From 0f82d544e2fb9628e8fe89ce4e6d8b478a36cbb5 Mon Sep 17 00:00:00 2001 From: Rafi Shamim Date: Thu, 25 Apr 2024 12:33:51 -0400 Subject: [PATCH] roleoption: fix error message for SUBJECT option The string formatting logic was incorrect before. Release note: None --- pkg/ccl/logictestccl/testdata/logic_test/subject | 2 +- pkg/sql/roleoption/role_option.go | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/pkg/ccl/logictestccl/testdata/logic_test/subject b/pkg/ccl/logictestccl/testdata/logic_test/subject index bf427852e316..1ad83c47e31d 100644 --- a/pkg/ccl/logictestccl/testdata/logic_test/subject +++ b/pkg/ccl/logictestccl/testdata/logic_test/subject @@ -1,7 +1,7 @@ # LogicTest: !local-mixed-23.2 # Tests for parsing/validation of the SUBJECT role option. -statement error role "root" cannot have a SUBJECT +statement error role "root" cannot have a SUBJECT\n.*use the --root-cert-distinguished-name CLI flag ALTER ROLE root SUBJECT 'O=US, CN=John Doe' statement error failed to parse distinguished name foo: DN ended with incomplete type, value pair diff --git a/pkg/sql/roleoption/role_option.go b/pkg/sql/roleoption/role_option.go index ae02c476fd4b..ab4917a1c039 100644 --- a/pkg/sql/roleoption/role_option.go +++ b/pkg/sql/roleoption/role_option.go @@ -222,9 +222,11 @@ func MakeListFromKVOptions( return err } if u.IsRootUser() { - return pgerror.Newf(pgcode.InvalidParameterValue, "role %q cannot have a SUBJECT", u, + return errors.WithDetailf( + pgerror.Newf(pgcode.InvalidParameterValue, "role %q cannot have a SUBJECT", u), "use the --%s CLI flag to configure root", - cliflags.RootCertDistinguishedName.Name) + cliflags.RootCertDistinguishedName.Name, + ) } if err := distinguishedname.ValidateDN(s); err != nil { return pgerror.WithCandidateCode(err, pgcode.InvalidParameterValue)