t)
|
||||
helpers := NewList().GetHelpers()
|
||||
|
||||
for helperName := range helpers {
|
||||
kc, err := NewKeychain(helperName, "bridge-test", helpers, helperName)
|
||||
r.NoError(err)
|
||||
|
||||
_, _, err = kc.Get("non-existing")
|
||||
r.True(IsErrKeychainNoItem(err), "failed for %s with error %w", helperName, err)
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue