Show actionable errors for collaborative deployment scenarios #1386
Conversation
lennartkats-db
force-pushed
the
cp-better-errors
branch
from
dc33b28
to
c46ecde
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1386 +/- ##
==========================================
+ Coverage 52.25% 53.75% +1.50%
==========================================
Files 317 352 +35
Lines 18004 20410 +2406
==========================================
+ Hits 9408 10972 +1564
- Misses 7903 8636 +733
- Partials 693 802 +109 ☔ View full report in Codecov by Sentry. |
lennartkats-db
changed the title
lennartkats-db
changed the title
lennartkats-db
force-pushed
the
cp-better-errors
branch
2 times, most recently
from
8d26485
to
16b80ea
Compare
lennartkats-db
force-pushed
the
cp-better-errors
branch
from
16b80ea
to
7fff4bc
Compare
lennartkats-db
force-pushed
the
cp-better-errors
branch
from
737f02f
to
3c20dec
Compare
lennartkats-db
force-pushed
the
cp-better-errors
branch
from
3c20dec
to
b384b36
Compare
|
@pietern could you take another look? |
|
|
||
| assistance := "For assistance, contact the owners of this project." | ||
| if len(managersSlice) > 0 { | ||
| assistance = fmt.Sprintf("For assistance, users or groups with appropriate permissions may include: %s.", strings.Join(managersSlice, ", ")) |
| } | ||
|
|
||
| func ReportPermissionDenied(ctx context.Context, b *bundle.Bundle, path string) diag.Diagnostics { | ||
| log.Errorf(ctx, "Failed to update %v", path) |
There was a problem hiding this comment.
Ping. If this is not the case, please include a comment stating why this log statement shouldn't be removed.
|
@shreyas-goenka Can you take a pass as this as well? |
|
Missed the ping, taking a look. |
| @@ -166,11 +166,21 @@ func (w *WorkspaceFilesClient) Write(ctx context.Context, name string, reader io | |||
| // Create parent directory. | |||
| err = w.workspaceClient.Workspace.MkdirsByPath(ctx, path.Dir(absPath)) | |||
| if err != nil { | |||
| if errors.As(err, &aerr) && aerr.StatusCode == http.StatusForbidden { | |||
There was a problem hiding this comment.
We can move it out of the err != nil closure. errors.As automatically asserts that error is not nil.
There was a problem hiding this comment.
Pleas note the errors.As() is a special case: the larger if err != nil also reports an error for non-Forbidden errors.
There was a problem hiding this comment.
I meant we could reduce a level of indentation, like:
if errors.As(err, &aerr) && aerr.StatusCode == http.StatusForbidden {
return PermissionError{absPath}
}
if err != nil {
return fmt.Errorf("unable to mkdir to write file %s: %w", absPath, err)
}
Yes, though that scenario requires the use of an explicit "OWNER: Alice" permission. Which is supported via #1387. |
Based on reviewer feedback we want to minimize assumptions about API behavior
lennartkats-db
force-pushed
the
cp-better-errors
branch
from
48057a5
to
26c3b42
Compare
## Changes This updates the templates to include a `permissions` section. Having a permissions section is a best practice, is helpful to understand the notion of permissions, and helps diagnose permission errors (#1386). This is a cherry-pick from #1387. This change was verified to work both in dev and prod. Existing unit tests validate the validity of the templates in these modes.
| // | ||
| // Note that since the workspace API doesn't always distinguish between permission denied and path errors, | ||
| // we must treat this as a "possible permission error". See acquire.go for more about this. | ||
| func ReportPossiblePermissionDenied(ctx context.Context, b *bundle.Bundle, path string) diag.Diagnostics { |
There was a problem hiding this comment.
This is a helper unrelated to the mutator. Please move it to a dedicated file.
| // Note that since the workspace API doesn't always distinguish between permission denied and path errors, | ||
| // we must treat this as a "possible permission error". See acquire.go for more about this. | ||
| func ReportPossiblePermissionDenied(ctx context.Context, b *bundle.Bundle, path string) diag.Diagnostics { | ||
| log.Errorf(ctx, "Failed to update, encountered possible permission error: %v", path) |
There was a problem hiding this comment.
Unclear if there was an update; we don't have access to the error or the intent here.
There was a problem hiding this comment.
Doesn't "possible permission" error cover what we know? The intent is just logging so maintainers can determine what's going on.
| // But we're still seeing permission errors. So someone else will need | ||
| // to redeploy the bundle with the right set of permissions. | ||
| return diag.Diagnostics{{ | ||
| Summary: fmt.Sprintf("access denied while updating deployment permissions as %s.\n"+ |
There was a problem hiding this comment.
The error above is more apt here: unable to deploy to %s as %s..
We cannot assert if the intent is to update deployment permissions here.
|
We discussed this a while back; I'd like to get integration test coverage for the permission errors on the filer. It's implemented only for the workspace files client now, not for the others (for ex the files API). |
Didn't we conclude that we would just not change the logic of the filer? I reverted that change. |
|
@pietern Updated the PR, processing all the new comments. I'd really like to get this merged. |
This was working a bit better before 26c3b42
| user := b.Config.Workspace.CurrentUser.DisplayName | ||
| if user == "" { | ||
| user = b.Config.Workspace.CurrentUser.UserName | ||
| } |
There was a problem hiding this comment.
Because of the other PR today, I now look at this and see it will show the display name for regular users.
It will affect the error message shown. I think for regular users we better show the email address.
There was a problem hiding this comment.
I changed it to just show the email address in errors.
lennartkats-db
force-pushed
the
cp-better-errors
branch
from
fbf3c9d
to
bde209c
Compare
| if otherManagers.Size() > 0 { | ||
| assistance = fmt.Sprintf( | ||
| "For assistance, users or groups with appropriate permissions may include: %s.", | ||
| strings.Join(otherManagers.Values(), ", "), |
There was a problem hiding this comment.
This is not sorted and is the cause of the test assertion failure in the latest test run.
Changes
This adds diagnostics for collaborative (production) deployment scenarios, including:
/Users/Alice/.bundle.Tests
Unit tests, manual testing.