Improve mTLS error messages upon wrong field values in the Ankaios CLI

[inf17101]

Description

Currently, if the user enters a wrong path for the certificates or key in an Ankaios CLI, then the error message is "Channel preliminary closed." which is not helpful to the user since it is an internal Rust channel error message. This is independent of using the environment variables or the cli arguments directly.

1. Execute the script tools/certs/create_certs.sh to create certificates for development
2. Start the server and agent with certificates
3. Execute an ank cli command and provide an invalid file path to some of the arguments, e.g.:

./ank -v --ca_pem .certs/ca.pem --crt_pem .certs/cli.pem --key_pem asdfg get workloads

You should see the following error message:

Goals

Enhance the Ankaios CLI to output helpful error messages when an mTLS setting has an invalid value.

Final result

Summary

To be filled when the final solution is sketched.

Tasks

• Output "file path does not exist" as error message
• Analyze if not just the invalid file path can be output, but to output a Certificate Error even it is rejected due to other reasons (Maybe this needs to be included into the request handling and the communication middleware)

[inf17101]

The reason is that the polling in the cli does not know when certificates are rejected and the from_server channel object is in this case None since the channel is closed:

    // server_connection.rs:117
    let poll_complete_state_response = async {
            loop {
                match self.from_server.recv().await {
                    Some(FromServer::Response(Response {
                        request_id: received_request_id,
                        response_content: ResponseContent::CompleteState(res),
                    })) if received_request_id == request_id => return Ok(res),
                    None => return Err("Channel preliminary closed."),
                    Some(message) => {
                        // [impl->swdd~cli-stores-unexpected-message~1]
                        self.missed_from_server_messages.push(message);
                    }
                }
            }
        };

Maybe we need proper response handling so that the communication middleware can return a certificate error, then we can also distinguish in the CLI between the errors better and output the user any kind of certificate rejection error (invalid cipher set , what else ...) At a minimum we shall communicate to the user that the file path of the certificate is not valid if a wrong path is provided as argument and if there are some other issues with the certificates then we shall output at least that the communication has failed due to a certificate error (and optional some reason depending on the effort).

[GabyUnalaq]

Currently working on this.

The reason that I found is that the error is indeed produced, but ignored at a higher level, inside grpc/src/client.rs - GRPCCommunicationsClient::run().

[GabyUnalaq]

This issue was solved and solution merged. It can be closed now.