fix(dump) address free mode workaround regression (#335)

573de55 did not properly handle _successful_ mTLS responses, as the nil
error would not coerce to a Kong API error. Move the workaround into the
error handling block to ensure that there is in fact an error response
before checking its status.

dump/dump.go

@@ -660,18 +660,20 @@ func GetAllMTLSAuths(ctx context.Context,
 		if kong.IsNotFoundErr(err) {
 			return mtlsAuths, nil
 		}
-		// TODO figure out a better way to handle unauthorized endpoints
-		// per https://github.com/Kong/deck/issues/274 we can't dump these resources
-		// from an Enterprise instance running in free mode, and the 403 results in a
-		// fatal error when running "deck dump". We don't want to just treat 403s the
-		// same as 404s because Kong also uses them to indicate missing RBAC permissions,
-		// but this is currently necessary for compatibility. We need a better approach
-		// before adding other Enterprise resources that decK handles by default (versus,
-		// for example, RBAC roles, which require the --rbac-resources-only flag).
-		if err.(*kong.APIError).Code() == 403 {
-			return mtlsAuths, nil
-		}
 		if err != nil {
+			// TODO figure out a better way to handle unauthorized endpoints
+			// per https://github.com/Kong/deck/issues/274 we can't dump these resources
+			// from an Enterprise instance running in free mode, and the 403 results in a
+			// fatal error when running "deck dump". We don't want to just treat 403s the
+			// same as 404s because Kong also uses them to indicate missing RBAC permissions,
+			// but this is currently necessary for compatibility. We need a better approach
+			// before adding other Enterprise resources that decK handles by default (versus,
+			// for example, RBAC roles, which require the --rbac-resources-only flag).
+			if kongErr, ok := err.(*kong.APIError); ok {
+				if kongErr.Code() == 403 {
+					return mtlsAuths, nil
+				}
+			}
 			return nil, err
 		}
 		if err := ctx.Err(); err != nil {