Underlying (and useful) exception details are hidden

[morrissimo]

This has bitten me numerous times!

All of the following instances catch ClientError from botocore and re-raise a new generic (and remarkably useless by comparison) exception:

• key_providers.kms._generate_data_key:L213
• key_providers.kms._encrypt_data_key:L250
• key_providers.kms._decrypt_data_key:L283

I believe a different approach should be taken here to prevent hiding botocore Client exception details (network connectivity, insufficient permissions, etc).

[mattsb42-aws]

We intentionally normalize the exceptions raised in order to maintain a consistent API across all master keys. This is important not only for consistency, but also because not all master key implementations will want to expose to the runtime why they failed, just that they did.

In this case, I think it is reasonable to make the underlying exception details available. What we can do is log the original exception details. That maintains the API promise but also gives you the cause of the underlying exception in your debug logs.

[morrissimo]

Sounds good - thanks for the quick response

[mattsb42-aws]

This is addressed in #12