From 880376fb60d3abaec60b286e15bef2e1b4a637a6 Mon Sep 17 00:00:00 2001
From: Linda Yu <linda.yu@intel.com>
Date: Wed, 27 Sep 2023 11:01:11 +0800
Subject: [PATCH] cdh/storage: refine error message

Signed-off-by: Linda Yu <linda.yu@intel.com>
---
 confidential-data-hub/storage/src/error.rs    |  6 ++++
 .../src/volume_type/alibaba_cloud_oss/oss.rs  | 30 +++++++------------
 2 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/confidential-data-hub/storage/src/error.rs b/confidential-data-hub/storage/src/error.rs
index 80dd80c38..ed29ab401 100644
--- a/confidential-data-hub/storage/src/error.rs
+++ b/confidential-data-hub/storage/src/error.rs
@@ -11,4 +11,10 @@ pub type Result<T> = std::result::Result<T, Error>;
 pub enum Error {
     #[error("secure mount failed: {0}")]
     SecureMountFailed(String),
+
+    #[error("file error: {0}")]
+    FileError(String),
+
+    #[error("unseal secret failed: {0}")]
+    UnsealSecretFailed(String),
 }
diff --git a/confidential-data-hub/storage/src/volume_type/alibaba_cloud_oss/oss.rs b/confidential-data-hub/storage/src/volume_type/alibaba_cloud_oss/oss.rs
index 013409504..9b1e6dedc 100644
--- a/confidential-data-hub/storage/src/volume_type/alibaba_cloud_oss/oss.rs
+++ b/confidential-data-hub/storage/src/volume_type/alibaba_cloud_oss/oss.rs
@@ -65,7 +65,7 @@ async fn unseal_secret(secret: Vec<u8>) -> Result<Vec<u8>> {
     let res = secret
         .unseal()
         .await
-        .map_err(|e| Error::SecureMountFailed(format!("unseal failed: {e}")))?;
+        .map_err(|e| Error::UnsealSecretFailed(format!("unseal failed: {e}")))?;
     Ok(res)
 }
 
@@ -76,9 +76,7 @@ async fn get_plain(secret: &String) -> Result<String> {
             .ok_or(Error::SecureMountFailed(
                 "strip_prefix \"sealed.\" failed".to_string(),
             ))?;
-        let unsealed = unseal_secret(tmp.into())
-            .await
-            .map_err(|e| Error::SecureMountFailed(format!("unseal secret failed: {e}")))?;
+        let unsealed = unseal_secret(tmp.into()).await?;
 
         return String::from_utf8(unsealed)
             .map_err(|e| Error::SecureMountFailed(format!("convert to String failed: {e}")));
@@ -91,27 +89,23 @@ async fn get_plain(secret: &String) -> Result<String> {
 impl Oss {
     pub(crate) async fn mount(&self, source: String, mount_point: String) -> Result<String> {
         // unseal secret
-        let plain_ak_id = get_plain(&self.ak_id)
-            .await
-            .map_err(|e| Error::SecureMountFailed(format!("get_plain failed: {e}")))?;
-        let plain_ak_secret = get_plain(&self.ak_secret)
-            .await
-            .map_err(|e| Error::SecureMountFailed(format!("get_plain failed: {e}")))?;
+        let plain_ak_id = get_plain(&self.ak_id).await?;
+        let plain_ak_secret = get_plain(&self.ak_secret).await?;
 
         // create ossfs passwd file
         let mut ossfs_passwd = File::create(OSSFS_PASSWD_FILE)
-            .map_err(|e| Error::SecureMountFailed(format!("create file failed: {e}")))?;
+            .map_err(|e| Error::FileError(format!("create file failed: {e}")))?;
         let metadata = ossfs_passwd
             .metadata()
-            .map_err(|e| Error::SecureMountFailed(format!("create metadata failed: {e}")))?;
+            .map_err(|e| Error::FileError(format!("create metadata failed: {e}")))?;
         let mut permissions = metadata.permissions();
         permissions.set_mode(0o600);
         ossfs_passwd
             .set_permissions(permissions)
-            .map_err(|e| Error::SecureMountFailed(format!("set permissions failed: {e}")))?;
+            .map_err(|e| Error::FileError(format!("set permissions failed: {e}")))?;
         ossfs_passwd
             .write_all(format!("{}:{}:{}", self.bucket, plain_ak_id, plain_ak_secret).as_bytes())
-            .map_err(|e| Error::SecureMountFailed(format!("write file failed: {e}")))?;
+            .map_err(|e| Error::FileError(format!("write file failed: {e}")))?;
 
         // generate parameters for ossfs command, and execute
         let mut opts = self
@@ -141,16 +135,14 @@ impl Oss {
         // decrypt with gocryptfs if needed
         if self.encrypted == "gocryptfs" {
             // unseal secret
-            let plain_passwd = get_plain(&self.enc_passwd)
-                .await
-                .map_err(|e| Error::SecureMountFailed(format!("get_plain failed: {e}")))?;
+            let plain_passwd = get_plain(&self.enc_passwd).await?;
 
             // create gocryptfs passwd file
             let mut gocryptfs_passwd = File::create(GOCRYPTFS_PASSWD_FILE)
-                .map_err(|e| Error::SecureMountFailed(format!("create file failed: {e}")))?;
+                .map_err(|e| Error::FileError(format!("create file failed: {e}")))?;
             gocryptfs_passwd
                 .write_all(plain_passwd.as_bytes())
-                .map_err(|e| Error::SecureMountFailed(format!("write file failed: {e}")))?;
+                .map_err(|e| Error::FileError(format!("write file failed: {e}")))?;
 
             // generate parameters for gocryptfs, and execute
             let parameters = vec![