search

awslabs / tough

Rust libraries and tools for using and generating TUF repositories
191 stars 45 forks source link

tough kms errors are extremely cryptic #661

Closed bcressey closed 11 months ago

bcressey commented 11 months ago

For any error coming from the Rust SDK, the error messages are truncated to borderline uselessness:

$ tuftool root add-key 99.root.json -k aws-kms://my-key-account/alias/foo -r root
Unable to parse keypair: Failed to get public key for aws-kms://my-key-account/alias/foo : service error
Unable to parse keypair: Failed to get public key for aws-kms://my-key-account/alias/foo : failed to construct request

The first one is a permissions error and I think the second one is a malformed ~/.aws/config, but this is pretty challenging to debug.

Using .into_service_error() on the SDK error should give a more useful message.

bcressey commented 11 months ago

@etungsten pointed me to https://github.com/bottlerocket-os/bottlerocket/commit/5ec5bc3a70cee7c0fdba19dd4062e45cb8b21355 as an example of fixing this.