From 44b4205561d63ac0440d776d040dba2d2c647de8 Mon Sep 17 00:00:00 2001
From: Andrew Mayorov <encube.ul@gmail.com>
Date: Thu, 26 Oct 2023 14:37:14 +0700
Subject: [PATCH] fix(secret): do not treat missing file secrets as config
 error

They are intended to be used mostly in the context of resources, which
have their own feedback mechanism: statuses, retries, etc.

Also turn the error into a throw exception, so that it can be
interpreted as a regular error condition, for example by the resource
manager.
---
 apps/emqx/src/emqx_schema_secret.erl          | 15 ++++++--------
 .../test/emqx_bridge_mqtt_SUITE.erl           | 20 ++++++++++---------
 2 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/apps/emqx/src/emqx_schema_secret.erl b/apps/emqx/src/emqx_schema_secret.erl
index aa2cbcc84..865d0eac9 100644
--- a/apps/emqx/src/emqx_schema_secret.erl
+++ b/apps/emqx/src/emqx_schema_secret.erl
@@ -75,14 +75,7 @@ convert_secret(Secret, #{}) ->
 
 -spec wrap(source()) -> emqx_secret:t(t()).
 wrap(Source) ->
-    try
-        _Secret = load(Source),
-        emqx_secret:wrap(?MODULE, load, Source)
-    catch
-        error:Reason ->
-            % NOTE: This should be a term serializable as JSON value.
-            throw(emqx_utils:format(Reason))
-    end.
+    emqx_secret:wrap(?MODULE, load, Source).
 
 -spec source(emqx_secret:t(t())) -> source().
 source(Secret) when is_function(Secret) ->
@@ -103,5 +96,9 @@ load_file(Filename) ->
         {ok, Secret} ->
             string:trim(Secret, trailing, [$\n]);
         {error, Reason} ->
-            error({inaccessible_secret_file, Reason}, [Filename])
+            throw(#{
+                msg => failed_to_read_secret_file,
+                path => Filename,
+                reason => emqx_utils:explain_posix(Reason)
+            })
     end.
diff --git a/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_SUITE.erl b/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_SUITE.erl
index 6b5cc86da..1776ae236 100644
--- a/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_SUITE.erl
+++ b/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_SUITE.erl
@@ -230,16 +230,18 @@ t_conf_bridge_authn_passfile(Config) ->
     ?assertReceive(
         {authenticate, #{username := Username2, password := Password2}}
     ),
-    {ok, 400, #{<<"message">> := Message}} = request_json(
-        post,
-        uri(["bridges"]),
-        ?SERVER_CONF(<<>>, <<"file://im/pretty/sure/theres/no/such/file">>)#{
-            <<"name">> => <<"t_conf_bridge_authn_no_passfile">>
-        }
-    ),
     ?assertMatch(
-        #{<<"reason">> := <<"{inaccessible_secret_file,enoent}">>},
-        emqx_utils_json:decode(Message)
+        {ok, 201, #{
+            <<"status">> := <<"disconnected">>,
+            <<"status_reason">> := <<"#{msg => failed_to_read_secret_file", _/bytes>>
+        }},
+        request_json(
+            post,
+            uri(["bridges"]),
+            ?SERVER_CONF(<<>>, <<"file://im/pretty/sure/theres/no/such/file">>)#{
+                <<"name">> => <<"t_conf_bridge_authn_no_passfile">>
+            }
+        )
     ).
 
 hook_authenticate() ->