MB-65338 Handle invalid argument to --encrypt-with-key

Change-Id: Ibc851c4e9af991b6bd1557cee0cf910c556408ba
Reviewed-on: https://review.couchbase.org/c/couchbase-cli/+/224273
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Safian Ali <safian.ali@couchbase.com>

Author: matthallcb

cbmgr.py

@@ -3358,6 +3358,13 @@ def _add_edit_parse_opts(self, opts):
         if not opts.name:
             _exit_if_errors(["--name must be specified"])
 
+        encrypt_with_key = 0
+        try:
+            if opts.encrypt_with_key:
+                encrypt_with_key = int(opts.encrypt_with_key)
+        except ValueError:
+            _exit_if_errors(["--encrypt-with-key's argument must be a number"])
+
         usages = []
         if opts.config_usage:
             usages.append("config-encryption")
@@ -3409,7 +3416,7 @@ def _add_edit_parse_opts(self, opts):
                 data["encryptWith"] = "nodeSecretManager"
             else:
                 data["encryptWith"] = "encryptionKey"
-                data["encryptWithKeyId"] = int(opts.encrypt_with_key)
+                data["encryptWithKeyId"] = encrypt_with_key
 
             data["activeKey"] = {"kmipId": opts.kmip_key}
             data["host"] = opts.kmip_host
@@ -3437,7 +3444,7 @@ def _add_edit_parse_opts(self, opts):
                 data["encryptWith"] = "nodeSecretManager"
             else:
                 data["encryptWith"] = "encryptionKey"
-                data["encryptWithKeyId"] = int(opts.encrypt_with_key)
+                data["encryptWithKeyId"] = encrypt_with_key
 
             if (opts.auto_rotate_every and not opts.auto_rotate_start) or \
                (opts.auto_rotate_start and not opts.auto_rotate_every):

test/test_cli.py

@@ -1482,6 +1482,16 @@ def test_add_edit_key_auto_one_rotation_opt(self):
             self.system_exit_run(self.command + args, None, start_server=False)
             self.assertIn('--auto-rotate-every must be provided with --auto-rotate-start-on', self.str_output)
 
+    def test_add_edit_key_invalid_id(self):
+        self.server.set_args(self.server_args)
+        self.server.run()
+
+        for base_args in [['--add-key'], ['--edit-key', '1']]:
+            args = base_args + ['--name', 'key01', '--kek-usage', '--key-type', 'auto-generated',
+                                '--encrypt-with-key', 'foo']
+            self.system_exit_run(self.command + args, None, start_server=False)
+            self.assertIn("--encrypt-with-key's argument must be a number", self.str_output)
+
     def test_add_key_auto(self):
         self.server.set_args(self.server_args)
         self.server.run()