From 69d94e386840ea750c39b254ae06d0cb490b380f Mon Sep 17 00:00:00 2001 From: Floris van der Grinten Date: Mon, 6 Jul 2020 15:30:46 +0200 Subject: [PATCH 1/2] Add server errors for taken service accounts --- internals/api/server_errors.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/internals/api/server_errors.go b/internals/api/server_errors.go index 3aed927e..4fe60c0f 100644 --- a/internals/api/server_errors.go +++ b/internals/api/server_errors.go @@ -84,6 +84,12 @@ var ( ErrNoAdminAccess = errHub.Code("no_admin_access").StatusError("Only accounts with Admin access can perform this action", http.StatusForbidden) ErrMemberAlreadyExists = errHub.Code("member_already_exists").StatusError("The member already exists", http.StatusConflict) + // AWS IdP + ErrAWSRoleAlreadyTaken = errHub.Code("aws_role_taken").StatusError("a service account coupled to that IAM role already exists. Delete the existing service account or create a new one using a different IAM role.", http.StatusConflict) + + // GCP IdP + ErrGCPServiceAccountAlreadyTaken = errHub.Code("gcp_service_account_taken").StatusError("a SecretHub service account coupled to that Google Service Account email already exists. Delete the existing SecretHub service account or create a new one using a different Google Service Account email.", http.StatusConflict) + // Account ErrAccountNotFound = errHub.Code("account_not_found").StatusError("Account not found", http.StatusNotFound) ErrUnknownSubjectType = errHub.Code("unknown_subject_type").Error("Unknown subject type") // no status error because it is an internal error From 9955b8fcdad32920326583e73624c5a0bbd87f34 Mon Sep 17 00:00:00 2001 From: Floris van der Grinten Date: Mon, 6 Jul 2020 17:40:57 +0200 Subject: [PATCH 2/2] Explicitly mention GCP instead of just Google Co-authored-by: Joris Coenen --- internals/api/server_errors.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internals/api/server_errors.go b/internals/api/server_errors.go index 4fe60c0f..aca1ff7c 100644 --- a/internals/api/server_errors.go +++ b/internals/api/server_errors.go @@ -88,7 +88,7 @@ var ( ErrAWSRoleAlreadyTaken = errHub.Code("aws_role_taken").StatusError("a service account coupled to that IAM role already exists. Delete the existing service account or create a new one using a different IAM role.", http.StatusConflict) // GCP IdP - ErrGCPServiceAccountAlreadyTaken = errHub.Code("gcp_service_account_taken").StatusError("a SecretHub service account coupled to that Google Service Account email already exists. Delete the existing SecretHub service account or create a new one using a different Google Service Account email.", http.StatusConflict) + ErrGCPServiceAccountAlreadyTaken = errHub.Code("gcp_service_account_taken").StatusError("a SecretHub service account coupled to that GCP Service Account email already exists. Delete the existing SecretHub service account or create a new one using a different GCP Service Account email.", http.StatusConflict) // Account ErrAccountNotFound = errHub.Code("account_not_found").StatusError("Account not found", http.StatusNotFound)