cli/context/store: simplify error handling, and make it more idiomatic

The package defined various special errors; these errors existed for two reasons;

- being able to distinguish "not found" errors from other errors (as "not found"
  errors can be ignored in various cases).
- to be able to update the context _name_ in the error message after the error
  was created. This was needed in cases where the name was not available at the
  location where the error was produced (e.g. only the "id" was present), and
  the helpers to detect "not found" errors did not support wrapped errors (so
  wrapping the error with a "name" could break logic); a `setContextName` interface
  and corresponding `patchErrContextName()` utility was created for this (which
  was a "creative", but not very standard approach).

This patch:

- Removes the special error-types, replacing them with errdefs definitions (which
  is a more common approach in our code-base to detect error types / classes).
- Removes the internal utilities for error-handling, and deprecates the exported
  utilities (to allow external consumers to adjust their code).
- Some errors have been enriched with detailed information (which may be useful
  for debugging / problem solving).
- Note that in some cases, `patchErrContextName()` was called, but the code
  producing the error would never return a `setContextName` error, so would
  never update the error message.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

cli/command/cli.go

@@ -28,6 +28,7 @@ import (
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/client"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/go-connections/tlsconfig"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@@ -462,8 +463,8 @@ func resolveContextName(opts *cliflags.CommonOptions, config *configfile.ConfigF
 	}
 	if config != nil && config.CurrentContext != "" {
 		_, err := contextstore.GetMetadata(config.CurrentContext)
-		if store.IsErrContextDoesNotExist(err) {
+		if errdefs.IsNotFound(err) {
-			return "", errors.Errorf("Current context %q is not found on the file system, please check your config file at %s", config.CurrentContext, config.Filename)
+			return "", errors.Errorf("current context %q is not found on the file system, please check your config file at %s", config.CurrentContext, config.Filename)
 		}
 		return config.CurrentContext, err
 	}

cli/command/context/create.go

@@ -10,6 +10,7 @@ import (
 	"github.com/docker/cli/cli/command/formatter/tabwriter"
 	"github.com/docker/cli/cli/context/docker"
 	"github.com/docker/cli/cli/context/store"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -127,7 +128,7 @@ func checkContextNameForCreation(s store.Reader, name string) error {
 	if err := store.ValidateContextName(name); err != nil {
 		return err
 	}
-	if _, err := s.GetMetadata(name); !store.IsErrContextDoesNotExist(err) {
+	if _, err := s.GetMetadata(name); !errdefs.IsNotFound(err) {
 		if err != nil {
 			return errors.Wrap(err, "error while getting existing contexts")
 		}

cli/command/context/remove.go

@@ -40,7 +40,7 @@ func RunRemove(dockerCli command.Cli, opts RemoveOptions, names []string) error
 		if name == "default" {
 			errs = append(errs, `default: context "default" cannot be removed`)
 		} else if err := doRemove(dockerCli, name, name == currentCtx, opts.Force); err != nil {
-			errs = append(errs, fmt.Sprintf("%s: %s", name, err))
+			errs = append(errs, err.Error())
 		} else {
 			fmt.Fprintln(dockerCli.Out(), name)
 		}
@@ -54,7 +54,7 @@ func RunRemove(dockerCli command.Cli, opts RemoveOptions, names []string) error
 func doRemove(dockerCli command.Cli, name string, isCurrent, force bool) error {
 	if isCurrent {
 		if !force {
-			return errors.New("context is in use, set -f flag to force remove")
+			return errors.Errorf("context %q is in use, set -f flag to force remove", name)
 		}
 		// fallback to DOCKER_HOST
 		cfg := dockerCli.ConfigFile()

cli/command/context/remove_test.go

@@ -6,8 +6,9 @@ import (
 
 	"github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
-	"github.com/docker/cli/cli/context/store"
+	"github.com/docker/docker/errdefs"
 	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestRemove(t *testing.T) {
@@ -18,7 +19,7 @@ func TestRemove(t *testing.T) {
 	_, err := cli.ContextStore().GetMetadata("current")
 	assert.NilError(t, err)
 	_, err = cli.ContextStore().GetMetadata("other")
-	assert.Check(t, store.IsErrContextDoesNotExist(err))
+	assert.Check(t, is.ErrorType(err, errdefs.IsNotFound))
 }
 
 func TestRemoveNotAContext(t *testing.T) {
@@ -38,7 +39,7 @@ func TestRemoveCurrent(t *testing.T) {
 	createTestContext(t, cli, "other")
 	cli.SetCurrentContext("current")
 	err := RunRemove(cli, RemoveOptions{}, []string{"current"})
-	assert.ErrorContains(t, err, "current: context is in use, set -f flag to force remove")
+	assert.ErrorContains(t, err, `context "current" is in use, set -f flag to force remove`)
 }
 
 func TestRemoveCurrentForce(t *testing.T) {

cli/command/context/use_test.go

@@ -11,8 +11,8 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
-	"github.com/docker/cli/cli/context/store"
 	"github.com/docker/cli/cli/flags"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/homedir"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
@@ -47,7 +47,7 @@ func TestUse(t *testing.T) {
 func TestUseNoExist(t *testing.T) {
 	cli := makeFakeCli(t)
 	err := newUseCommand(cli).RunE(nil, []string{"test"})
-	assert.Check(t, store.IsErrContextDoesNotExist(err))
+	assert.Check(t, is.ErrorType(err, errdefs.IsNotFound))
 }
 
 // TestUseDefaultWithoutConfigFile verifies that the CLI does not create

cli/command/defaultcontextstore.go

@@ -1,11 +1,10 @@
 package command
 
 import (
-	"fmt"
-
 	"github.com/docker/cli/cli/context/docker"
 	"github.com/docker/cli/cli/context/store"
 	cliflags "github.com/docker/cli/cli/flags"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 )
 
@@ -107,7 +106,7 @@ func (s *ContextStoreWithDefault) List() ([]store.Metadata, error) {
 // CreateOrUpdate is not allowed for the default context and fails
 func (s *ContextStoreWithDefault) CreateOrUpdate(meta store.Metadata) error {
 	if meta.Name == DefaultContextName {
-		return errors.New("default context cannot be created nor updated")
+		return errdefs.InvalidParameter(errors.New("default context cannot be created nor updated"))
 	}
 	return s.Store.CreateOrUpdate(meta)
 }
@@ -115,7 +114,7 @@ func (s *ContextStoreWithDefault) CreateOrUpdate(meta store.Metadata) error {
 // Remove is not allowed for the default context and fails
 func (s *ContextStoreWithDefault) Remove(name string) error {
 	if name == DefaultContextName {
-		return errors.New("default context cannot be removed")
+		return errdefs.InvalidParameter(errors.New("default context cannot be removed"))
 	}
 	return s.Store.Remove(name)
 }
@@ -135,7 +134,7 @@ func (s *ContextStoreWithDefault) GetMetadata(name string) (store.Metadata, erro
 // ResetTLSMaterial is not implemented for default context and fails
 func (s *ContextStoreWithDefault) ResetTLSMaterial(name string, data *store.ContextTLSData) error {
 	if name == DefaultContextName {
-		return errors.New("The default context store does not support ResetTLSMaterial")
+		return errdefs.InvalidParameter(errors.New("default context cannot be edited"))
 	}
 	return s.Store.ResetTLSMaterial(name, data)
 }
@@ -143,7 +142,7 @@ func (s *ContextStoreWithDefault) ResetTLSMaterial(name string, data *store.Cont
 // ResetEndpointTLSMaterial is not implemented for default context and fails
 func (s *ContextStoreWithDefault) ResetEndpointTLSMaterial(contextName string, endpointName string, data *store.EndpointTLSData) error {
 	if contextName == DefaultContextName {
-		return errors.New("The default context store does not support ResetEndpointTLSMaterial")
+		return errdefs.InvalidParameter(errors.New("default context cannot be edited"))
 	}
 	return s.Store.ResetEndpointTLSMaterial(contextName, endpointName, data)
 }
@@ -176,29 +175,13 @@ func (s *ContextStoreWithDefault) GetTLSData(contextName, endpointName, fileName
 			return nil, err
 		}
 		if defaultContext.TLS.Endpoints[endpointName].Files[fileName] == nil {
-			return nil, &noDefaultTLSDataError{endpointName: endpointName, fileName: fileName}
+			return nil, errdefs.NotFound(errors.Errorf("TLS data for %s/%s/%s does not exist", DefaultContextName, endpointName, fileName))
 		}
 		return defaultContext.TLS.Endpoints[endpointName].Files[fileName], nil
-
 	}
 	return s.Store.GetTLSData(contextName, endpointName, fileName)
 }
 
-type noDefaultTLSDataError struct {
-	endpointName string
-	fileName     string
-}
-
-func (e *noDefaultTLSDataError) Error() string {
-	return fmt.Sprintf("tls data for %s/%s/%s does not exist", DefaultContextName, e.endpointName, e.fileName)
-}
-
-// NotFound satisfies interface github.com/docker/docker/errdefs.ErrNotFound
-func (e *noDefaultTLSDataError) NotFound() {}
-
-// IsTLSDataDoesNotExist satisfies github.com/docker/cli/cli/context/store.tlsDataDoesNotExist
-func (e *noDefaultTLSDataError) IsTLSDataDoesNotExist() {}
-
 // GetStorageInfo implements store.Store's GetStorageInfo
 func (s *ContextStoreWithDefault) GetStorageInfo(contextName string) store.StorageInfo {
 	if contextName == DefaultContextName {

cli/command/defaultcontextstore_test.go

@@ -8,8 +8,10 @@ import (
 	"github.com/docker/cli/cli/context/docker"
 	"github.com/docker/cli/cli/context/store"
 	cliflags "github.com/docker/cli/cli/flags"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/go-connections/tlsconfig"
 	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/golden"
 )
 
@@ -153,6 +155,7 @@ func TestErrCreateDefault(t *testing.T) {
 		Metadata: testContext{Bar: "baz"},
 		Name:     "default",
 	})
+	assert.Check(t, is.ErrorType(err, errdefs.IsInvalidParameter))
 	assert.Error(t, err, "default context cannot be created nor updated")
 }
 
@@ -160,6 +163,7 @@ func TestErrRemoveDefault(t *testing.T) {
 	meta := testDefaultMetadata()
 	s := testStore(t, meta, store.ContextTLSData{})
 	err := s.Remove("default")
+	assert.Check(t, is.ErrorType(err, errdefs.IsInvalidParameter))
 	assert.Error(t, err, "default context cannot be removed")
 }
 
@@ -167,5 +171,5 @@ func TestErrTLSDataError(t *testing.T) {
 	meta := testDefaultMetadata()
 	s := testStore(t, meta, store.ContextTLSData{})
 	_, err := s.GetTLSData("default", "noop", "noop")
-	assert.Check(t, store.IsErrTLSDataDoesNotExist(err))
+	assert.Check(t, is.ErrorType(err, errdefs.IsNotFound))
 }

cli/context/store/metadata_test.go

@@ -5,6 +5,7 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/docker/docker/errdefs"
 	"gotest.tools/v3/assert"
 	"gotest.tools/v3/assert/cmp"
 )
@@ -22,7 +23,7 @@ func testMetadata(name string) Metadata {
 func TestMetadataGetNotExisting(t *testing.T) {
 	testee := metadataStore{root: t.TempDir(), config: testCfg}
 	_, err := testee.get("noexist")
-	assert.Assert(t, IsErrContextDoesNotExist(err))
+	assert.ErrorType(t, err, errdefs.IsNotFound)
 }
 
 func TestMetadataCreateGetRemove(t *testing.T) {
@@ -56,7 +57,7 @@ func TestMetadataCreateGetRemove(t *testing.T) {
 	assert.NilError(t, testee.remove("test-context"))
 	assert.NilError(t, testee.remove("test-context")) // support duplicate remove
 	_, err = testee.get("test-context")
-	assert.Assert(t, IsErrContextDoesNotExist(err))
+	assert.ErrorType(t, err, errdefs.IsNotFound)
 }
 
 func TestMetadataRespectJsonAnnotation(t *testing.T) {

cli/context/store/metadatastore.go

@@ -7,7 +7,9 @@ import (
 	"reflect"
 	"sort"
 
+	"github.com/docker/docker/errdefs"
 	"github.com/fvbommel/sortorder"
+	"github.com/pkg/errors"
 )
 
 const (
@@ -55,13 +57,20 @@ func parseTypedOrMap(payload []byte, getter TypeGetter) (interface{}, error) {
 }
 
 func (s *metadataStore) get(name string) (Metadata, error) {
-	return s.getByID(contextdirOf(name))
+	m, err := s.getByID(contextdirOf(name))
+	if err != nil {
+		return m, errors.Wrapf(err, "load context %q", name)
+	}
+	return m, nil
 }
 
 func (s *metadataStore) getByID(id contextdir) (Metadata, error) {
 	bytes, err := os.ReadFile(filepath.Join(s.contextDir(id), metaFile))
 	if err != nil {
-		return Metadata{}, convertContextDoesNotExist(err)
+		if errors.Is(err, os.ErrNotExist) {
+			return Metadata{}, errdefs.NotFound(errors.Wrap(err, "context does not exist"))
+		}
+		return Metadata{}, err
 	}
 	var untyped untypedContextMetadata
 	r := Metadata{
@@ -83,8 +92,10 @@ func (s *metadataStore) getByID(id contextdir) (Metadata, error) {
 }
 
 func (s *metadataStore) remove(name string) error {
-	contextDir := s.contextDir(contextdirOf(name))
+	if err := os.RemoveAll(s.contextDir(contextdirOf(name))); err != nil {
-	return os.RemoveAll(contextDir)
+		return errors.Wrapf(err, "failed to remove metadata")
+	}
+	return nil
 }
 
 func (s *metadataStore) list() ([]Metadata, error) {
@@ -99,7 +110,7 @@ func (s *metadataStore) list() ([]Metadata, error) {
 	for _, dir := range ctxDirs {
 		c, err := s.getByID(contextdir(dir))
 		if err != nil {
-			return nil, err
+			return nil, errors.Wrap(err, "failed to read metadata")
 		}
 		res = append(res, c)
 	}
@@ -140,13 +151,6 @@ func listRecursivelyMetadataDirs(root string) ([]string, error) {
 	return result, nil
 }
 
-func convertContextDoesNotExist(err error) error {
-	if os.IsNotExist(err) {
-		return &contextDoesNotExistError{}
-	}
-	return err
-}
-
 type untypedContextMetadata struct {
 	Metadata  json.RawMessage            `json:"metadata,omitempty"`
 	Endpoints map[string]json.RawMessage `json:"endpoints,omitempty"`

cli/context/store/store.go

@@ -7,7 +7,6 @@ import (
 	"bytes"
 	_ "crypto/sha256" // ensure ids can be computed
 	"encoding/json"
-	"fmt"
 	"io"
 	"net/http"
 	"path"
@@ -137,20 +136,21 @@ func (s *store) CreateOrUpdate(meta Metadata) error {
 
 func (s *store) Remove(name string) error {
 	if err := s.meta.remove(name); err != nil {
-		return patchErrContextName(err, name)
+		return errors.Wrapf(err, "failed to remove context %s", name)
 	}
-	return patchErrContextName(s.tls.removeAllContextData(name), name)
+	if err := s.tls.removeAllContextData(name); err != nil {
+		return errors.Wrapf(err, "failed to remove context %s", name)
+	}
+	return nil
 }
 
 func (s *store) GetMetadata(name string) (Metadata, error) {
-	res, err := s.meta.get(name)
+	return s.meta.get(name)
-	patchErrContextName(err, name)
-	return res, err
 }
 
 func (s *store) ResetTLSMaterial(name string, data *ContextTLSData) error {
 	if err := s.tls.removeAllContextData(name); err != nil {
-		return patchErrContextName(err, name)
+		return err
 	}
 	if data == nil {
 		return nil
@@ -158,7 +158,7 @@ func (s *store) ResetTLSMaterial(name string, data *ContextTLSData) error {
 	for ep, files := range data.Endpoints {
 		for fileName, data := range files.Files {
 			if err := s.tls.createOrUpdate(name, ep, fileName, data); err != nil {
-				return patchErrContextName(err, name)
+				return err
 			}
 		}
 	}
@@ -167,27 +167,25 @@ func (s *store) ResetTLSMaterial(name string, data *ContextTLSData) error {
 
 func (s *store) ResetEndpointTLSMaterial(contextName string, endpointName string, data *EndpointTLSData) error {
 	if err := s.tls.removeAllEndpointData(contextName, endpointName); err != nil {
-		return patchErrContextName(err, contextName)
+		return err
 	}
 	if data == nil {
 		return nil
 	}
 	for fileName, data := range data.Files {
 		if err := s.tls.createOrUpdate(contextName, endpointName, fileName, data); err != nil {
-			return patchErrContextName(err, contextName)
+			return err
 		}
 	}
 	return nil
 }
 
 func (s *store) ListTLSFiles(name string) (map[string]EndpointFiles, error) {
-	res, err := s.tls.listContextData(name)
+	return s.tls.listContextData(name)
-	return res, patchErrContextName(err, name)
 }
 
 func (s *store) GetTLSData(contextName, endpointName, fileName string) ([]byte, error) {
-	res, err := s.tls.getData(contextName, endpointName, fileName)
+	return s.tls.getData(contextName, endpointName, fileName)
-	return res, patchErrContextName(err, contextName)
 }
 
 func (s *store) GetStorageInfo(contextName string) StorageInfo {
@@ -206,7 +204,7 @@ func ValidateContextName(name string) error {
 		return errors.New(`"default" is a reserved context name`)
 	}
 	if !restrictedNameRegEx.MatchString(name) {
-		return fmt.Errorf("context name %q is invalid, names are validated against regexp %q", name, restrictedNamePattern)
+		return errors.Errorf("context name %q is invalid, names are validated against regexp %q", name, restrictedNamePattern)
 	}
 	return nil
 }
@@ -480,58 +478,18 @@ func importEndpointTLS(tlsData *ContextTLSData, path string, data []byte) error
 	return nil
 }
 
-type setContextName interface {
+// IsErrContextDoesNotExist checks if the given error is a "context does not exist" condition.
-	setContext(name string)
+//
-}
+// Deprecated: use github.com/docker/docker/errdefs.IsNotFound()
-
-type contextDoesNotExistError struct {
-	name string
-}
-
-func (e *contextDoesNotExistError) Error() string {
-	return fmt.Sprintf("context %q does not exist", e.name)
-}
-
-func (e *contextDoesNotExistError) setContext(name string) {
-	e.name = name
-}
-
-// NotFound satisfies interface github.com/docker/docker/errdefs.ErrNotFound
-func (e *contextDoesNotExistError) NotFound() {}
-
-type tlsDataDoesNotExist interface {
-	errdefs.ErrNotFound
-	IsTLSDataDoesNotExist()
-}
-
-type tlsDataDoesNotExistError struct {
-	context, endpoint, file string
-}
-
-func (e *tlsDataDoesNotExistError) Error() string {
-	return fmt.Sprintf("tls data for %s/%s/%s does not exist", e.context, e.endpoint, e.file)
-}
-
-func (e *tlsDataDoesNotExistError) setContext(name string) {
-	e.context = name
-}
-
-// NotFound satisfies interface github.com/docker/docker/errdefs.ErrNotFound
-func (e *tlsDataDoesNotExistError) NotFound() {}
-
-// IsTLSDataDoesNotExist satisfies tlsDataDoesNotExist
-func (e *tlsDataDoesNotExistError) IsTLSDataDoesNotExist() {}
-
-// IsErrContextDoesNotExist checks if the given error is a "context does not exist" condition
 func IsErrContextDoesNotExist(err error) bool {
-	_, ok := err.(*contextDoesNotExistError)
+	return errdefs.IsNotFound(err)
-	return ok
 }
 
 // IsErrTLSDataDoesNotExist checks if the given error is a "context does not exist" condition
+//
+// Deprecated: use github.com/docker/docker/errdefs.IsNotFound()
 func IsErrTLSDataDoesNotExist(err error) bool {
-	_, ok := err.(tlsDataDoesNotExist)
+	return errdefs.IsNotFound(err)
-	return ok
 }
 
 type contextdir string
@@ -539,10 +497,3 @@ type contextdir string
 func contextdirOf(name string) contextdir {
 	return contextdir(digest.FromString(name).Encoded())
 }
-
-func patchErrContextName(err error, name string) error {
-	if typed, ok := err.(setContextName); ok {
-		typed.setContext(name)
-	}
-	return err
-}

cli/context/store/store_test.go

@@ -12,7 +12,9 @@ import (
 	"path"
 	"testing"
 
+	"github.com/docker/docker/errdefs"
 	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 type endpoint struct {
@@ -100,7 +102,7 @@ func TestRemove(t *testing.T) {
 	}))
 	assert.NilError(t, s.Remove("source"))
 	_, err = s.GetMetadata("source")
-	assert.Check(t, IsErrContextDoesNotExist(err))
+	assert.Check(t, is.ErrorType(err, errdefs.IsNotFound))
 	f, err := s.ListTLSFiles("source")
 	assert.NilError(t, err)
 	assert.Equal(t, 0, len(f))
@@ -115,7 +117,7 @@ func TestListEmptyStore(t *testing.T) {
 func TestErrHasCorrectContext(t *testing.T) {
 	_, err := New(t.TempDir(), testCfg).GetMetadata("no-exists")
 	assert.ErrorContains(t, err, "no-exists")
-	assert.Check(t, IsErrContextDoesNotExist(err))
+	assert.Check(t, is.ErrorType(err, errdefs.IsNotFound))
 }
 
 func TestDetectImportContentType(t *testing.T) {
@@ -173,7 +175,7 @@ func TestImportZip(t *testing.T) {
 		Name:     "source",
 	})
 	assert.NilError(t, err)
-	var files = []struct {
+	files := []struct {
 		Name, Body string
 	}{
 		{"meta.json", string(meta)},

cli/context/store/tlsstore.go

@@ -3,6 +3,9 @@ package store
 import (
 	"os"
 	"path/filepath"
+
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
 )
 
 const tlsDir = "tls"
@@ -34,7 +37,10 @@ func (s *tlsStore) createOrUpdate(name, endpointName, filename string, data []by
 func (s *tlsStore) getData(name, endpointName, filename string) ([]byte, error) {
 	data, err := os.ReadFile(filepath.Join(s.endpointDir(name, endpointName), filename))
 	if err != nil {
-		return nil, convertTLSDataDoesNotExist(endpointName, filename, err)
+		if os.IsNotExist(err) {
+			return nil, errdefs.NotFound(errors.Errorf("TLS data for %s/%s/%s does not exist", name, endpointName, filename))
+		}
+		return nil, errors.Wrapf(err, "failed to read TLS data for endpoint %s", endpointName)
 	}
 	return data, nil
 }
@@ -50,11 +56,17 @@ func (s *tlsStore) remove(name, endpointName, filename string) error {
 }
 
 func (s *tlsStore) removeAllEndpointData(name, endpointName string) error {
-	return os.RemoveAll(s.endpointDir(name, endpointName))
+	if err := os.RemoveAll(s.endpointDir(name, endpointName)); err != nil {
+		return errors.Wrapf(err, "failed to remove TLS data for endpoint %s", endpointName)
+	}
+	return nil
 }
 
 func (s *tlsStore) removeAllContextData(name string) error {
-	return os.RemoveAll(s.contextDir(name))
+	if err := os.RemoveAll(s.contextDir(name)); err != nil {
+		return errors.Wrapf(err, "failed to remove TLS data")
+	}
+	return nil
 }
 
 func (s *tlsStore) listContextData(name string) (map[string]EndpointFiles, error) {
@@ -64,14 +76,14 @@ func (s *tlsStore) listContextData(name string) (map[string]EndpointFiles, error
 		if os.IsNotExist(err) {
 			return map[string]EndpointFiles{}, nil
 		}
-		return nil, err
+		return nil, errors.Wrapf(err, "failed to list TLS files for context %s", name)
 	}
 	r := make(map[string]EndpointFiles)
 	for _, epFS := range epFSs {
 		if epFS.IsDir() {
 			fss, err := os.ReadDir(filepath.Join(contextDir, epFS.Name()))
 			if err != nil {
-				return nil, err
+				return nil, errors.Wrapf(err, "failed to list TLS files for endpoint %s", epFS.Name())
 			}
 			var files EndpointFiles
 			for _, fs := range fss {
@@ -87,10 +99,3 @@ func (s *tlsStore) listContextData(name string) (map[string]EndpointFiles, error
 
 // EndpointFiles is a slice of strings representing file names
 type EndpointFiles []string
-
-func convertTLSDataDoesNotExist(endpoint, file string, err error) error {
-	if os.IsNotExist(err) {
-		return &tlsDataDoesNotExistError{endpoint: endpoint, file: file}
-	}
-	return err
-}

cli/context/store/tlsstore_test.go

@@ -3,6 +3,7 @@ package store
 import (
 	"testing"
 
+	"github.com/docker/docker/errdefs"
 	"gotest.tools/v3/assert"
 )
 
@@ -12,7 +13,7 @@ func TestTlsCreateUpdateGetRemove(t *testing.T) {
 	const contextName = "test-ctx"
 
 	_, err := testee.getData(contextName, "test-ep", "test-data")
-	assert.Equal(t, true, IsErrTLSDataDoesNotExist(err))
+	assert.ErrorType(t, err, errdefs.IsNotFound)
 
 	err = testee.createOrUpdate(contextName, "test-ep", "test-data", []byte("data"))
 	assert.NilError(t, err)
@@ -31,7 +32,7 @@ func TestTlsCreateUpdateGetRemove(t *testing.T) {
 	assert.NilError(t, err)
 
 	_, err = testee.getData(contextName, "test-ep", "test-data")
-	assert.Equal(t, true, IsErrTLSDataDoesNotExist(err))
+	assert.ErrorType(t, err, errdefs.IsNotFound)
 }
 
 func TestTlsListAndBatchRemove(t *testing.T) {

cli/context/tlsdata.go

@@ -45,14 +45,14 @@ func (data *TLSData) ToStoreTLSData() *store.EndpointTLSData {
 func LoadTLSData(s store.Reader, contextName, endpointName string) (*TLSData, error) {
 	tlsFiles, err := s.ListTLSFiles(contextName)
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to retrieve context tls files for context %q", contextName)
+		return nil, errors.Wrapf(err, "failed to retrieve TLS files for context %q", contextName)
 	}
 	if epTLSFiles, ok := tlsFiles[endpointName]; ok {
 		var tlsData TLSData
 		for _, f := range epTLSFiles {
 			data, err := s.GetTLSData(contextName, endpointName, f)
 			if err != nil {
-				return nil, errors.Wrapf(err, "failed to retrieve context tls data for file %q of context %q", f, contextName)
+				return nil, errors.Wrapf(err, "failed to retrieve TLS data (%s) for context %q", f, contextName)
 			}
 			switch f {
 			case caKey:
@@ -62,7 +62,7 @@ func LoadTLSData(s store.Reader, contextName, endpointName string) (*TLSData, er
 			case keyKey:
 				tlsData.Key = data
 			default:
-				logrus.Warnf("unknown file %s in context %s tls bundle", f, contextName)
+				logrus.Warnf("unknown file in context %s TLS bundle: %s", contextName, f)
 			}
 		}
 		return &tlsData, nil