Add crypto context errors (#8740)

Currently when connections to vault fail, client perpetually retries this leads to assumptions that the server has issues and masks the problem. Re-purpose *crypto.Error* type to send appropriate errors back to the client.
2025-11-09 21:49:46 -05:00 · 2020-01-06 16:15:22 -08:00
parent 796cca4166
commit 933c60bc3a
18 changed files with 139 additions and 100 deletions
--- a/pkg/iam/policy/error.go
+++ b/pkg/iam/policy/error.go
@@ -18,22 +18,25 @@ package iampolicy

 import "fmt"

-// Error generic iam policy error type
+// Error is the generic type for any error happening during policy
+// parsing.
 type Error struct {
-	Err string
+	err error
 }

 // Errorf - formats according to a format specifier and returns
-// the string as a value that satisfies error of type iampolicy.Error
+// the string as a value that satisfies error of type policy.Error
 func Errorf(format string, a ...interface{}) error {
-	return Error{Err: fmt.Sprintf(format, a...)}
+	return Error{err: fmt.Errorf(format, a...)}
 }

-// New initializes a new Error
-func New(err string) error {
-	return Error{Err: err}
-}
+// Unwrap the internal error.
+func (e Error) Unwrap() error { return e.err }

+// Error 'error' compatible method.
 func (e Error) Error() string {
-	return e.Err
+	if e.err == nil {
+		return "iam: cause <nil>"
+	}
+	return e.err.Error()
 }
--- a/pkg/iam/policy/policy.go
+++ b/pkg/iam/policy/policy.go
@@ -165,7 +165,7 @@ func ParseConfig(reader io.Reader) (*Policy, error) {
 	decoder := json.NewDecoder(reader)
 	decoder.DisallowUnknownFields()
 	if err := decoder.Decode(&iamp); err != nil {
-		return nil, err
+		return nil, Errorf("%w", err)
 	}

 	return &iamp, iamp.Validate()