fleet/server/service/base_client_errors.go

package service

import (
	"database/sql"
	"encoding/json"
	"errors"
	"fmt"
	"io"

	"github.com/fleetdm/fleet/v4/server/fleet"
)

var (
	ErrUnauthenticated = errors.New("unauthenticated, or invalid token")
	ErrMissingLicense  = errors.New("missing or invalid license")
)

type SetupAlreadyErr interface {
	SetupAlready() bool
	Error() string
}

type setupAlreadyErr struct{}

func (e setupAlreadyErr) Error() string {
	return "Fleet has already been setup"
}

func (e setupAlreadyErr) SetupAlready() bool {
	return true
}

type NotSetupErr interface {
	NotSetup() bool
	Error() string
}

type notSetupErr struct{}

func (e notSetupErr) Error() string {
	return "The Fleet instance is not set up yet"
}

func (e notSetupErr) NotSetup() bool {
	return true
}

// TODO: we have a similar but different interface in the fleet package,
// fleet.NotFoundError - at the very least, the NotFound method should be the
// same in both (the other is currently IsNotFound), and ideally we'd just have
// one of those interfaces.
type NotFoundErr interface {
	NotFound() bool
	Error() string
}

type notFoundErr struct {
	msg string

	fleet.ErrorWithUUID
}

func (e notFoundErr) Error() string {
	if e.msg != "" {
		return e.msg
	}
	return "The resource was not found"
}

func (e notFoundErr) NotFound() bool {
	return true
}

// Implement Is so that errors.Is(err, sql.ErrNoRows) returns true for an
// error of type *notFoundError, without having to wrap sql.ErrNoRows
// explicitly.
func (e notFoundErr) Is(other error) bool {
	return other == sql.ErrNoRows
}

type ConflictErr interface {
	Conflict() bool
	Error() string
}

type conflictErr struct {
	msg string
}

func (e conflictErr) Error() string {
	return e.msg
}

func (e conflictErr) Conflict() bool {
	return true
}

type serverError struct {
	Message string `json:"message"`
	Errors  []struct {
		Name   string `json:"name"`
		Reason string `json:"reason"`
	} `json:"errors"`
}

func extractServerErrorText(body io.Reader) string {
	var serverErr serverError
	if err := json.NewDecoder(body).Decode(&serverErr); err != nil {
		return "unknown"
	}

	errText := serverErr.Message
	if len(serverErr.Errors) > 0 {
		errText += ": " + serverErr.Errors[0].Reason
	}

	return errText
}

type statusCodeErr struct {
	code int
	body string
}

func (e *statusCodeErr) Error() string {
	return fmt.Sprintf("%d %s", e.code, e.body)
}

func (e *statusCodeErr) StatusCode() int {
	return e.code
}
Add fleetctl config and auth commands (#1751) ``` $ fleetctl config set address https://localhost:8080 [+] Set the "address" config key to "https://localhost:8080" in the "default" context $ fleetctl config set ignore_tls true [+] Set the "ignore_tls" config key to "true" in the "default" context $ fleetctl setup --email mike@arpaia.co --password "abc123" [+] Fleet setup successful and context configured! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uX2tleSI6IlUvdm05Vk9wSG0xUlA4SUtjQnBhb2ovWlo1TXppSEVXcFRCNFNPb2tHQnNLUFpDQXFieVpWWnpJb0UvczQzcWkyd1pHZXJOa29SNFVIQ2hNZUc0K09RPT0ifQ.rHawSN8JvD4jjWAPTYX2Ep9ZpMt3u4mSIQcu920C-_s $ fleetctl logout [+] Fleet logout successful and local token cleared! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: "" ``` 2018-05-04 16:53:21 +00:00			`package service`

Improve client error messages with unexpected server errors (#1776) 2018-05-09 23:54:23 +00:00			`import (`
Error early if email already exists (#4363) * Error early if email already exists * Update changes/issue-4361-mail-change-should-error Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> * Fix test * Lint fixes * Fix another test * Also check for invites * Improve error checks * Update comment * Update tests * Fix test Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> 2022-02-28 12:34:44 +00:00			`"database/sql"`
Improve client error messages with unexpected server errors (#1776) 2018-05-09 23:54:23 +00:00			`"encoding/json"`
Print version warning when using fleetctl (#4139) * Remove deprecated call in fleetctl * Remove duplicate error returned by app.Run in tests 2022-02-14 16:43:34 +00:00			`"errors"`
Finalize MDM commands part 2: implement `fleetctl mdm run-command` (#10866) 2023-04-03 18:25:49 +00:00			`"fmt"`
Improve client error messages with unexpected server errors (#1776) 2018-05-09 23:54:23 +00:00			`"io"`
Add UUID to Fleet errors and clean up error msgs (#10411) #8129 Apart from fixing the issue in #8129, this change also introduces UUIDs to Fleet errors. To be able to match a returned error from the API to a error in the Fleet logs. See https://fleetdm.slack.com/archives/C019WG4GH0A/p1677780622769939 for more context. Samples with the changes in this PR: ``` curl -k -H "Authorization: Bearer $TEST_TOKEN" -H 'Content-Type:application/json' "https://localhost:8080/api/v1/fleet/sso" -d '' { "message": "Bad request", "errors": [ { "name": "base", "reason": "Expected JSON Body" } ], "uuid": "a01f6e10-354c-4ff0-b96e-1f64adb500b0" } ``` ``` curl -k -H "Authorization: Bearer $TEST_TOKEN" -H 'Content-Type:application/json' "https://localhost:8080/api/v1/fleet/sso" -d 'asd' { "message": "Bad request", "errors": [ { "name": "base", "reason": "json decoder error" } ], "uuid": "5f716a64-7550-464b-a1dd-e6a505a9f89d" } ``` ``` curl -k -X GET -H "Authorization: Bearer badtoken" "https://localhost:8080/api/latest/fleet/teams" { "message": "Authentication required", "errors": [ { "name": "base", "reason": "Authentication required" } ], "uuid": "efe45bc0-f956-4bf9-ba4f-aa9020a9aaaf" } ``` ``` curl -k -X PATCH -H "Authorization: Bearer $TEST_TOKEN" "https://localhost:8080/api/latest/fleet/users/14" -d '{"name": "Manuel2", "password": "what", "new_password": "p4ssw0rd.12345"}' { "message": "Authorization header required", "errors": [ { "name": "base", "reason": "Authorization header required" } ], "uuid": "57f78cd0-4559-464f-9df7-36c9ef7c89b3" } ``` ``` curl -k -X PATCH -H "Authorization: Bearer $TEST_TOKEN" "https://localhost:8080/api/latest/fleet/users/14" -d '{"name": "Manuel2", "password": "what", "new_password": "p4ssw0rd.12345"}' { "message": "Permission Denied", "uuid": "7f0220ad-6de7-4faf-8b6c-8d7ff9d2ca06" } ``` - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [X] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [X] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~ 2023-03-13 16:44:06 +00:00
			`"github.com/fleetdm/fleet/v4/server/fleet"`
Improve client error messages with unexpected server errors (#1776) 2018-05-09 23:54:23 +00:00			`)`

Print version warning when using fleetctl (#4139) * Remove deprecated call in fleetctl * Remove duplicate error returned by app.Run in tests 2022-02-14 16:43:34 +00:00			`var (`
			`ErrUnauthenticated = errors.New("unauthenticated, or invalid token")`
add Go client to consume device endpoints (#5987) This adds a new API client named DeviceClient to server/service, meant to consume device endpoints and be used from Fleet Desktop. Some of the logic to make requests and parse responses was very repetitive, so I introduced a private baseClient type and moved some of the logic of the existent Client there. Related to #5685 and #5697 2022-06-01 23:05:05 +00:00			`ErrMissingLicense = errors.New("missing or invalid license")`
Print version warning when using fleetctl (#4139) * Remove deprecated call in fleetctl * Remove duplicate error returned by app.Run in tests 2022-02-14 16:43:34 +00:00			`)`

Add fleetctl config and auth commands (#1751) ``` $ fleetctl config set address https://localhost:8080 [+] Set the "address" config key to "https://localhost:8080" in the "default" context $ fleetctl config set ignore_tls true [+] Set the "ignore_tls" config key to "true" in the "default" context $ fleetctl setup --email mike@arpaia.co --password "abc123" [+] Fleet setup successful and context configured! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uX2tleSI6IlUvdm05Vk9wSG0xUlA4SUtjQnBhb2ovWlo1TXppSEVXcFRCNFNPb2tHQnNLUFpDQXFieVpWWnpJb0UvczQzcWkyd1pHZXJOa29SNFVIQ2hNZUc0K09RPT0ifQ.rHawSN8JvD4jjWAPTYX2Ep9ZpMt3u4mSIQcu920C-_s $ fleetctl logout [+] Fleet logout successful and local token cleared! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: "" ``` 2018-05-04 16:53:21 +00:00			`type SetupAlreadyErr interface {`
			`SetupAlready() bool`
			`Error() string`
			`}`

Add fleetctl delete command (#1765) 2018-05-08 02:07:00 +00:00			`type setupAlreadyErr struct{}`
Add fleetctl config and auth commands (#1751) ``` $ fleetctl config set address https://localhost:8080 [+] Set the "address" config key to "https://localhost:8080" in the "default" context $ fleetctl config set ignore_tls true [+] Set the "ignore_tls" config key to "true" in the "default" context $ fleetctl setup --email mike@arpaia.co --password "abc123" [+] Fleet setup successful and context configured! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uX2tleSI6IlUvdm05Vk9wSG0xUlA4SUtjQnBhb2ovWlo1TXppSEVXcFRCNFNPb2tHQnNLUFpDQXFieVpWWnpJb0UvczQzcWkyd1pHZXJOa29SNFVIQ2hNZUc0K09RPT0ifQ.rHawSN8JvD4jjWAPTYX2Ep9ZpMt3u4mSIQcu920C-_s $ fleetctl logout [+] Fleet logout successful and local token cleared! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: "" ``` 2018-05-04 16:53:21 +00:00
			`func (e setupAlreadyErr) Error() string {`
Improvements to fleetctl preview experience (#234) - Make the preview directory in the default .fleet directory. - Check for Docker daemon installed but not running. - Add message for Chrome users on self-signed certs. - Display login information on later invocations of command. - Remove "Kolide" from error messages. Closes #190 Part of #197 2021-01-28 15:57:32 +00:00			`return "Fleet has already been setup"`
Add fleetctl config and auth commands (#1751) ``` $ fleetctl config set address https://localhost:8080 [+] Set the "address" config key to "https://localhost:8080" in the "default" context $ fleetctl config set ignore_tls true [+] Set the "ignore_tls" config key to "true" in the "default" context $ fleetctl setup --email mike@arpaia.co --password "abc123" [+] Fleet setup successful and context configured! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uX2tleSI6IlUvdm05Vk9wSG0xUlA4SUtjQnBhb2ovWlo1TXppSEVXcFRCNFNPb2tHQnNLUFpDQXFieVpWWnpJb0UvczQzcWkyd1pHZXJOa29SNFVIQ2hNZUc0K09RPT0ifQ.rHawSN8JvD4jjWAPTYX2Ep9ZpMt3u4mSIQcu920C-_s $ fleetctl logout [+] Fleet logout successful and local token cleared! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: "" ``` 2018-05-04 16:53:21 +00:00			`}`

			`func (e setupAlreadyErr) SetupAlready() bool {`
			`return true`
			`}`

			`type NotSetupErr interface {`
			`NotSetup() bool`
			`Error() string`
			`}`

Add fleetctl delete command (#1765) 2018-05-08 02:07:00 +00:00			`type notSetupErr struct{}`
Add fleetctl config and auth commands (#1751) ``` $ fleetctl config set address https://localhost:8080 [+] Set the "address" config key to "https://localhost:8080" in the "default" context $ fleetctl config set ignore_tls true [+] Set the "ignore_tls" config key to "true" in the "default" context $ fleetctl setup --email mike@arpaia.co --password "abc123" [+] Fleet setup successful and context configured! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uX2tleSI6IlUvdm05Vk9wSG0xUlA4SUtjQnBhb2ovWlo1TXppSEVXcFRCNFNPb2tHQnNLUFpDQXFieVpWWnpJb0UvczQzcWkyd1pHZXJOa29SNFVIQ2hNZUc0K09RPT0ifQ.rHawSN8JvD4jjWAPTYX2Ep9ZpMt3u4mSIQcu920C-_s $ fleetctl logout [+] Fleet logout successful and local token cleared! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: "" ``` 2018-05-04 16:53:21 +00:00
			`func (e notSetupErr) Error() string {`
Improvements to fleetctl preview experience (#234) - Make the preview directory in the default .fleet directory. - Check for Docker daemon installed but not running. - Add message for Chrome users on self-signed certs. - Display login information on later invocations of command. - Remove "Kolide" from error messages. Closes #190 Part of #197 2021-01-28 15:57:32 +00:00			`return "The Fleet instance is not set up yet"`
Add fleetctl config and auth commands (#1751) ``` $ fleetctl config set address https://localhost:8080 [+] Set the "address" config key to "https://localhost:8080" in the "default" context $ fleetctl config set ignore_tls true [+] Set the "ignore_tls" config key to "true" in the "default" context $ fleetctl setup --email mike@arpaia.co --password "abc123" [+] Fleet setup successful and context configured! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uX2tleSI6IlUvdm05Vk9wSG0xUlA4SUtjQnBhb2ovWlo1TXppSEVXcFRCNFNPb2tHQnNLUFpDQXFieVpWWnpJb0UvczQzcWkyd1pHZXJOa29SNFVIQ2hNZUc0K09RPT0ifQ.rHawSN8JvD4jjWAPTYX2Ep9ZpMt3u4mSIQcu920C-_s $ fleetctl logout [+] Fleet logout successful and local token cleared! $ cat ~/.fleet/config contexts: default: address: https://localhost:8080 email: mike@arpaia.co ignore_tls: true token: "" ``` 2018-05-04 16:53:21 +00:00			`}`

			`func (e notSetupErr) NotSetup() bool {`
			`return true`
			`}`
Add fleetctl delete command (#1765) 2018-05-08 02:07:00 +00:00
Finalize MDM commands part 2: implement `fleetctl mdm run-command` (#10866) 2023-04-03 18:25:49 +00:00			`// TODO: we have a similar but different interface in the fleet package,`
			`// fleet.NotFoundError - at the very least, the NotFound method should be the`
			`// same in both (the other is currently IsNotFound), and ideally we'd just have`
			`// one of those interfaces.`
Add fleetctl delete command (#1765) 2018-05-08 02:07:00 +00:00			`type NotFoundErr interface {`
			`NotFound() bool`
			`Error() string`
			`}`

Add `fleetctl trigger` command (#8877) 2022-12-06 15:56:54 +00:00			`type notFoundErr struct {`
			`msg string`
Add UUID to Fleet errors and clean up error msgs (#10411) #8129 Apart from fixing the issue in #8129, this change also introduces UUIDs to Fleet errors. To be able to match a returned error from the API to a error in the Fleet logs. See https://fleetdm.slack.com/archives/C019WG4GH0A/p1677780622769939 for more context. Samples with the changes in this PR: ``` curl -k -H "Authorization: Bearer $TEST_TOKEN" -H 'Content-Type:application/json' "https://localhost:8080/api/v1/fleet/sso" -d '' { "message": "Bad request", "errors": [ { "name": "base", "reason": "Expected JSON Body" } ], "uuid": "a01f6e10-354c-4ff0-b96e-1f64adb500b0" } ``` ``` curl -k -H "Authorization: Bearer $TEST_TOKEN" -H 'Content-Type:application/json' "https://localhost:8080/api/v1/fleet/sso" -d 'asd' { "message": "Bad request", "errors": [ { "name": "base", "reason": "json decoder error" } ], "uuid": "5f716a64-7550-464b-a1dd-e6a505a9f89d" } ``` ``` curl -k -X GET -H "Authorization: Bearer badtoken" "https://localhost:8080/api/latest/fleet/teams" { "message": "Authentication required", "errors": [ { "name": "base", "reason": "Authentication required" } ], "uuid": "efe45bc0-f956-4bf9-ba4f-aa9020a9aaaf" } ``` ``` curl -k -X PATCH -H "Authorization: Bearer $TEST_TOKEN" "https://localhost:8080/api/latest/fleet/users/14" -d '{"name": "Manuel2", "password": "what", "new_password": "p4ssw0rd.12345"}' { "message": "Authorization header required", "errors": [ { "name": "base", "reason": "Authorization header required" } ], "uuid": "57f78cd0-4559-464f-9df7-36c9ef7c89b3" } ``` ``` curl -k -X PATCH -H "Authorization: Bearer $TEST_TOKEN" "https://localhost:8080/api/latest/fleet/users/14" -d '{"name": "Manuel2", "password": "what", "new_password": "p4ssw0rd.12345"}' { "message": "Permission Denied", "uuid": "7f0220ad-6de7-4faf-8b6c-8d7ff9d2ca06" } ``` - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [X] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [X] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~ 2023-03-13 16:44:06 +00:00
			`fleet.ErrorWithUUID`
Add `fleetctl trigger` command (#8877) 2022-12-06 15:56:54 +00:00			`}`
Add fleetctl delete command (#1765) 2018-05-08 02:07:00 +00:00
			`func (e notFoundErr) Error() string {`
Add `fleetctl trigger` command (#8877) 2022-12-06 15:56:54 +00:00			`if e.msg != "" {`
			`return e.msg`
			`}`
Add fleetctl delete command (#1765) 2018-05-08 02:07:00 +00:00			`return "The resource was not found"`
			`}`

Configure golangci-lint for the whole repository Add a relatively minimal set of linters that raise safe and mostly un-opinionated issues with the code. It runs automatically on CI via a github action. 2021-08-24 17:35:03 +00:00			`func (e notFoundErr) NotFound() bool {`
Add fleetctl delete command (#1765) 2018-05-08 02:07:00 +00:00			`return true`
			`}`
Improve client error messages with unexpected server errors (#1776) 2018-05-09 23:54:23 +00:00
Error early if email already exists (#4363) * Error early if email already exists * Update changes/issue-4361-mail-change-should-error Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> * Fix test * Lint fixes * Fix another test * Also check for invites * Improve error checks * Update comment * Update tests * Fix test Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> 2022-02-28 12:34:44 +00:00			`// Implement Is so that errors.Is(err, sql.ErrNoRows) returns true for an`
			`// error of type *notFoundError, without having to wrap sql.ErrNoRows`
			`// explicitly.`
			`func (e notFoundErr) Is(other error) bool {`
			`return other == sql.ErrNoRows`
			`}`

Add `fleetctl trigger` command (#8877) 2022-12-06 15:56:54 +00:00			`type ConflictErr interface {`
			`Conflict() bool`
			`Error() string`
			`}`

			`type conflictErr struct {`
			`msg string`
			`}`

			`func (e conflictErr) Error() string {`
			`return e.msg`
			`}`

			`func (e conflictErr) Conflict() bool {`
			`return true`
			`}`

Improve client error messages with unexpected server errors (#1776) 2018-05-09 23:54:23 +00:00			`type serverError struct {`
			Message string `json:"message"`
			`Errors []struct {`
			Name string `json:"name"`
			Reason string `json:"reason"`
			} `json:"errors"`
			`}`

			`func extractServerErrorText(body io.Reader) string {`
			`var serverErr serverError`
			`if err := json.NewDecoder(body).Decode(&serverErr); err != nil {`
			`return "unknown"`
			`}`

			`errText := serverErr.Message`
			`if len(serverErr.Errors) > 0 {`
			`errText += ": " + serverErr.Errors[0].Reason`
			`}`

			`return errText`
			`}`
Finalize MDM commands part 2: implement `fleetctl mdm run-command` (#10866) 2023-04-03 18:25:49 +00:00
			`type statusCodeErr struct {`
			`code int`
			`body string`
			`}`

			`func (e *statusCodeErr) Error() string {`
			`return fmt.Sprintf("%d %s", e.code, e.body)`
			`}`

			`func (e *statusCodeErr) StatusCode() int {`
			`return e.code`
			`}`