diff --git a/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel b/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel index 4ebe78376cf..9602bafaaba 100644 --- a/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel +++ b/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel @@ -101,6 +101,7 @@ kt_jvm_library( ":certificates", "//src/main/kotlin/org/wfanet/measurement/api/v2alpha:principal_server_interceptor", "//src/main/kotlin/org/wfanet/measurement/api/v2alpha:resource_key", + "//src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha:internal_status_conversion", "//src/main/proto/wfa/measurement/api/v2alpha:certificate_kt_jvm_proto", "//src/main/proto/wfa/measurement/api/v2alpha:certificates_service_kt_jvm_grpc_proto", "//src/main/proto/wfa/measurement/api/v2alpha:page_token_kt_jvm_proto", diff --git a/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesService.kt b/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesService.kt index 8646f18689f..97467dd4751 100644 --- a/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesService.kt +++ b/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesService.kt @@ -111,8 +111,8 @@ class CertificatesService(private val internalCertificatesStub: CertificatesCoro } catch (ex: StatusException) { when (ex.status.code) { Status.Code.INVALID_ARGUMENT -> - failGrpc(Status.INVALID_ARGUMENT, ex) { "Required field unspecified or invalid." } - else -> failGrpc(Status.UNKNOWN, ex) { "Unknown exception." } + throw Status.INVALID_ARGUMENT.toExternalStatusRuntimeException(ex) + else -> throw Status.UNKNOWN.toExternalStatusRuntimeException(ex) } } return internalCertificate.toCertificate() @@ -185,11 +185,10 @@ class CertificatesService(private val internalCertificatesStub: CertificatesCoro internalCertificatesStub.streamCertificates(internalRequest).toList() } catch (e: StatusException) { throw when (e.status.code) { - Status.Code.DEADLINE_EXCEEDED -> Status.DEADLINE_EXCEEDED - else -> Status.UNKNOWN - } - .withCause(e) - .asRuntimeException() + Status.Code.DEADLINE_EXCEEDED -> + Status.DEADLINE_EXCEEDED.toExternalStatusRuntimeException(e) + else -> Status.UNKNOWN.toExternalStatusRuntimeException(e) + } } if (internalCertificates.isEmpty()) { @@ -244,14 +243,12 @@ class CertificatesService(private val internalCertificatesStub: CertificatesCoro internalCertificatesStub.createCertificate(internalCertificate) } catch (ex: StatusException) { when (ex.status.code) { - Status.Code.NOT_FOUND -> failGrpc(Status.NOT_FOUND, ex) { ex.message ?: "Not found" } + Status.Code.NOT_FOUND -> throw Status.NOT_FOUND.toExternalStatusRuntimeException(ex) Status.Code.ALREADY_EXISTS -> - failGrpc(Status.ALREADY_EXISTS, ex) { - "Certificate with the subject key identifier (SKID) already exists." - } + throw Status.ALREADY_EXISTS.toExternalStatusRuntimeException(ex) Status.Code.INVALID_ARGUMENT -> - failGrpc(Status.INVALID_ARGUMENT, ex) { "Required field unspecified or invalid." } - else -> failGrpc(Status.UNKNOWN, ex) { "Unknown exception." } + throw Status.INVALID_ARGUMENT.toExternalStatusRuntimeException(ex) + else -> throw Status.UNKNOWN.toExternalStatusRuntimeException(ex) } } return response.toCertificate() @@ -296,10 +293,10 @@ class CertificatesService(private val internalCertificatesStub: CertificatesCoro internalCertificatesStub.revokeCertificate(internalRevokeCertificateRequest) } catch (ex: StatusException) { when (ex.status.code) { - Status.Code.NOT_FOUND -> failGrpc(Status.NOT_FOUND, ex) { ex.message ?: "Not found" } + Status.Code.NOT_FOUND -> throw Status.NOT_FOUND.toExternalStatusRuntimeException(ex) Status.Code.FAILED_PRECONDITION -> - failGrpc(Status.FAILED_PRECONDITION, ex) { "Certificate is in wrong State." } - else -> failGrpc(Status.UNKNOWN, ex) { "Unknown exception." } + throw Status.FAILED_PRECONDITION.toExternalStatusRuntimeException(ex) + else -> throw Status.UNKNOWN.toExternalStatusRuntimeException(ex) } } return internalCertificate.toCertificate() @@ -339,10 +336,10 @@ class CertificatesService(private val internalCertificatesStub: CertificatesCoro internalCertificatesStub.releaseCertificateHold(internalReleaseCertificateHoldRequest) } catch (ex: StatusException) { when (ex.status.code) { - Status.Code.NOT_FOUND -> failGrpc(Status.NOT_FOUND, ex) { ex.message ?: "Not found" } + Status.Code.NOT_FOUND -> throw Status.NOT_FOUND.toExternalStatusRuntimeException(ex) Status.Code.FAILED_PRECONDITION -> - failGrpc(Status.FAILED_PRECONDITION, ex) { "Certificate is in wrong State." } - else -> failGrpc(Status.UNKNOWN, ex) { "Unknown exception." } + throw Status.FAILED_PRECONDITION.toExternalStatusRuntimeException(ex) + else -> throw Status.UNKNOWN.toExternalStatusRuntimeException(ex) } } return internalCertificate.toCertificate() diff --git a/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/InternalStatusConversion.kt b/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/InternalStatusConversion.kt index 19631f7db20..c34b2513cf5 100644 --- a/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/InternalStatusConversion.kt +++ b/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/InternalStatusConversion.kt @@ -31,6 +31,7 @@ import org.wfanet.measurement.api.v2alpha.MeasurementConsumerCertificateKey import org.wfanet.measurement.api.v2alpha.MeasurementConsumerKey import org.wfanet.measurement.api.v2alpha.MeasurementKey import org.wfanet.measurement.api.v2alpha.ModelProviderCertificateKey +import org.wfanet.measurement.api.v2alpha.ModelProviderKey import org.wfanet.measurement.common.grpc.errorInfo import org.wfanet.measurement.common.identity.externalIdToApiId import org.wfanet.measurement.internal.kingdom.ErrorCode @@ -174,13 +175,28 @@ fun Status.toExternalStatusRuntimeException( } // TODO{@jcorilla}: Populate metadata using subsequent error codes ErrorCode.MODEL_PROVIDER_NOT_FOUND -> { - errorMessage = "ModelProvider not found." + val modelProviderName = + ModelProviderKey( + externalIdToApiId( + checkNotNull(errorInfo.metadataMap["external_model_provider_id"]).toLong() + ) + ) + .toName() + put("model_provider", modelProviderName) + errorMessage = "ModelProvider $modelProviderName not found." } ErrorCode.CERT_SUBJECT_KEY_ID_ALREADY_EXISTS -> { errorMessage = "Certificate with the subject key identifier (SKID) already exists." } ErrorCode.CERTIFICATE_REVOCATION_STATE_ILLEGAL -> { - errorMessage = "Certificate is in wrong State." + val certificateApiId = + externalIdToApiId( + checkNotNull(errorInfo.metadataMap["external_certificate_id"]).toLong() + ) + val certificateRevocationState = checkNotNull(errorInfo.metadataMap["certificate_revocation_state"]).toString() + put("external_certificate_id", certificateApiId) + put("certification_revocation_state", certificateRevocationState) + errorMessage = "Certificate is in illegal revocation state: $certificateRevocationState." } ErrorCode.COMPUTATION_PARTICIPANT_STATE_ILLEGAL -> { errorMessage = "ComputationParticipant state illegal." diff --git a/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel b/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel index 25b221b128d..851ed966025 100644 --- a/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel +++ b/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel @@ -47,6 +47,7 @@ kt_jvm_test( test_class = "org.wfanet.measurement.kingdom.service.api.v2alpha.CertificatesServiceTest", deps = [ "//src/main/kotlin/org/wfanet/measurement/api/v2alpha/testing", + "//src/main/kotlin/org/wfanet/measurement/kingdom/deploy/gcloud/spanner/common", "@wfa_common_jvm//imports/java/com/google/common/truth", "@wfa_common_jvm//imports/java/com/google/common/truth/extensions/proto", "@wfa_common_jvm//imports/java/org/junit", diff --git a/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesServiceTest.kt b/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesServiceTest.kt index cef68f5cca2..0fae002d0f1 100644 --- a/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesServiceTest.kt +++ b/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesServiceTest.kt @@ -69,6 +69,7 @@ import org.wfanet.measurement.common.base64UrlEncode import org.wfanet.measurement.common.crypto.readCertificate import org.wfanet.measurement.common.crypto.subjectKeyIdentifier import org.wfanet.measurement.common.crypto.testing.TestData +import org.wfanet.measurement.common.grpc.errorInfo import org.wfanet.measurement.common.grpc.testing.GrpcTestServerRule import org.wfanet.measurement.common.grpc.testing.mockService import org.wfanet.measurement.common.identity.ExternalId @@ -89,6 +90,11 @@ import org.wfanet.measurement.internal.kingdom.getCertificateRequest as internal import org.wfanet.measurement.internal.kingdom.releaseCertificateHoldRequest as internalReleaseCertificateHoldRequest import org.wfanet.measurement.internal.kingdom.revokeCertificateRequest as internalRevokeCertificateRequest import org.wfanet.measurement.internal.kingdom.streamCertificatesRequest +import org.wfanet.measurement.kingdom.deploy.gcloud.spanner.common.CertSubjectKeyIdAlreadyExistsException +import org.wfanet.measurement.kingdom.deploy.gcloud.spanner.common.CertificateNotFoundException +import org.wfanet.measurement.kingdom.deploy.gcloud.spanner.common.CertificateRevocationStateIllegalException +import org.wfanet.measurement.kingdom.deploy.gcloud.spanner.common.DuchyNotFoundException +import org.wfanet.measurement.kingdom.deploy.gcloud.spanner.common.ModelProviderNotFoundException private val MODEL_PROVIDER_NAME = makeModelProvider(23456L) private val MODEL_PROVIDER_NAME_2 = makeModelProvider(23457L) @@ -102,6 +108,8 @@ private const val MEASUREMENT_CONSUMER_CERTIFICATE_NAME_2 = private const val DUCHY_NAME = "duchies/AAAAAAAAAHs" private const val DUCHY_NAME_2 = "duchies/BBBBBBBBBHs" private const val DUCHY_CERTIFICATE_NAME = "$DUCHY_NAME/certificates/AAAAAAAAAcg" +private val EXTERNAL_MODEL_PROVIDER_ID = + apiIdToExternalId(ModelProviderKey.fromName(MODEL_PROVIDER_NAME)!!.modelProviderId) @RunWith(JUnit4::class) class CertificatesServiceTest { @@ -1294,6 +1302,200 @@ class CertificatesServiceTest { assertThat(exception.status.code).isEqualTo(Status.Code.PERMISSION_DENIED) } + @Test + fun `getCertificate throws INVALID_ARGUMENT when parent not specified`() { + internalCertificatesMock.stub { + onBlocking { getCertificate(any()) } + .thenThrow( + Status.INVALID_ARGUMENT.withDescription("Parent not specified").asRuntimeException() + ) + } + val exception = + assertFailsWith { + withPrincipal( + MeasurementConsumerPrincipal(MeasurementConsumerKey.fromName(MEASUREMENT_CONSUMER_NAME)!!) + ) { + runBlocking { + service.getCertificate( + getCertificateRequest { name = MEASUREMENT_CONSUMER_CERTIFICATE_NAME } + ) + } + } + } + assertThat(exception.status.code).isEqualTo(Status.Code.INVALID_ARGUMENT) + } + + @Test + fun `createCertificate throws NOT_FOUND with model provider name when model provider not found`() { + internalCertificatesMock.stub { + onBlocking { createCertificate(any()) } + .thenThrow( + ModelProviderNotFoundException(ExternalId(EXTERNAL_MODEL_PROVIDER_ID)) + .asStatusRuntimeException(Status.Code.NOT_FOUND, "Model provider not found") + ) + } + val exception = + assertFailsWith { + withPrincipal(ModelProviderPrincipal(ModelProviderKey.fromName(MODEL_PROVIDER_NAME)!!)) { + runBlocking { + service.createCertificate( + createCertificateRequest { + parent = MODEL_PROVIDER_NAME + certificate = CERTIFICATE + } + ) + } + } + } + assertThat(exception.status.code).isEqualTo(Status.Code.NOT_FOUND) + assertThat(exception.errorInfo?.metadataMap) + .containsEntry("model_provider", MODEL_PROVIDER_NAME) + } + + @Test + fun `createCertificate throws ALREADY_EXISTS when certificate with subject key identifier already exists`() { + internalCertificatesMock.stub { + onBlocking { createCertificate(any()) } + .thenThrow( + CertSubjectKeyIdAlreadyExistsException() + .asStatusRuntimeException( + Status.Code.ALREADY_EXISTS, + "Certificate with the subject key identifier (SKID) already exists.", + ) + ) + } + val exception = + assertFailsWith { + withPrincipal(ModelProviderPrincipal(ModelProviderKey.fromName(MODEL_PROVIDER_NAME)!!)) { + runBlocking { + service.createCertificate( + createCertificateRequest { + parent = MODEL_PROVIDER_NAME + certificate = CERTIFICATE + } + ) + } + } + } + assertThat(exception.status.code).isEqualTo(Status.Code.ALREADY_EXISTS) + } + + @Test + fun `revokeCertificate throws NOT_FOUND when certificate is not found`() { + internalCertificatesMock.stub { + onBlocking { revokeCertificate(any()) } + .thenThrow( + CertificateNotFoundException(EXTERNAL_CERTIFICATE_ID) + .asStatusRuntimeException(Status.Code.NOT_FOUND, "Certificate not found") + ) + } + val exception = + assertFailsWith { + withPrincipal(ModelProviderPrincipal(ModelProviderKey.fromName(MODEL_PROVIDER_NAME)!!)) { + runBlocking { + service.revokeCertificate( + revokeCertificateRequest { + name = MODEL_PROVIDER_CERTIFICATE_NAME + revocationState = Certificate.RevocationState.REVOKED + } + ) + } + } + } + assertThat(exception.status.code).isEqualTo(Status.Code.NOT_FOUND) + } + + @Test + fun `revokeCertificate throws FAILED_PRECONDITION with certificate revocation state when certificate state illegal`() { + internalCertificatesMock.stub { + onBlocking { revokeCertificate(any()) } + .thenThrow( + CertificateRevocationStateIllegalException( + EXTERNAL_CERTIFICATE_ID, + InternalCertificate.RevocationState.REVOCATION_STATE_UNSPECIFIED, + ) + .asStatusRuntimeException( + Status.Code.FAILED_PRECONDITION, + "Certificate in illegal state", + ) + ) + } + val exception = + assertFailsWith { + withPrincipal(ModelProviderPrincipal(ModelProviderKey.fromName(MODEL_PROVIDER_NAME)!!)) { + runBlocking { + service.revokeCertificate( + revokeCertificateRequest { + name = MODEL_PROVIDER_CERTIFICATE_NAME + revocationState = Certificate.RevocationState.REVOKED + } + ) + } + } + } + assertThat(exception.status.code).isEqualTo(Status.Code.FAILED_PRECONDITION) + assertThat(exception.errorInfo?.metadataMap) + .containsEntry( + "certification_revocation_state", + InternalCertificate.RevocationState.REVOCATION_STATE_UNSPECIFIED.toString(), + ) + } + + @Test + fun `releaseCertificateHold throws NOT_FOUND with duchy api id when duchy not found`() { + internalCertificatesMock.stub { + onBlocking { releaseCertificateHold(any()) } + .thenThrow( + DuchyNotFoundException(DuchyKey.fromName(DUCHY_NAME)!!.duchyId) + .asStatusRuntimeException(Status.Code.NOT_FOUND, "Duchy not found") + ) + } + val exception = + assertFailsWith { + withPrincipal(DuchyPrincipal(DuchyKey.fromName(DUCHY_NAME)!!)) { + runBlocking { + service.releaseCertificateHold( + releaseCertificateHoldRequest { name = DUCHY_CERTIFICATE_NAME } + ) + } + } + } + assertThat(exception.status.code).isEqualTo(Status.Code.NOT_FOUND) + assertThat(exception.errorInfo?.metadataMap).containsEntry("duchy", DUCHY_NAME) + } + + @Test + fun `releaseCertificateHold throws FAILED_PRECONDITION with certificate revocation state when certificate state illegal`() { + internalCertificatesMock.stub { + onBlocking { releaseCertificateHold(any()) } + .thenThrow( + CertificateRevocationStateIllegalException(EXTERNAL_CERTIFICATE_ID, + InternalCertificate.RevocationState.REVOCATION_STATE_UNSPECIFIED, + ) + .asStatusRuntimeException( + Status.Code.FAILED_PRECONDITION, + "Certificate in illegal state", + ) + ) + } + val exception = + assertFailsWith { + withPrincipal(DuchyPrincipal(DuchyKey.fromName(DUCHY_NAME)!!)) { + runBlocking { + service.releaseCertificateHold( + releaseCertificateHoldRequest { name = DUCHY_CERTIFICATE_NAME } + ) + } + } + } + assertThat(exception.status.code).isEqualTo(Status.Code.FAILED_PRECONDITION) + assertThat(exception.errorInfo?.metadataMap) + .containsEntry( + "certification_revocation_state", + InternalCertificate.RevocationState.REVOCATION_STATE_UNSPECIFIED.toString(), + ) + } + companion object { private val EXTERNAL_DATA_PROVIDER_ID = ExternalId(12345L) private val DATA_PROVIDER_KEY = DataProviderKey(EXTERNAL_DATA_PROVIDER_ID.apiId.value)