fix: clarify vault error messages

mxenabled · Feb 2, 2024 · 8208fb6 · 8208fb6
1 parent d3b8d2f
commit 8208fb6
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 13 deletions.
diff --git a/...ult/src/main/java/com/mx/path/service/facility/security/vault/VaultEncryptionService.java b/...ult/src/main/java/com/mx/path/service/facility/security/vault/VaultEncryptionService.java
@@ -226,20 +226,20 @@ final Vault buildAuthenticatedDriver(Vault authenticationDriver) {
 
         case APPROLE:
           resp = authenticationDriver.auth().loginByAppRole(configuration.getAppRole(), configuration.getSecretId());
-          validateVaultAuthenticationResponse(resp, "Unable to login via jwt");
+          validateVaultAuthenticationResponse(resp, "Unable to login via vault app-role");
 
           token = resp.getAuthClientToken();
           break;
 
         case APPID:
           resp = authenticationDriver.auth().loginByAppID("app-id/login", configuration.getAppId(), configuration.getUserId());
-          validateVaultAuthenticationResponse(resp, "Unable to login via app-id");
+          validateVaultAuthenticationResponse(resp, "Unable to login via vault app-id");
 
           token = resp.getAuthClientToken();
           break;
 
         default:
-          throw new VaultEncryptionConfigurationException("Invalid authentication type: " + getConfiguration().getAuthentication());
+          throw new VaultEncryptionConfigurationException("Invalid vault authentication type: " + getConfiguration().getAuthentication());
       }
 
       return buildVaultDriver(token);
@@ -260,7 +260,7 @@ private String doEncrypt(String plaintext) {
     String path = "transit/encrypt/" + configuration.getKeyName();
 
     LogicalResponse response = logicalWriteWithReauthentication(path, Collections.singletonMap("plaintext", encodedValue));
-    validateVaultOperationResponse(response, "Encrypt failed");
+    validateVaultOperationResponse(response, "Vault encrypt failed");
 
     return response.getData().get("ciphertext");
   }
@@ -269,7 +269,7 @@ private String doDecrypt(String ciphertext) {
     LogicalResponse response = logicalWriteWithReauthentication(
         "transit/decrypt/" + configuration.getKeyName(),
         Collections.singletonMap("ciphertext", ciphertext));
-    validateVaultOperationResponse(response, "Decrypt failed");
+    validateVaultOperationResponse(response, "Vault decrypt failed");
 
     String plaintext = response.getData().get("plaintext");
 
@@ -336,7 +336,7 @@ private LogicalResponse logicalReadWithReauthentication(final String path) {
         resetDriver();
         continue;
       } catch (VaultException e) {
-        throw new VaultEncryptionOperationException("Logical read failed", e);
+        throw new VaultEncryptionOperationException("Vault logical read failed", e);
       }
 
       // If the response is permission denied
@@ -347,7 +347,7 @@ private LogicalResponse logicalReadWithReauthentication(final String path) {
       }
     }
 
-    throw new VaultEncryptionAuthenticationException("Permission denied and unable to reauthenticate");
+    throw new VaultEncryptionAuthenticationException("Permission denied and unable to reauthenticate vault read");
   }
 
   private LogicalResponse logicalWriteWithReauthentication(final String path, final Map<String, Object> nameValuePairs) {
@@ -359,7 +359,7 @@ private LogicalResponse logicalWriteWithReauthentication(final String path, fina
         resetDriver();
         continue;
       } catch (VaultException e) {
-        throw new VaultEncryptionOperationException("Logical write failed", e);
+        throw new VaultEncryptionOperationException("Vault logical write failed", e);
       }
 
       // If the response is permission denied
@@ -370,6 +370,6 @@ private LogicalResponse logicalWriteWithReauthentication(final String path, fina
       }
     }
 
-    throw new VaultEncryptionAuthenticationException("Permission denied and unable to reauthenticate");
+    throw new VaultEncryptionAuthenticationException("Permission denied and unable to reauthenticate vault write");
   }
 }
diff --git a/...test/groovy/com/mx/path/service/facility/security/vault/VaultEncryptionServiceTest.groovy b/...test/groovy/com/mx/path/service/facility/security/vault/VaultEncryptionServiceTest.groovy
@@ -287,7 +287,7 @@ class VaultEncryptionServiceTest extends Specification {
 
     then:
     def ex = thrown(VaultEncryptionAuthenticationException)
-    ex.getMessage() == "Permission denied and unable to reauthenticate"
+    ex.getMessage() == "Permission denied and unable to reauthenticate vault write"
     verify(subject, times(3)).resetDriver() || true
   }
 
@@ -305,7 +305,7 @@ class VaultEncryptionServiceTest extends Specification {
 
     then:
     def ex = thrown(VaultEncryptionOperationException)
-    ex.getMessage() == "Logical write failed"
+    ex.getMessage() == "Vault logical write failed"
     verify(subject, never()).resetDriver() || true
   }
 
@@ -366,7 +366,7 @@ class VaultEncryptionServiceTest extends Specification {
 
     then:
     def ex = thrown(VaultEncryptionAuthenticationException)
-    ex.getMessage() == "Permission denied and unable to reauthenticate"
+    ex.getMessage() == "Permission denied and unable to reauthenticate vault write"
     verify(subject, times(3)).resetDriver() || true
   }
 
@@ -384,7 +384,7 @@ class VaultEncryptionServiceTest extends Specification {
 
     then:
     def ex = thrown(VaultEncryptionOperationException)
-    ex.getMessage() == "Logical write failed"
+    ex.getMessage() == "Vault logical write failed"
     verify(subject, never()).resetDriver() || true
   }