fix(iac): make "Invalid API key" error message consistent with `secre…

…t scan` When calling `ggshield iac scan` with an invalid API key, the error message says: ``` status_code=401 detail=Invalid API key. Usage: ggshield iac scan [OPTIONS] DIRECTORY Try 'ggshield iac scan -h' for help. Error: Invalid API key. ``` This is confusing because the user did not make any error with command-line arguments, so showing the command CLI help is not helpful. Furthermore, the first line is a less human-friendly format of the rest. Rework this to match the error message printed by `secret scan`. Now it only says: ``` Error: Invalid API key. ``` Remove the `logger.error()` call because it duplicates what `display_error()` prints.
GitGuardian · Mar 20, 2023 · e35b628 · e35b628
1 parent 30484c0
commit e35b628
Showing 1 changed file with 5 additions and 8 deletions.
diff --git a/ggshield/cmd/iac/scan.py b/ggshield/cmd/iac/scan.py
@@ -1,14 +1,15 @@
-import logging
 from pathlib import Path
 from typing import Any, Optional, Sequence, Type
 
 import click
+from pygitguardian import GGClient
 from pygitguardian.iac_models import IaCScanParameters, IaCScanResult
 from pygitguardian.models import Detail
 
 from ggshield.cmd.common_options import add_common_options
 from ggshield.core.client import create_client_from_config
 from ggshield.core.config import Config
+from ggshield.core.errors import APIKeyCheckError
 from ggshield.core.filter import init_exclusion_regexes
 from ggshield.core.text_utils import display_error
 from ggshield.iac.filter import get_iac_files_from_paths
@@ -19,9 +20,6 @@
 from ggshield.scan import ScanCollection, ScanContext, ScanMode
 
 
-logger = logging.getLogger(__name__)
-
-
 def validate_exclude(_ctx: Any, _param: Any, value: Sequence[str]) -> Sequence[str]:
     invalid_excluded_policies = [
         policy_id for policy_id in value if not validate_policy_id(policy_id)
@@ -156,14 +154,13 @@ def iac_scan(ctx: click.Context, directory: Path) -> Optional[IaCScanResult]:
     )
 
     if not scan.success or not isinstance(scan, IaCScanResult):
-        handle_scan_error(scan)
+        handle_scan_error(client, scan)
         return None
     return scan
 
 
-def handle_scan_error(detail: Detail) -> None:
-    logger.error("status_code=%d detail=%s", detail.status_code, detail.detail)
+def handle_scan_error(client: GGClient, detail: Detail) -> None:
     if detail.status_code == 401:
-        raise click.UsageError(detail.detail)
+        raise APIKeyCheckError(client.base_uri, "Invalid API key.")
     display_error("\nError scanning.")
     display_error(str(detail))