store/keychain: comment why we don't error on id parse in filter

Benehiko · Benehiko · commit f81349f9cc1e · 2025-08-07T07:50:35.000+02:00
Signed-off-by: Alano Terblanche &lt;18033717+Benehiko@users.noreply.github.com&gt;
diff --git a/store/keychain/keychain_darwin.go b/store/keychain/keychain_darwin.go
@@ -200,6 +200,12 @@ func (k *keychainStore[T]) Filter(_ context.Context, pattern store.Pattern) (map
 
 	creds := make(map[string]store.Secret)
 	for _, result := range results {
+		// it is possible that someone else has stored secrets in the keychain
+		// directly without conforming to the store.ID format.
+		// We shouldn't error here when these values cannot be retrieved or
+		// parsed. Instead we just ignore them and proceed.
+		// I guess in future we could at least log them somewhere?
+		// but for now, let's just continue with the other items in the store.
 		id, err := store.ParseID(result.Account)
 		if err != nil {
 			continue
diff --git a/store/keychain/keychain_linux.go b/store/keychain/keychain_linux.go
@@ -368,6 +368,12 @@ func (k *keychainStore[T]) Filter(_ context.Context, pattern store.Pattern) (map
 			return nil, err
 		}
 
+		// it is possible that someone else has stored secrets in the keychain
+		// directly without conforming to the store.ID format.
+		// We shouldn't error here when these values cannot be retrieved or
+		// parsed. Instead we just ignore them and proceed.
+		// I guess in future we could at least log them somewhere?
+		// but for now, let's just continue with the other items in the store.
 		attrID, ok := attributes["id"]
 		if !ok {
 			continue
diff --git a/store/keychain/keychain_windows.go b/store/keychain/keychain_windows.go
@@ -210,6 +210,12 @@ func (k *keychainStore[T]) Filter(_ context.Context, pattern store.Pattern) (map
 
 	secrets := make(map[string]store.Secret)
 	for cred := range findServiceCredentials(k, pattern, credentials) {
+		// it is possible that someone else has stored secrets in the keychain
+		// directly without conforming to the store.ID format.
+		// We shouldn't error here when these values cannot be retrieved or
+		// parsed. Instead we just ignore them and proceed.
+		// I guess in future we could at least log them somewhere?
+		// but for now, let's just continue with the other items in the store.
 		id, err := store.ParseID(strings.ReplaceAll(cred.TargetName, onlyLabelPrefix, ""))
 		if err != nil {
 			continue
