Add user friendly error

mtodor · mtodor · commit a33a0a5262f3 · 2026-05-18T14:16:22.000+02:00
diff --git a/internal/client/client.go b/internal/client/client.go
@@ -70,7 +70,8 @@ func (c *Client) Connect(ctx context.Context) error {
 
 	tlsConfig, err := c.tlsConfig()
 	if err != nil {
-		return err
+		slog.Error("TLS configuration failed", "error", err)
+		return errors.New("TLS configuration error: verify CA certificate configuration. Check server logs for details.")
 	}
 
 	var conn *grpc.ClientConn
diff --git a/internal/client/client_test.go b/internal/client/client_test.go
@@ -313,6 +313,23 @@ func TestClient_tlsConfig_NonexistentCACertPath(t *testing.T) {
 	assert.Contains(t, err.Error(), "failed to access CA certificate")
 }
 
+func TestClient_Connect_SanitizesTLSConfigError(t *testing.T) {
+	client := &Client{
+		config: &config.CentralConfig{
+			URL:        "central.stackrox.io:8443",
+			AuthType:   config.AuthTypeStatic,
+			APIToken:   "dummy",
+			CACertPath: "/nonexistent/secret/path/ca.crt",
+		},
+	}
+
+	err := client.Connect(context.Background())
+	require.Error(t, err)
+	assert.NotContains(t, err.Error(), "/nonexistent/secret/path/ca.crt")
+	assert.Contains(t, err.Error(), "TLS configuration error")
+	assert.Contains(t, err.Error(), "Check server logs for details")
+}
+
 // generateTestCert creates a certificate PEM with the given options, signed by the given CA.
 // If ca/caKey are nil, the cert is self-signed.
 func generateTestCert(

Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,8 @@ func (c *Client) Connect(ctx context.Context) error {`
`70`	`70`
`71`	`71`	`tlsConfig, err := c.tlsConfig()`
`72`	`72`	`if err != nil {`
`73`		`- return err`
	`73`	`+ slog.Error("TLS configuration failed", "error", err)`
	`74`	`+ return errors.New("TLS configuration error: verify CA certificate configuration. Check server logs for details.")`
`74`	`75`	`}`
`75`	`76`
`76`	`77`	`var conn *grpc.ClientConn`