Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add cred info to auth related errors #2115

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Conversation

arithmetic1728
Copy link
Collaborator

@arithmetic1728 arithmetic1728 commented Aug 29, 2024

Adds cred info to error details for 401/403/404 errors. See go/python-auth-error-message-improvement.

Manually tested with KMS client: arithmetic1728/google-cloud-python#1

@product-auto-label product-auto-label bot added the size: l Pull request size is large. label Aug 29, 2024
@arithmetic1728 arithmetic1728 force-pushed the cred_info branch 2 times, most recently from 137ee25 to e909f85 Compare August 29, 2024 01:30
@product-auto-label product-auto-label bot added size: m Pull request size is medium. and removed size: l Pull request size is large. labels Aug 29, 2024
@arithmetic1728 arithmetic1728 force-pushed the cred_info branch 2 times, most recently from 96a3067 to 87a0f75 Compare August 29, 2024 10:09
@arithmetic1728 arithmetic1728 removed the size: m Pull request size is medium. label Aug 29, 2024
@product-auto-label product-auto-label bot added the size: l Pull request size is large. label Aug 29, 2024
@arithmetic1728 arithmetic1728 marked this pull request as ready for review August 29, 2024 23:48
@arithmetic1728 arithmetic1728 requested a review from a team as a code owner August 29, 2024 23:48
@arithmetic1728 arithmetic1728 changed the title [Work in progress] feat: add cred info to auth related errors feat: add cred info to auth related errors Aug 29, 2024
@arithmetic1728 arithmetic1728 requested a review from ohmayr August 29, 2024 23:49
@arithmetic1728 arithmetic1728 added the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label Aug 29, 2024
@arithmetic1728 arithmetic1728 assigned ohmayr and unassigned vchudnov-g Aug 29, 2024
@arithmetic1728 arithmetic1728 removed the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label Sep 11, 2024
@ohmayr ohmayr requested a review from vchudnov-g September 11, 2024 03:25
Copy link
Contributor

@parthea parthea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added minor observations

if not hasattr(cred, "get_cred_info"):
return

cred_info = cred.get_cred_info() # type: ignore
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please could you add a comment to clarify the reason that we have # type: ignore here, and include a link to a bug to follow up on it?

self,
error: core_exceptions.GoogleAPICallError
) -> None:
"""Adds credential info string to error details for 401/403/404 errors.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this part of a client library AIP? https://google.aip.dev/client-libraries. If not, should we consider creating one? The AIPs are meant to help define requirements for client libraries which will also be used when we create client libraries for a new language like rust.

return

cred = self._transport._credentials
if not hasattr(cred, "get_cred_info"):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we emit a warning/ update the error details to let users know that they can get more helpful error messages if they upgrade to a certain version of google-auth?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes that makes sense

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually on second thought, we cannot do that since its not necessary that all credentials in all scenarios have cred info.

return response
except core_exceptions.GoogleAPICallError as e:
self._add_cred_info_for_auth_errors(e)
raise e
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking comment. This PR touches a lot of duplicate code. Can we refactor this into a macro to avoid making the change in so many places? Feel free to file a bug to follow up on it later. If we address it now, then subsequent updates to the same code will be less toilsome.


client._add_cred_info_for_auth_errors(error)
if show_cred_info:
assert error.details == [CRED_INFO_STRING]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we also add a test to ensure that error details that we receive from the API are not clobbered?

As an example, we could update the test_error_details showcase test which already has tests with error details
https://github.com/googleapis/gapic-generator-python/blob/main/tests/system/test_error_details.py

@parthea parthea assigned ohmayr and unassigned ohmayr Sep 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
size: l Pull request size is large.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants