diff --git a/README.md b/README.md index f6cc823..888071b 100644 --- a/README.md +++ b/README.md @@ -335,7 +335,9 @@ Signed: false Loaded Time: Mon, 14 Aug 2017 22:25:16 PDT ``` -##### Error One +Notice that only GRPC plugins are supported. There is also a requirement to use trusted CA and providing both plugin-cert and plugin-key. Below common error messages are presented that you might receive if one of those requirements are not fulfilled. + +##### Case 1: Missing plugin key ```sh ▶ snaptel plugin load --plugin-cert=snaptest-srv.crt --plugin-ca-certs=snaptest-ca.crt ../snap-plugin-lib-go/rand-collector @@ -343,10 +345,7 @@ Error: Both plugin certification and key are mandatory. Usage: load [--plugin-cert= --plugin-key= --plugin-ca-certs=] ``` -> What happened: Both `plugin-cert` and `plugin-key` are mandatory. - - -##### Error Two +##### Case 2: Using untrusted CA ```sh ▶ snaptel plugin load --plugin-cert=snaptest-srv.crt --plugin-key=snaptest-srv.key --plugin-ca-certs=snaptest-ca.crt ../snap-plugin-lib-go/rand-collector @@ -355,9 +354,7 @@ Usage: load [--plugin-cert= --plugin-key= What happened: Did you start `snapteld` with CA cert or put the trusted CA in your OS/APP trust store? - -##### Error Three +##### Case 3: Trying to set TLS GRPC communication for non-GRPC plugin ```sh ▶ snaptel plugin load --plugin-cert snaptest-srv.crt --plugin-key snaptest-srv.key --plugin-ca-certs snaptest-ca.crt ../snap/snap-plugin-collector-mock1 @@ -365,5 +362,3 @@ Error: secure framework can't connect to insecure plugin; plugin_name: mock Usage: load [--plugin-cert= --plugin-key= --plugin-ca-certs=] ``` ->What happened: The TLS is only supported for GRPC plugins. Restarting `snapteld` without TLS to load non-GRPC plugins. - diff --git a/snaptel/common.go b/snaptel/common.go index df6d058..eaf3beb 100644 --- a/snaptel/common.go +++ b/snaptel/common.go @@ -23,7 +23,6 @@ import ( "encoding/json" "fmt" "io/ioutil" - "strings" "golang.org/x/crypto/ssh/terminal" @@ -130,6 +129,8 @@ func getErrorDetail(err error, ctx *cli.Context) error { return newUsageError(fmt.Sprintf("%v", err.(*plugins.GetPluginConfigItemBadRequest).Payload.ErrorMessage), ctx) case *plugins.GetPluginConfigItemUnauthorized: return newUsageError(fmt.Sprintf("%v", err.(*plugins.GetPluginConfigItemUnauthorized).Payload.Message), ctx) + case *plugins.LoadPluginDefault: + return newUsageError(fmt.Sprintf("%v", err.(*plugins.LoadPluginDefault).Message), ctx) case *tasks.GetTaskNotFound: return newUsageError(fmt.Sprintf("%v", err.(*tasks.GetTaskNotFound).Payload.ErrorMessage), ctx) case *tasks.GetTaskUnauthorized: @@ -149,10 +150,6 @@ func getErrorDetail(err error, ctx *cli.Context) error { case *tasks.UpdateTaskStateUnauthorized: return newUsageError(fmt.Sprintf("%v", err.(*tasks.UpdateTaskStateUnauthorized).Payload.Message), ctx) default: - // this is a hack - if strings.Contains(err.Error(), "tls: oversized record") || strings.Contains(err.Error(), "malformed HTTP response") { - return newUsageError(extractError(err.Error()), ctx) - } return newUsageError(fmt.Sprintf("Error: %v", err), ctx) } } @@ -221,19 +218,3 @@ func BasicAuth(ctx *cli.Context) runtime.ClientAuthInfoWriter { } return nil } - -// extractError is a hack for SSL/TLS handshake error. -func extractError(m string) string { - ts := strings.Split(m, "\"") - - var tss []string - if len(ts) > 0 { - tss = strings.Split(ts[0], "malformed") - } - - errMsg := "Error connecting to API. Do you have an http/https mismatching API request?" - if len(tss) > 0 { - errMsg = tss[0] + errMsg - } - return errMsg -}