VAULT-24798: audit - improve error messages (#26312)

* audit: remove 'op' from error messages and do some clean up * Allow early error checking to be concerned with vault/Core vs. audit
2025-11-01 19:17:58 +00:00 · 2024-04-11 09:09:32 +01:00
parent 82eda875dd
commit 3dc16db87e
40 changed files with 645 additions and 547 deletions
--- a/audit/errors.go
+++ b/audit/errors.go
@@ -0,0 +1,34 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package audit
+
+import "errors"
+
+var (
+	// ErrInternal should be used to represent an unexpected error that occurred
+	// within the audit system.
+	ErrInternal = errors.New("audit system internal error")
+
+	// ErrInvalidParameter should be used to represent an error in which the
+	// internal audit system is receiving invalid parameters from other parts of
+	// Vault which should have already been validated.
+	ErrInvalidParameter = errors.New("invalid internal parameter")
+
+	// ErrExternalOptions should be used to represent an error related to
+	// invalid configuration provided to Vault (i.e. by the Vault Operator).
+	ErrExternalOptions = errors.New("invalid configuration")
+)
+
+// ConvertToExternalError handles converting an error that was generated in Vault
+// and should appear as-is in the server logs, to an error that can be returned to
+// calling clients (via the API/CLI).
+func ConvertToExternalError(err error) error {
+	// If the error is an internal error, the contents will have been logged, and
+	// we should probably shield the caller from the details.
+	if errors.Is(err, ErrInternal) {
+		return ErrInternal
+	}
+
+	return err
+}