AWS KMS plugin : more detailed message when API calls fail.

Output API function name, exception name, exception text

AWS KMS plugin : more detailed message when API calls fail.
Output API function name, exception name, exception text
753117fe · Vladislav Vaintroub · f67e0504 · 753117fe
Commit 753117fe authored Oct 03, 2018 by Vladislav Vaintroub
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 13 deletions

plugin/aws_key_management/aws_key_management_plugin.cc plugin/aws_key_management/aws_key_management_plugin.cc +16 -13

No files found.
--- a/plugin/aws_key_management/aws_key_management_plugin.cc
+++ b/plugin/aws_key_management/aws_key_management_plugin.cc
@@ -106,6 +106,14 @@ static std::mutex mtx;

 static Aws::KMS::KMSClient *client;

+static void print_kms_error(const char *func, const Aws::Client::AWSError<Aws::KMS::KMSErrors>& err)
+{
+  my_printf_error(ER_UNKNOWN_ERROR,
+    "AWS KMS plugin : KMS Client API '%s' failed : %s - %s",
+    ME_ERROR_LOG,
+    func, err.GetExceptionName().c_str(), err.GetMessage().c_str());
+}
+
 #if WITH_AWS_MOCK
 /* 
  Mock routines to test plugin without actual AWS KMS interaction
@@ -127,7 +135,7 @@ static int mock_generate_encrypted_key(Aws::Utils::ByteBuffer *result)
 }


-static int mock_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output, Aws::String *errmsg)
+static int mock_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output)
 {
  /* We do not encrypt or decrypt in mock mode.*/
  *output = input;
@@ -401,14 +409,14 @@ static unsigned int get_latest_key_version_nolock(unsigned int key_id)
 }

 /* Decrypt Byte buffer with AWS. */
-static int aws_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output, Aws::String *errmsg)
+static int aws_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output)
 {
  DecryptRequest request;
  request.SetCiphertextBlob(input);
  DecryptOutcome outcome = client->Decrypt(request);
  if (!outcome.IsSuccess())
  {
-    *errmsg = outcome.GetError().GetMessage();
+    print_kms_error("Decrypt", outcome.GetError());
    return -1;
  }
  *output= outcome.GetResult().GetPlaintext();
@@ -416,13 +424,13 @@ static int aws_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* out
 }


-static int decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output, Aws::String *errmsg)
+static int decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output)
 {
 #if WITH_AWS_MOCK
  if(mock)
-    return mock_decrypt(input,output, errmsg);
+    return mock_decrypt(input,output);
 #endif
-  return aws_decrypt(input, output, errmsg);
+  return aws_decrypt(input, output);
 }

 /* 
@@ -452,12 +460,9 @@ static  int read_and_decrypt_key(const char *path, KEY_INFO *info)

  Aws::Utils::ByteBuffer input((unsigned char *)contents.data(), pos);
  Aws::Utils::ByteBuffer plaintext;
-  Aws::String errmsg;

-  if (decrypt(input, &plaintext, &errmsg))
+  if (decrypt(input, &plaintext))
  {
-      my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: Decrypt failed for %s : %s", ME_ERROR_LOG, path,
-      errmsg.c_str());
      return -1;
  }

@@ -491,9 +496,7 @@ int aws_generate_encrypted_key(Aws::Utils::ByteBuffer *result)
  outcome= client->GenerateDataKeyWithoutPlaintext(request);
  if (!outcome.IsSuccess())
  {
-    my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin : GenerateDataKeyWithoutPlaintext failed : %s - %s", ME_ERROR_LOG,
-      outcome.GetError().GetExceptionName().c_str(),
-      outcome.GetError().GetMessage().c_str());
+    print_kms_error("GenerateDataKeyWithoutPlaintext", outcome.GetError());
    return(-1);
  }
 *result =  outcome.GetResult().GetCiphertextBlob();