fix(secret): do not treat missing file secrets as config error

They are intended to be used mostly in the context of resources, which have their own feedback mechanism: statuses, retries, etc. Also turn the error into a throw exception, so that it can be interpreted as a regular error condition, for example by the resource manager.
2023-10-26 14:37:14 +07:00 · 2023-10-26 14:37:14 +07:00 · 44b4205561
parent 52f4519eeb
commit 44b4205561
2 changed files with 17 additions and 18 deletions
--- a/apps/emqx/src/emqx_schema_secret.erl
+++ b/apps/emqx/src/emqx_schema_secret.erl
@ -75,14 +75,7 @@ convert_secret(Secret, #{}) ->

 -spec wrap(source()) -> emqx_secret:t(t()).
 wrap(Source) ->
-    try
-        _Secret = load(Source),
-        emqx_secret:wrap(?MODULE, load, Source)
-    catch
-        error:Reason ->
-            % NOTE: This should be a term serializable as JSON value.
-            throw(emqx_utils:format(Reason))
-    end.
+    emqx_secret:wrap(?MODULE, load, Source).

 -spec source(emqx_secret:t(t())) -> source().
 source(Secret) when is_function(Secret) ->
@ -103,5 +96,9 @@ load_file(Filename) ->
        {ok, Secret} ->
            string:trim(Secret, trailing, [$\n]);
        {error, Reason} ->
-            error({inaccessible_secret_file, Reason}, [Filename])
+            throw(#{
+                msg => failed_to_read_secret_file,
+                path => Filename,
+                reason => emqx_utils:explain_posix(Reason)
+            })
    end.
--- a/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_SUITE.erl
+++ b/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_SUITE.erl
@ -230,16 +230,18 @@ t_conf_bridge_authn_passfile(Config) ->
    ?assertReceive(
        {authenticate, #{username := Username2, password := Password2}}
    ),
-    {ok, 400, #{<<"message">> := Message}} = request_json(
-        post,
-        uri(["bridges"]),
-        ?SERVER_CONF(<<>>, <<"file://im/pretty/sure/theres/no/such/file">>)#{
-            <<"name">> => <<"t_conf_bridge_authn_no_passfile">>
-        }
-    ),
    ?assertMatch(
-        #{<<"reason">> := <<"{inaccessible_secret_file,enoent}">>},
-        emqx_utils_json:decode(Message)
+        {ok, 201, #{
+            <<"status">> := <<"disconnected">>,
+            <<"status_reason">> := <<"#{msg => failed_to_read_secret_file", _/bytes>>
+        }},
+        request_json(
+            post,
+            uri(["bridges"]),
+            ?SERVER_CONF(<<>>, <<"file://im/pretty/sure/theres/no/such/file">>)#{
+                <<"name">> => <<"t_conf_bridge_authn_no_passfile">>
+            }
+        )
    ).

 hook_authenticate() ->