diff --git a/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel b/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel index 521387dbb5a..6e970a1e0c5 100644 --- a/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel +++ b/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel @@ -103,6 +103,7 @@ kt_jvm_library( ":certificates", "//src/main/kotlin/org/wfanet/measurement/api/v2alpha:principal_server_interceptor", "//src/main/kotlin/org/wfanet/measurement/api/v2alpha:resource_key", + "//src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha:internal_status_conversion", "//src/main/proto/wfa/measurement/api/v2alpha:certificate_kt_jvm_proto", "//src/main/proto/wfa/measurement/api/v2alpha:certificates_service_kt_jvm_grpc_proto", "//src/main/proto/wfa/measurement/api/v2alpha:page_token_kt_jvm_proto", diff --git a/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesService.kt b/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesService.kt index 8646f18689f..3c025048a6f 100644 --- a/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesService.kt +++ b/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesService.kt @@ -108,12 +108,11 @@ class CertificatesService(private val internalCertificatesStub: CertificatesCoro val internalCertificate = try { internalCertificatesStub.getCertificate(internalGetCertificateRequest) - } catch (ex: StatusException) { - when (ex.status.code) { - Status.Code.INVALID_ARGUMENT -> - failGrpc(Status.INVALID_ARGUMENT, ex) { "Required field unspecified or invalid." } - else -> failGrpc(Status.UNKNOWN, ex) { "Unknown exception." } - } + } catch (e: StatusException) { + throw when (e.status.code) { + Status.Code.INVALID_ARGUMENT -> Status.INVALID_ARGUMENT + else -> Status.UNKNOWN + }.toExternalStatusRuntimeException(e) } return internalCertificate.toCertificate() } @@ -185,11 +184,9 @@ class CertificatesService(private val internalCertificatesStub: CertificatesCoro internalCertificatesStub.streamCertificates(internalRequest).toList() } catch (e: StatusException) { throw when (e.status.code) { - Status.Code.DEADLINE_EXCEEDED -> Status.DEADLINE_EXCEEDED - else -> Status.UNKNOWN - } - .withCause(e) - .asRuntimeException() + Status.Code.DEADLINE_EXCEEDED -> Status.DEADLINE_EXCEEDED + else -> Status.UNKNOWN + }.toExternalStatusRuntimeException(e) } if (internalCertificates.isEmpty()) { @@ -242,17 +239,13 @@ class CertificatesService(private val internalCertificatesStub: CertificatesCoro val response = try { internalCertificatesStub.createCertificate(internalCertificate) - } catch (ex: StatusException) { - when (ex.status.code) { - Status.Code.NOT_FOUND -> failGrpc(Status.NOT_FOUND, ex) { ex.message ?: "Not found" } - Status.Code.ALREADY_EXISTS -> - failGrpc(Status.ALREADY_EXISTS, ex) { - "Certificate with the subject key identifier (SKID) already exists." - } - Status.Code.INVALID_ARGUMENT -> - failGrpc(Status.INVALID_ARGUMENT, ex) { "Required field unspecified or invalid." } - else -> failGrpc(Status.UNKNOWN, ex) { "Unknown exception." } - } + } catch (e: StatusException) { + throw when (e.status.code) { + Status.Code.NOT_FOUND -> Status.NOT_FOUND + Status.Code.ALREADY_EXISTS -> Status.ALREADY_EXISTS + Status.Code.INVALID_ARGUMENT -> Status.INVALID_ARGUMENT + else -> Status.UNKNOWN + }.toExternalStatusRuntimeException(e) } return response.toCertificate() } @@ -294,13 +287,12 @@ class CertificatesService(private val internalCertificatesStub: CertificatesCoro val internalCertificate = try { internalCertificatesStub.revokeCertificate(internalRevokeCertificateRequest) - } catch (ex: StatusException) { - when (ex.status.code) { - Status.Code.NOT_FOUND -> failGrpc(Status.NOT_FOUND, ex) { ex.message ?: "Not found" } - Status.Code.FAILED_PRECONDITION -> - failGrpc(Status.FAILED_PRECONDITION, ex) { "Certificate is in wrong State." } - else -> failGrpc(Status.UNKNOWN, ex) { "Unknown exception." } - } + } catch (e: StatusException) { + throw when (e.status.code) { + Status.Code.NOT_FOUND -> Status.NOT_FOUND + Status.Code.FAILED_PRECONDITION -> Status.FAILED_PRECONDITION + else -> Status.UNKNOWN + }.toExternalStatusRuntimeException(e) } return internalCertificate.toCertificate() } @@ -337,13 +329,12 @@ class CertificatesService(private val internalCertificatesStub: CertificatesCoro val internalCertificate = try { internalCertificatesStub.releaseCertificateHold(internalReleaseCertificateHoldRequest) - } catch (ex: StatusException) { - when (ex.status.code) { - Status.Code.NOT_FOUND -> failGrpc(Status.NOT_FOUND, ex) { ex.message ?: "Not found" } - Status.Code.FAILED_PRECONDITION -> - failGrpc(Status.FAILED_PRECONDITION, ex) { "Certificate is in wrong State." } - else -> failGrpc(Status.UNKNOWN, ex) { "Unknown exception." } - } + } catch (e: StatusException) { + throw when (e.status.code) { + Status.Code.NOT_FOUND -> Status.NOT_FOUND + Status.Code.FAILED_PRECONDITION -> Status.FAILED_PRECONDITION + else -> Status.UNKNOWN + }.toExternalStatusRuntimeException(e) } return internalCertificate.toCertificate() } diff --git a/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/InternalStatusConversion.kt b/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/InternalStatusConversion.kt index a49948d633c..19121f1dbb9 100644 --- a/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/InternalStatusConversion.kt +++ b/src/main/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/InternalStatusConversion.kt @@ -32,6 +32,7 @@ import org.wfanet.measurement.api.v2alpha.MeasurementConsumerCertificateKey import org.wfanet.measurement.api.v2alpha.MeasurementConsumerKey import org.wfanet.measurement.api.v2alpha.MeasurementKey import org.wfanet.measurement.api.v2alpha.ModelProviderCertificateKey +import org.wfanet.measurement.api.v2alpha.ModelProviderKey import org.wfanet.measurement.common.grpc.errorInfo import org.wfanet.measurement.common.identity.externalIdToApiId import org.wfanet.measurement.internal.kingdom.ErrorCode @@ -175,13 +176,29 @@ fun Status.toExternalStatusRuntimeException( } // TODO{@jcorilla}: Populate metadata using subsequent error codes ErrorCode.MODEL_PROVIDER_NOT_FOUND -> { - errorMessage = "ModelProvider not found." + val modelProviderName = + ModelProviderKey( + externalIdToApiId( + checkNotNull(errorInfo.metadataMap["external_model_provider_id"]).toLong() + ) + ) + .toName() + put("model_provider", modelProviderName) + errorMessage = "ModelProvider $modelProviderName not found." } ErrorCode.CERT_SUBJECT_KEY_ID_ALREADY_EXISTS -> { errorMessage = "Certificate with the subject key identifier (SKID) already exists." } ErrorCode.CERTIFICATE_REVOCATION_STATE_ILLEGAL -> { - errorMessage = "Certificate is in wrong State." + val certificateApiId = + externalIdToApiId( + checkNotNull(errorInfo.metadataMap["external_certificate_id"]).toLong() + ) + val certificateRevocationState = + checkNotNull(errorInfo.metadataMap["certificate_revocation_state"]).toString() + put("external_certificate_id", certificateApiId) + put("certification_revocation_state", certificateRevocationState) + errorMessage = "Certificate is in illegal revocation state: $certificateRevocationState." } ErrorCode.COMPUTATION_PARTICIPANT_STATE_ILLEGAL -> { errorMessage = "ComputationParticipant state illegal." diff --git a/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel b/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel index 7de8bd9eff6..ba5b26b4482 100644 --- a/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel +++ b/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/BUILD.bazel @@ -49,6 +49,7 @@ kt_jvm_test( test_class = "org.wfanet.measurement.kingdom.service.api.v2alpha.CertificatesServiceTest", deps = [ "//src/main/kotlin/org/wfanet/measurement/api/v2alpha/testing", + "//src/main/kotlin/org/wfanet/measurement/kingdom/deploy/gcloud/spanner/common", "@wfa_common_jvm//imports/java/com/google/common/truth", "@wfa_common_jvm//imports/java/com/google/common/truth/extensions/proto", "@wfa_common_jvm//imports/java/org/junit", diff --git a/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesServiceTest.kt b/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesServiceTest.kt index cef68f5cca2..9d155fc4dff 100644 --- a/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesServiceTest.kt +++ b/src/test/kotlin/org/wfanet/measurement/kingdom/service/api/v2alpha/CertificatesServiceTest.kt @@ -69,6 +69,7 @@ import org.wfanet.measurement.common.base64UrlEncode import org.wfanet.measurement.common.crypto.readCertificate import org.wfanet.measurement.common.crypto.subjectKeyIdentifier import org.wfanet.measurement.common.crypto.testing.TestData +import org.wfanet.measurement.common.grpc.errorInfo import org.wfanet.measurement.common.grpc.testing.GrpcTestServerRule import org.wfanet.measurement.common.grpc.testing.mockService import org.wfanet.measurement.common.identity.ExternalId @@ -89,9 +90,16 @@ import org.wfanet.measurement.internal.kingdom.getCertificateRequest as internal import org.wfanet.measurement.internal.kingdom.releaseCertificateHoldRequest as internalReleaseCertificateHoldRequest import org.wfanet.measurement.internal.kingdom.revokeCertificateRequest as internalRevokeCertificateRequest import org.wfanet.measurement.internal.kingdom.streamCertificatesRequest - -private val MODEL_PROVIDER_NAME = makeModelProvider(23456L) -private val MODEL_PROVIDER_NAME_2 = makeModelProvider(23457L) +import org.wfanet.measurement.kingdom.deploy.gcloud.spanner.common.CertSubjectKeyIdAlreadyExistsException +import org.wfanet.measurement.kingdom.deploy.gcloud.spanner.common.CertificateNotFoundException +import org.wfanet.measurement.kingdom.deploy.gcloud.spanner.common.CertificateRevocationStateIllegalException +import org.wfanet.measurement.kingdom.deploy.gcloud.spanner.common.DuchyNotFoundException +import org.wfanet.measurement.kingdom.deploy.gcloud.spanner.common.ModelProviderNotFoundException + +private const val EXTERNAL_MODEL_PROVIDER_ID = 23456L +private const val EXTERNAL_MODEL_PROVIDER_ID_2 = 23457L +private val MODEL_PROVIDER_NAME = makeModelProvider(EXTERNAL_MODEL_PROVIDER_ID) +private val MODEL_PROVIDER_NAME_2 = makeModelProvider(EXTERNAL_MODEL_PROVIDER_ID_2) private val MODEL_PROVIDER_CERTIFICATE_NAME = "$MODEL_PROVIDER_NAME/certificates/AAAAAAAAAcg" private const val MEASUREMENT_CONSUMER_NAME = "measurementConsumers/AAAAAAAAAHs" private const val MEASUREMENT_CONSUMER_NAME_2 = "measurementConsumers/BBBBBBBBBHs" @@ -1294,6 +1302,201 @@ class CertificatesServiceTest { assertThat(exception.status.code).isEqualTo(Status.Code.PERMISSION_DENIED) } + @Test + fun `getCertificate throws INVALID_ARGUMENT when parent not specified`() { + internalCertificatesMock.stub { + onBlocking { getCertificate(any()) } + .thenThrow( + Status.INVALID_ARGUMENT.withDescription("Parent not specified").asRuntimeException() + ) + } + val exception = + assertFailsWith { + withPrincipal( + MeasurementConsumerPrincipal(MeasurementConsumerKey.fromName(MEASUREMENT_CONSUMER_NAME)!!) + ) { + runBlocking { + service.getCertificate( + getCertificateRequest { name = MEASUREMENT_CONSUMER_CERTIFICATE_NAME } + ) + } + } + } + assertThat(exception.status.code).isEqualTo(Status.Code.INVALID_ARGUMENT) + } + + @Test + fun `createCertificate throws NOT_FOUND with model provider name when model provider not found`() { + internalCertificatesMock.stub { + onBlocking { createCertificate(any()) } + .thenThrow( + ModelProviderNotFoundException(ExternalId(EXTERNAL_MODEL_PROVIDER_ID)) + .asStatusRuntimeException(Status.Code.NOT_FOUND, "Model provider not found") + ) + } + val exception = + assertFailsWith { + withPrincipal(ModelProviderPrincipal(ModelProviderKey.fromName(MODEL_PROVIDER_NAME)!!)) { + runBlocking { + service.createCertificate( + createCertificateRequest { + parent = MODEL_PROVIDER_NAME + certificate = CERTIFICATE + } + ) + } + } + } + assertThat(exception.status.code).isEqualTo(Status.Code.NOT_FOUND) + assertThat(exception.errorInfo?.metadataMap) + .containsEntry("model_provider", MODEL_PROVIDER_NAME) + } + + @Test + fun `createCertificate throws ALREADY_EXISTS when certificate with subject key identifier already exists`() { + internalCertificatesMock.stub { + onBlocking { createCertificate(any()) } + .thenThrow( + CertSubjectKeyIdAlreadyExistsException() + .asStatusRuntimeException( + Status.Code.ALREADY_EXISTS, + "Certificate with the subject key identifier (SKID) already exists.", + ) + ) + } + val exception = + assertFailsWith { + withPrincipal(ModelProviderPrincipal(ModelProviderKey.fromName(MODEL_PROVIDER_NAME)!!)) { + runBlocking { + service.createCertificate( + createCertificateRequest { + parent = MODEL_PROVIDER_NAME + certificate = CERTIFICATE + } + ) + } + } + } + assertThat(exception.status.code).isEqualTo(Status.Code.ALREADY_EXISTS) + } + + @Test + fun `revokeCertificate throws NOT_FOUND when certificate is not found`() { + internalCertificatesMock.stub { + onBlocking { revokeCertificate(any()) } + .thenThrow( + CertificateNotFoundException(EXTERNAL_CERTIFICATE_ID) + .asStatusRuntimeException(Status.Code.NOT_FOUND, "Certificate not found") + ) + } + val exception = + assertFailsWith { + withPrincipal(ModelProviderPrincipal(ModelProviderKey.fromName(MODEL_PROVIDER_NAME)!!)) { + runBlocking { + service.revokeCertificate( + revokeCertificateRequest { + name = MODEL_PROVIDER_CERTIFICATE_NAME + revocationState = Certificate.RevocationState.REVOKED + } + ) + } + } + } + assertThat(exception.status.code).isEqualTo(Status.Code.NOT_FOUND) + } + + @Test + fun `revokeCertificate throws FAILED_PRECONDITION with certificate revocation state when certificate state illegal`() { + internalCertificatesMock.stub { + onBlocking { revokeCertificate(any()) } + .thenThrow( + CertificateRevocationStateIllegalException( + EXTERNAL_CERTIFICATE_ID, + InternalCertificate.RevocationState.REVOCATION_STATE_UNSPECIFIED, + ) + .asStatusRuntimeException( + Status.Code.FAILED_PRECONDITION, + "Certificate in illegal state", + ) + ) + } + val exception = + assertFailsWith { + withPrincipal(ModelProviderPrincipal(ModelProviderKey.fromName(MODEL_PROVIDER_NAME)!!)) { + runBlocking { + service.revokeCertificate( + revokeCertificateRequest { + name = MODEL_PROVIDER_CERTIFICATE_NAME + revocationState = Certificate.RevocationState.REVOKED + } + ) + } + } + } + assertThat(exception.status.code).isEqualTo(Status.Code.FAILED_PRECONDITION) + assertThat(exception.errorInfo?.metadataMap) + .containsEntry( + "certification_revocation_state", + InternalCertificate.RevocationState.REVOCATION_STATE_UNSPECIFIED.toString(), + ) + } + + @Test + fun `releaseCertificateHold throws NOT_FOUND with duchy api id when duchy not found`() { + internalCertificatesMock.stub { + onBlocking { releaseCertificateHold(any()) } + .thenThrow( + DuchyNotFoundException(DuchyKey.fromName(DUCHY_NAME)!!.duchyId) + .asStatusRuntimeException(Status.Code.NOT_FOUND, "Duchy not found") + ) + } + val exception = + assertFailsWith { + withPrincipal(DuchyPrincipal(DuchyKey.fromName(DUCHY_NAME)!!)) { + runBlocking { + service.releaseCertificateHold( + releaseCertificateHoldRequest { name = DUCHY_CERTIFICATE_NAME } + ) + } + } + } + assertThat(exception.status.code).isEqualTo(Status.Code.NOT_FOUND) + assertThat(exception.errorInfo?.metadataMap).containsEntry("duchy", DUCHY_NAME) + } + + @Test + fun `releaseCertificateHold throws FAILED_PRECONDITION with certificate revocation state when certificate state illegal`() { + internalCertificatesMock.stub { + onBlocking { releaseCertificateHold(any()) } + .thenThrow( + CertificateRevocationStateIllegalException( + EXTERNAL_CERTIFICATE_ID, + InternalCertificate.RevocationState.REVOCATION_STATE_UNSPECIFIED, + ) + .asStatusRuntimeException( + Status.Code.FAILED_PRECONDITION, + "Certificate in illegal state", + ) + ) + } + val exception = + assertFailsWith { + withPrincipal(DuchyPrincipal(DuchyKey.fromName(DUCHY_NAME)!!)) { + runBlocking { + service.releaseCertificateHold( + releaseCertificateHoldRequest { name = DUCHY_CERTIFICATE_NAME } + ) + } + } + } + assertThat(exception.status.code).isEqualTo(Status.Code.FAILED_PRECONDITION) + assertThat(exception.errorInfo?.metadataMap) + .containsEntry( + "certification_revocation_state", + InternalCertificate.RevocationState.REVOCATION_STATE_UNSPECIFIED.toString(), + ) + } + companion object { private val EXTERNAL_DATA_PROVIDER_ID = ExternalId(12345L) private val DATA_PROVIDER_KEY = DataProviderKey(EXTERNAL_DATA_PROVIDER_ID.apiId.value)