fix(KeyStoreAdmin): Exceptions for Mutations when KMS Key is Disabled #1235
Conversation
texastony
force-pushed
the
mutations/mutations
branch
2 times, most recently
from
bc983e7 to
2fc52ac
Compare
texastony
force-pushed
the
mutations/fix-kms-key-disabled-deleted-error
branch
from
4f44f76 to
3235093
Compare
texastony
force-pushed
the
mutations/fix-kms-key-disabled-deleted-error
branch
from
a7ec15a to
f180e85
Compare
| message := "Invalid response from KMS GenerateDataKey:: Invalid Key Id") | ||
| ); |
There was a problem hiding this comment.
Nit: We should make both these messages consistent.
| message := "Invalid response from KMS GenerateDataKey:: Invalid Key Id") | |
| ); | |
| message := "Invalid response from AWS KMS GenerateDataKey:: Invalid Key Id") | |
| ); |
| returns (res: Result<KMS.GenerateDataKeyWithoutPlaintextResponse, KmsError>) | ||
| requires kmsClient.ValidState() |
There was a problem hiding this comment.
Just to confirm, this is a breaking change right?
|
|
||
| } | ||
| } | ||
| if (kmsWithMsg) { |
There was a problem hiding this comment.
Both this and the last case in the if (kmsWithMsg && knownKmsStrat) { block (which never happens) indicate that the statement (kmsWithMsg && knownKmsStrat) { is always true so long as kmsWithMessage is true. We return some exception in each case. Are you sure that the error messages won't overlap? For instance, this line:
var hasEncrypt? := String.HasSubString(kmsErrorMessage?.value, "Encrypt");
Wouldn't this interfere with:
else if (hasTerminalArn?.Some?) {
return Types.MutationToException(
message := "Key Management denied access to the terminal KMS Key."
+ " Mutation is halted. Check encrypt access to KMS ARN: " + terminalKmsArn + "."
+ "\n" + errorContext
);
Example -- If the KMS Message has hasTerminalArn? as true, and the message says you don't have Encrypt permissions, wouldn't this be returned in
case "Decrypt/Encrypt" =>
rather than
else if (hasTerminalArn?.Some?) {
I am also concerned that if all the if blocks in all the cases in
match kmsOperation {
are exhaustive, Line 194:
if (kmsWithMsg) {
will never be triggered because in the previous if block (kmsWithMsg && knownKmsStrat) {, knownKmsStrat is always true.
Issue #, if available:
Description of changes:
If the KMS Key involved in a Mutation is deleted or disabled,
along with any number of other KMS exceptions,
the Key Store Admin should attempt to classify the exception as To or From Mutation Exception,
rather than a generic Key Store Admin Exception.
Squash/merge commit message, if applicable:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.