fix(api): surface real provider error on apply/check instead of generic internal error
resolve (shared by Check/Apply) and Apply now wrap GetRecords/ApplyChanges failures in service.ErrProviderUnavailable, matching ZoneRecords' existing behavior. handleApply/handleCheck use errors.Is against it to return 502 with the real provider message (e.g. Selectel's 409 conflict body) instead of masking every failure as a generic 500 "internal error"; non-provider errors (decrypt/db/loader) are unaffected. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
This commit is contained in:
@@ -4,6 +4,7 @@ import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/google/uuid"
|
||||
|
||||
@@ -23,6 +24,16 @@ import (
|
||||
// pick 502 vs 404 without leaking provider error details as "not found".
|
||||
var ErrProviderUnavailable = errors.New("service: provider unavailable")
|
||||
|
||||
// ProviderMessage extracts the provider's own error text from an error
|
||||
// wrapped with ErrProviderUnavailable, stripping the sentinel prefix so
|
||||
// callers can surface it to the user as-is (e.g. Selectel's "409: conflicting
|
||||
// CNAME record exists"). Only meant to be called on errors that
|
||||
// errors.Is(err, ErrProviderUnavailable) — otherwise it just returns
|
||||
// err.Error() unchanged.
|
||||
func ProviderMessage(err error) string {
|
||||
return strings.TrimPrefix(err.Error(), ErrProviderUnavailable.Error()+": ")
|
||||
}
|
||||
|
||||
// DomainRef is the minimal data the service needs about a domain.
|
||||
type DomainRef struct {
|
||||
ZoneID string
|
||||
@@ -84,7 +95,11 @@ func (s *DomainService) resolve(ctx context.Context, projectID, domainID uuid.UU
|
||||
creds := provider.Credentials{Secret: string(secret)}
|
||||
actual, err := p.GetRecords(ctx, creds, ref.ZoneID)
|
||||
if err != nil {
|
||||
return nil, provider.Credentials{}, ref, diff.Changeset{}, err
|
||||
// Only a failure of the provider call itself is "provider unavailable" —
|
||||
// LoadDomain/ByName/Decrypt errors above are local resolution failures
|
||||
// (e.g. domain not found, bad stored credentials) and must not be
|
||||
// conflated with it.
|
||||
return nil, provider.Credentials{}, ref, diff.Changeset{}, fmt.Errorf("%w: %v", ErrProviderUnavailable, err)
|
||||
}
|
||||
cs := diff.Diff(tmpl.Materialize(ref.Template, ref.ZoneName), actual)
|
||||
return p, creds, ref, cs, nil
|
||||
@@ -155,7 +170,7 @@ func (s *DomainService) Apply(ctx context.Context, projectID, domainID uuid.UUID
|
||||
applied := diff.Changeset{Diffs: toApply}
|
||||
if len(toApply) > 0 {
|
||||
if err := p.ApplyChanges(ctx, creds, ref.ZoneID, applied); err != nil {
|
||||
return diff.Changeset{}, err
|
||||
return diff.Changeset{}, fmt.Errorf("%w: %v", ErrProviderUnavailable, err)
|
||||
}
|
||||
}
|
||||
return applied, nil
|
||||
|
||||
Reference in New Issue
Block a user