Closed mgyucht closed 4 months ago
Attention: Patch coverage is 62.74510%
with 19 lines
in your changes are missing coverage. Please review.
Project coverage is 7.14%. Comparing base (
6106c39
) to head (c7f3f54
).
Files | Patch % | Lines |
---|---|---|
common/environment/environments.go | 28.00% | 17 Missing and 1 partial :warning: |
config/config.go | 50.00% | 1 Missing :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Changes
When a user tries to access a Private Link-enabled workspace configured with no public internet access from a different network than the VPC endpoint belongs to, the Private Link backend redirects the user to the login page, rather than outright rejecting the request. The login page, however, is not a JSON document and cannot be parsed by the SDK, resulting in this error message:
To address this, I add one additional check in the error mapper logic to inspect whether the user was redirected to the login page with the private link validation error response code. If so, we return a synthetic error with error code
PRIVATE_LINK_VALIDATION_ERROR
that inherits from ErrPermissionsDenied and has a mock 403 status code.After this change, users will see an error message like this:
The error message is tuned to the specific cloud so that we can redirect users to the appropriate documentation, the cloud being inferred from the request URI.
As part of this, I made a small refactor of environments code into a separate package so it can be used by both the config and apierr packages.
Tests
Unit tests cover the private link error message mapping. To manually test this, I created a private link workspace in Azure, created an access token, restricted access to the workspace, then ran the
default-auth
example using the host & token:make test
passingmake fmt
applied