KAS code returns identical errors for different error cases, increasing difficulty of diagnosing problems

opentdf / platform

OpenTDF Platform monorepo enabling the development and integration of _forever control_ of data into new and existing applications. The concept of forever control stems from an increasingly common concept known as zero trust.

BSD 3-Clause Clear License

15 stars 4 forks source link

KAS code returns identical errors for different error cases, increasing difficulty of diagnosing problems #1026

Open patmantru opened 4 days ago

patmantru commented 4 days ago

the same 'bad request' error text appears in multiple error paths, making it more difficult to diagnose this sort of thing. It would be better if there were unique responses to the different conditions. Even something with filename+linenumber would be better.

Not the only example, but one case that illustrates the problem:

https://github.com/opentdf/platform/blob/588827c6b4b7b1c0b8f39002eefd294357b5a206/service/kas/access/rewrap.go#L193

strantalis commented 3 days ago

Ran into something similar after regenerating keys. The error kas / sdk returned wasn't really clear what the exact issue was.

time=2024-06-24T13:53:09.391Z level=DEBUG msg="default rewrap algorithm" namespace=kas
time=2024-06-24T13:53:09.392Z level=WARN msg="failure to decrypt dek" namespace=kas err="error decrypting data: x509.ParsePKCS8PrivateKey failed: crypto/rsa: decryption error"
time=2024-06-24T13:53:09.393Z level=ERROR msg="rewrap tdf3" err="request error\nrpc error: code = InvalidArgument desc = bad request"