fix(controlplane): propagate FailedPrecondition errors instead of masking them#3180
Conversation
…king them When an error already converted by handleUseCaseErr is processed again (e.g. AttestationService.Store wrapping storeAttestation), the resulting gRPC FailedPrecondition status error was not recognized, so it was reported to Sentry and masked as a generic internal server error, hiding the actionable message (such as pushing an attestation to a released, immutable project version) from the client. Pass through gRPC FailedPrecondition status errors in the default branch, making the conversion idempotent: the error is no longer reported to Sentry and the original message reaches the client. Assisted-by: Claude Code Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev> Chainloop-Trace-Sessions: 43473f24-f00c-4ba7-8fac-82209c736b02
AI Session Analysis
|
| Status | Attribution | File | Lines |
|---|---|---|---|
| modified | ai | app/controlplane/internal/service/service_test.go |
+86 / -1 |
| modified | ai | app/controlplane/internal/service/service.go |
+29 / -5 |
Policies (4)
| Status | Policy | Material | Messages |
|---|---|---|---|
| ✅ Passed | ai-config-ai-agents-allowed |
ai-coding-session-43473f |
- |
| ✅ Passed | ai-config-no-dangerous-commands |
ai-coding-session-43473f |
- |
| ✅ Passed | ai-config-no-secrets |
ai-coding-session-43473f |
- |
| ✅ Passed | ai-config-mcp-servers-allowed |
ai-coding-session-43473f |
- |
Powered by Chainloop and Chainloop Trace
There was a problem hiding this comment.
1 issue found across 2 files
Reply with feedback, questions, or to request a fix.
Fix all with cubic | Re-trigger cubic
…ror codes Extend the FailedPrecondition passthrough to every client-error gRPC code this function produces (Canceled, InvalidArgument, NotFound, PermissionDenied, Unimplemented, AlreadyExists, FailedPrecondition). Kratos errors also implement GRPCStatus(), so already-converted errors of any of these kinds are now propagated unchanged when processed again, instead of being masked and reported to Sentry. Server-side codes keep being masked. Assisted-by: Claude Code Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev> Chainloop-Trace-Sessions: 43473f24-f00c-4ba7-8fac-82209c736b02
|
Addressed the review finding (identified by cubic): the double-processing masking was not limited to FailedPrecondition — kratos errors also implement
🤖 Posted by Maximus bot (Claude Code) on behalf of @migmartri |
When an error that was already converted by
handleUseCaseErris processed again (e.g.AttestationService.StorewrappingstoreAttestation), the resulting gRPCFailedPreconditionstatus error was not recognized by the conversion switch. It fell into the default branch, where it was reported to Sentry and masked as a generic internal server error, hiding the actionable message (such as pushing an attestation to a released, immutable project version) from the client.This change passes through gRPC
FailedPreconditionstatus errors in the default branch, making the conversion idempotent:This PR was created with AI assistance (Claude Code).
🤖 Posted by Maximus bot (Claude Code) on behalf of @migmartri