Return 500 if existence check fails, not 400 (#3173)

Fixes #3162

physical/physical_view.go

@@ -1,10 +1,14 @@
 package physical
 
 import (
-	"fmt"
+	"errors"
 	"strings"
 )
 
+var (
+	ErrRelativePath = errors.New("relative paths not supported")
+)
+
 // View represents a prefixed view of a physical backend
 type View struct {
 	backend Backend
@@ -74,7 +78,7 @@ func (v *View) Delete(key string) error {
 // sanityCheck is used to perform a sanity check on a key
 func (v *View) sanityCheck(key string) error {
 	if strings.Contains(key, "..") {
-		return fmt.Errorf("key cannot be relative path")
+		return ErrRelativePath
 	}
 	return nil
 }

vault/barrier_view.go

@@ -1,7 +1,7 @@
 package vault
 
 import (
-	"fmt"
+	"errors"
 	"strings"
 
 	"github.com/hashicorp/vault/logical"
@@ -20,6 +20,10 @@ type BarrierView struct {
 	readonly bool
 }
 
+var (
+	ErrRelativePath = errors.New("relative paths not supported")
+)
+
 // NewBarrierView takes an underlying security barrier and returns
 // a view of it that can only operate with the given prefix.
 func NewBarrierView(barrier BarrierStorage, prefix string) *BarrierView {
@@ -32,7 +36,7 @@ func NewBarrierView(barrier BarrierStorage, prefix string) *BarrierView {
 // sanityCheck is used to perform a sanity check on a key
 func (v *BarrierView) sanityCheck(key string) error {
 	if strings.Contains(key, "..") {
-		return fmt.Errorf("key cannot be relative path")
+		return ErrRelativePath
 	}
 	return nil
 }

vault/request_handling.go

@@ -171,6 +171,9 @@ func (c *Core) handleRequest(req *logical.Request) (retResp *logical.Response, r
 		if errType != nil {
 			retErr = multierror.Append(retErr, errType)
 		}
+		if ctErr == ErrInternalError {
+			return nil, auth, retErr
+		}
 		return logical.ErrorResponse(ctErr.Error()), auth, retErr
 	}