Skip to content

Commit

Permalink
auth: handle ENOTDIR when opening cert config
Browse files Browse the repository at this point in the history
Some users explicitly have their home directories set to `/dev/null`.
When opening a file that's "under that directory", instead of getting
the normal `ENOENT`, one should expect to get `ENOTDIR`.

Unfortunately, due to the variety of cases under which `ENOTDIR` is
returned, the go team has declined to include ENOTDIR in `ErrNotExist`.
(https://golang.org/issues/18974)

This leaves explicitly testing for `ENOTDIR`, which (fortunately)
appears to be one of two errnos that are defined in the `syscall`
package for windows as well as all *nix platforms.

Resolves: googleapis#10696
  • Loading branch information
dfinkel committed Aug 16, 2024
1 parent d0b3890 commit 28194a0
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
3 changes: 2 additions & 1 deletion auth/internal/transport/cert/secureconnect_cert.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"os/user"
"path/filepath"
"sync"
"syscall"
"time"
)

Expand Down Expand Up @@ -62,7 +63,7 @@ func NewSecureConnectProvider(configFilePath string) (Provider, error) {

file, err := os.ReadFile(configFilePath)
if err != nil {
if errors.Is(err, os.ErrNotExist) {
if errors.Is(err, os.ErrNotExist) || errors.Is(err, syscall.ENOTDIR) {
// Config file missing means Secure Connect is not supported.
return nil, errSourceUnavailable
}
Expand Down
10 changes: 10 additions & 0 deletions auth/internal/transport/cert/secureconnect_cert_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,16 @@ func TestSecureConnectSource_ConfigMissing(t *testing.T) {
}
}

func TestSecureConnectSource_ConfigNotDirMissing(t *testing.T) {
source, err := NewSecureConnectProvider("/dev/null/missing.json")
if got, want := err, errSourceUnavailable; !errors.Is(err, errSourceUnavailable) {
t.Fatalf("got %v, want %v", got, want)
}
if source != nil {
t.Errorf("got %v, want nil source", source)
}
}

func TestSecureConnectSource_GetClientCertificateSuccess(t *testing.T) {
source, err := NewSecureConnectProvider("testdata/context_aware_metadata.json")
if err != nil {
Expand Down

0 comments on commit 28194a0

Please sign in to comment.