Update wording on error message and readme

Signed-off-by: Louis Chu <lingzhichu.clz@gmail.com>
opensearch-project · Oct 11, 2022 · aed93df · aed93df
1 parent 92f519c
commit aed93df
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 9 deletions.
diff --git a/src/plugins/data_source/README.md b/src/plugins/data_source/README.md
@@ -73,14 +73,16 @@ The data source saved object client wrapper overrides the write related action f
 
 ### Cryptography service
 
-The cryptography service performs encryption / decryption on data source credentials (support no_auth and username_password for now). Highlight the following security best practices (see more details on https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1756)
+The cryptography service encrypts and decrypts data source credentials (support no_auth and username_password credential types). Highlight the best security practices listed below:
 
-a. Envelope encryption - has multiple benefits including strong protection on data keys, encryption the same data with multiple wrappign keys, etc
+a. Envelope encryption - provides strong protection on data keys. Read more details [here](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#envelope-encryption)
 
-b. Key derivation algorithm - HKDF with SHA-384, which “helps you avoid accidental reuse of a data encryption key and reduces the risk of overusing a data key.”
+b. Key derivation with HMAC - KDF with SHA-384 protects against accidental reuse of a data encryption keys and reduces the risk of overusing data keys.
 
 c. Signature algorithm - ECDSA with P-384 and SHA-384. Under multiple data source case, data source documents stored on OpenSearch can be modified / replaced by attacker. With ECDSA signature, ciphertext decryption will fail if it’s getting pullted. No one will be able to create another signature that verifies with the public key because the private key has been dropped.
 
+Please check https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1756 for more details.
+
 ---
 
 ## Development

diff --git a/src/plugins/data_source/server/client/configure_client.ts b/src/plugins/data_source/server/client/configure_client.ts
@@ -30,10 +30,10 @@ export const configureClient = async (
 
     return await getQueryClient(rootClient, dataSource, cryptography);
   } catch (error: any) {
-    logger.error(`Fail to get data source client for dataSourceId: [${dataSourceId}]`);
+    logger.error(`Failed to get data source client for dataSourceId: [${dataSourceId}]`);
     logger.error(error);
     // Re-throw as DataSourceConfigError
-    throw new DataSourceConfigError('Fail to get data source client: ', error);
+    throw new DataSourceConfigError('Failed to get data source client: ', error);
   }
 };
 

diff --git a/src/plugins/data_source/server/legacy/configure_legacy_client.ts b/src/plugins/data_source/server/legacy/configure_legacy_client.ts
@@ -38,10 +38,10 @@ export const configureLegacyClient = async (
 
     return await getQueryClient(rootClient, dataSource, cryptography, callApiParams);
   } catch (error: any) {
-    logger.error(`Fail to get data source client for dataSourceId: [${dataSourceId}]`);
+    logger.error(`Failed to get data source client for dataSourceId: [${dataSourceId}]`);
     logger.error(error);
     // Re-throw as DataSourceConfigError
-    throw new DataSourceConfigError('Fail to get data source client: ', error);
+    throw new DataSourceConfigError('Failed to get data source client: ', error);
   }
 };
 

diff --git a/src/plugins/data_source/server/saved_objects/data_source_saved_objects_client_wrapper.ts b/src/plugins/data_source/server/saved_objects/data_source_saved_objects_client_wrapper.ts
@@ -293,7 +293,7 @@ export class DataSourceSavedObjectsClientWrapper {
       });
       attributes = savedObject.attributes;
     } catch (err: any) {
-      const errMsg = `Fail to fetch existing data source for dataSourceId [${id}]`;
+      const errMsg = `Failed to fetch existing data source for dataSourceId [${id}]`;
       this.logger.error(errMsg);
       this.logger.error(err);
       throw SavedObjectsErrorHelpers.decorateBadRequestError(err, errMsg);
@@ -350,7 +350,7 @@ export class DataSourceSavedObjectsClientWrapper {
         const { encryptionContext } = await this.cryptography
           .decodeAndDecrypt(password)
           .catch((err: any) => {
-            const errMsg = `Fail to update existing data source for dataSourceId [${id}]: unable to decrypt "auth.credentials.password"`;
+            const errMsg = `Failed to update existing data source for dataSourceId [${id}]: unable to decrypt "auth.credentials.password"`;
             this.logger.error(errMsg);
             this.logger.error(err);
             throw SavedObjectsErrorHelpers.decorateBadRequestError(err, errMsg);