http: mask user error away from unseal since its not actionable

2026-06-11 09:51:16 -04:00 · 2015-03-12 11:26:59 -07:00 · 2015-03-12 11:26:59 -07:00 · e3fbe54a04
commit e3fbe54a04
parent c2672f2868
2 changed files with 8 additions and 6 deletions
--- a/http/sys_seal.go
+++ b/http/sys_seal.go
@ -5,6 +5,7 @@ import (
 	"errors"
 	"net/http"

+	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/vault/vault"
 )

@ -55,8 +56,12 @@ func handleSysUnseal(core *vault.Core) http.Handler {

 		// Attempt the unseal
 		if _, err := core.Unseal(key); err != nil {
-			respondError(w, http.StatusInternalServerError, err)
-			return
+			// Ignore ErrInvalidKey because its a user error that we
+			// mask away. We just show them the seal status.
+			if !errwrap.ContainsType(err, new(vault.ErrInvalidKey)) {
+				respondError(w, http.StatusInternalServerError, err)
+				return
+			}
 		}

 		// Return the seal status
--- a/http/sys_seal_test.go
+++ b/http/sys_seal_test.go
@ -97,16 +97,13 @@ func TestSysUnseal(t *testing.T) {
 }

 func TestSysUnseal_badKey(t *testing.T) {
-	// TODO: wait on Armon to fix error message from core
-	t.Skip()
-
 	core := testCore(t)
 	testCoreInit(t, core)
 	ln, addr := testServer(t, core)
 	defer ln.Close()

 	resp := testHttpPut(t, addr+"/v1/sys/unseal", map[string]interface{}{
-		"key": "foo",
+		"key": "0123",
 	})

 	var actual map[string]interface{}