From 3fb5b6154399e00f030db5570673f4690c534ddf Mon Sep 17 00:00:00 2001
From: Andy Zhao <andyzhao@google.com>
Date: Fri, 10 Feb 2023 14:20:11 -0800
Subject: [PATCH] fix: Improve error handling for enterprise certificate module
 (#1848)

ECP client now returns a typed error to cover all situations where ECP config is unavailable or incomplete.
---
 go.mod                            | 2 +-
 go.sum                            | 4 ++--
 transport/cert/enterprise_cert.go | 4 +---
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 2d845c545ca..1d4d69f43ea 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	cloud.google.com/go/compute/metadata v0.2.3
 	github.com/google/go-cmp v0.5.9
 	github.com/google/uuid v1.3.0
-	github.com/googleapis/enterprise-certificate-proxy v0.2.1
+	github.com/googleapis/enterprise-certificate-proxy v0.2.2
 	github.com/googleapis/gax-go/v2 v2.7.0
 	go.opencensus.io v0.24.0
 	golang.org/x/net v0.0.0-20221014081412-f15817d10f9b
diff --git a/go.sum b/go.sum
index 44c266858aa..b090f2f433e 100644
--- a/go.sum
+++ b/go.sum
@@ -44,8 +44,8 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.1 h1:RY7tHKZcRlk788d5WSo/e83gOyyy742E8GSs771ySpg=
-github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
+github.com/googleapis/enterprise-certificate-proxy v0.2.2 h1:jUqbmxlR+gGPQq/uvQviKpS1bSQecfs2t7o6F14sk9s=
+github.com/googleapis/enterprise-certificate-proxy v0.2.2/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
 github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ=
 github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
diff --git a/transport/cert/enterprise_cert.go b/transport/cert/enterprise_cert.go
index eaa52e07c08..1061b5f05f3 100644
--- a/transport/cert/enterprise_cert.go
+++ b/transport/cert/enterprise_cert.go
@@ -15,7 +15,6 @@ package cert
 import (
 	"crypto/tls"
 	"errors"
-	"os"
 
 	"github.com/googleapis/enterprise-certificate-proxy/client"
 )
@@ -36,8 +35,7 @@ type ecpSource struct {
 func NewEnterpriseCertificateProxySource(configFilePath string) (Source, error) {
 	key, err := client.Cred(configFilePath)
 	if err != nil {
-		if errors.Is(err, os.ErrNotExist) {
-			// Config file missing means Enterprise Certificate Proxy is not supported.
+		if errors.Is(err, client.ErrCredUnavailable) {
 			return nil, errSourceUnavailable
 		}
 		return nil, err