From 209a2d1419ea575fd316bd9975fb63e40cce7a77 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Sat, 9 May 2020 14:52:07 -0700
Subject: actions/policy: improve errors

ErrMissingPolicyMetadata:
	Include the mount, directory path, and metadata path.  Also move
	the explanation into actions/ since it doesn't refer to any CLI
	command.

ErrPolicyMetadataMismatch:
	Include a lot more information.  Also start checking for
	consistency of the policy key descriptors, not just the
	encryption options.  Add a test for this.

ErrDifferentFilesystem:
	Include the mountpoints.

ErrOnlyProtector:
	Clarify the message and include the protector descriptor.

ErrAlreadyProtected:
ErrNotProtected:
	Include the policy and protector descriptors.

ErrAccessDeniedPossiblyV2:
	Make it slightly clearer what failed.  Also move the explanation
	into actions/ since it doesn't refer to any CLI command.
---
 filesystem/filesystem.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'filesystem/filesystem.go')

diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go
index e01f9ff..eb49182 100644
--- a/filesystem/filesystem.go
+++ b/filesystem/filesystem.go
@@ -181,9 +181,9 @@ func (m *Mount) PolicyDir() string {
 	return filepath.Join(m.BaseDir(), policyDirName)
 }
 
-// policyPath returns the full path to a regular policy file with the
+// PolicyPath returns the full path to a regular policy file with the
 // specified descriptor.
-func (m *Mount) policyPath(descriptor string) string {
+func (m *Mount) PolicyPath(descriptor string) string {
 	return filepath.Join(m.PolicyDir(), descriptor)
 }
 
@@ -512,7 +512,7 @@ func (m *Mount) AddPolicy(data *metadata.PolicyData) error {
 		return err
 	}
 
-	return m.err(m.addMetadata(m.policyPath(data.KeyDescriptor), data))
+	return m.err(m.addMetadata(m.PolicyPath(data.KeyDescriptor), data))
 }
 
 // GetPolicy looks up the policy metadata by descriptor.
@@ -521,7 +521,7 @@ func (m *Mount) GetPolicy(descriptor string) (*metadata.PolicyData, error) {
 		return nil, err
 	}
 	data := new(metadata.PolicyData)
-	return data, m.err(m.getMetadata(m.policyPath(descriptor), data))
+	return data, m.err(m.getMetadata(m.PolicyPath(descriptor), data))
 }
 
 // RemovePolicy deletes the policy metadata from the filesystem storage.
@@ -529,7 +529,7 @@ func (m *Mount) RemovePolicy(descriptor string) error {
 	if err := m.CheckSetup(); err != nil {
 		return err
 	}
-	return m.err(m.removeMetadata(m.policyPath(descriptor)))
+	return m.err(m.removeMetadata(m.PolicyPath(descriptor)))
 }
 
 // ListPolicies lists the descriptors of all policies on this filesystem.
-- 
cgit v1.2.3