diff --git a/lib/tbot/bot/destination/directory.go b/lib/tbot/bot/destination/directory.go index 316419a424db4..99cb8a81d4611 100644 --- a/lib/tbot/bot/destination/directory.go +++ b/lib/tbot/bot/destination/directory.go @@ -410,8 +410,9 @@ func (dd *Directory) Write(ctx context.Context, name string, data []byte) error // things have drifted since `Init()` was run. We don't bother with secure // botfs.Create() since it's a no-op for directory creation. if dir, _ := filepath.Split(name); dir != "" { - if err := mkdir(filepath.Join(dd.Path, dir)); err != nil { - return trace.Wrap(err) + dirPath := filepath.Join(dd.Path, dir) + if err := mkdir(dirPath); err != nil { + return trace.Wrap(err, "creating directory %q", dirPath) } } @@ -427,7 +428,7 @@ func (dd *Directory) Write(ctx context.Context, name string, data []byte) error return trace.Wrap(err) } } else if err != nil { - return trace.Wrap(err) + return trace.Wrap(err, "reading %q", path) } if dd.aclsEnabled { @@ -445,7 +446,7 @@ func (dd *Directory) Write(ctx context.Context, name string, data []byte) error } } - return trace.Wrap(botfs.Write(path, data, dd.Symlinks)) + return trace.Wrap(botfs.Write(path, data, dd.Symlinks), "writing %q", path) } func (dd *Directory) Read(ctx context.Context, name string) ([]byte, error) { @@ -456,9 +457,10 @@ func (dd *Directory) Read(ctx context.Context, name string) ([]byte, error) { ) defer span.End() - data, err := botfs.Read(filepath.Join(dd.Path, name), dd.Symlinks) + artifactPath := filepath.Join(dd.Path, name) + data, err := botfs.Read(artifactPath, dd.Symlinks) if err != nil { - return nil, trace.Wrap(err) + return nil, trace.Wrap(err, "reading %q", artifactPath) } return data, nil @@ -472,8 +474,9 @@ func (dd *Directory) TryLock() (func() error, error) { // TryLock should only be used for bot data directory and not for // destinations until an investigation on how locks will play with // ACLs has been completed. - unlock, err := utils.FSTryWriteLock(filepath.Join(dd.Path, "lock")) - return unlock, trace.Wrap(err) + lockPath := filepath.Join(dd.Path, "lock") + unlock, err := utils.FSTryWriteLock(lockPath) + return unlock, trace.Wrap(err, "locking %q", lockPath) } func (dm *Directory) MarshalYAML() (any, error) { diff --git a/lib/tbot/services/identity/output.go b/lib/tbot/services/identity/output.go index e728caf8ee3cb..916c7e240dc71 100644 --- a/lib/tbot/services/identity/output.go +++ b/lib/tbot/services/identity/output.go @@ -211,7 +211,7 @@ func (s *OutputService) generate(ctx context.Context) error { s.insecure, s.fips, ); err != nil { - return trace.Wrap(err) + return trace.Wrap(err, "rendering OpenSSH configuration files") } } @@ -300,13 +300,13 @@ func renderSSHConfig( proxyHost, ) if err != nil { - return trace.Wrap(err) + return trace.Wrap(err, "generating known_hosts") } if err := dest.Write( ctx, ssh.KnownHostsName, []byte(knownHosts), ); err != nil { - return trace.Wrap(err) + return trace.Wrap(err, "writing known_hosts to destination") } // We only want to proceed further if we have a directory destination @@ -322,7 +322,7 @@ func renderSSHConfig( // Destination backends is left as an exercise to the user. absDestPath, err := filepath.Abs(destDirectory.Path) if err != nil { - return trace.Wrap(err) + return trace.Wrap(err, "determining absolute path") } executablePath, err := getExecutablePath() @@ -371,7 +371,7 @@ func renderSSHConfig( // be disabled. Resume: true, }); err != nil { - return trace.Wrap(err) + return trace.Wrap(err, "generating global ssh_config") } // Generate the per cluster files @@ -401,10 +401,10 @@ func renderSSHConfig( // be disabled. Resume: true, }); err != nil { - return trace.Wrap(err) + return trace.Wrap(err, "generating ssh_config for cluster %q", clusterName) } if err := destDirectory.Write(ctx, sshConfigName, []byte(sb.String())); err != nil { - return trace.Wrap(err) + return trace.Wrap(err, "writing ssh_config for cluster %q", clusterName) } knownHosts, ok := clusterKnownHosts[clusterName] @@ -417,12 +417,12 @@ func renderSSHConfig( continue } if err := destDirectory.Write(ctx, knownHostsName, []byte(knownHosts)); err != nil { - return trace.Wrap(err) + return trace.Wrap(err, "writing known_hosts for cluster %q", clusterName) } } if err := destDirectory.Write(ctx, ssh.ConfigName, []byte(sshConfigBuilder.String())); err != nil { - return trace.Wrap(err) + return trace.Wrap(err, "writing global ssh_config") } return nil