From 1fe1eef90e2e7bebef9eedf4dcdf08d9308ed4c7 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Thu, 16 Sep 2021 15:05:11 +0200
Subject: [PATCH] fix(config): better decrypt errors (#11777)
---
lib/config/decrypt.ts | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/lib/config/decrypt.ts b/lib/config/decrypt.ts
index d5e8f5e709..306945086e 100644
--- a/lib/config/decrypt.ts
+++ b/lib/config/decrypt.ts
@@ -101,27 +101,37 @@ export async function tryDecrypt(
if (scopedRepository === repository) {
decryptedStr = value;
} else {
- logger.warn(
+ logger.debug(
{ scopedRepository },
'Secret is scoped to a different repository'
);
+ const error = new Error('config-validation');
+ error.validationError = `Encrypted secret is scoped to a different repository: ${scopedRepository}.`;
+ throw error;
}
} else {
const scopedOrg = `${orgName}/`;
if (repository.startsWith(scopedOrg)) {
decryptedStr = value;
} else {
- logger.warn(
+ logger.debug(
{ scopedOrg },
'Secret is scoped to a different org'
);
+ const error = new Error('config-validation');
+ error.validationError = `Encrypted secret is scoped to a different org" ${scopedOrg}.`;
+ throw error;
}
}
} else {
- logger.warn('Missing scope from decrypted object');
+ const error = new Error('config-validation');
+ error.validationError = `Encrypted value in config is missing a scope.`;
+ throw error;
}
} else {
- logger.warn('Decrypted object is missing a value');
+ const error = new Error('config-validation');
+ error.validationError = `Encrypted value in config is missing a value.`;
+ throw error;
}
} catch (err) {
logger.warn({ err }, 'Could not parse decrypted string');
--
GitLab