yoshidan
[suggestion] Provide clearer error messages for client-side authentication failures (4xx)
Hello,
It seems that the auth crate doesn't properly parse response errors when the authentication configuration is invalid. I was trying to use GKE Workload Identity as the auth method behind the with_auth() function, and the crate just returned a decode error (probably because the response wasn't what the decoder expected), which made debugging my configuration more difficult.
What do you think about returning a clearer error message for client auth errors? Does that make sense? I’d be happy to open a PR with this suggestion if you're open to it.
HttpError(reqwest::Error { kind: Decode, source: Error("expected value", line: 1, column: 1) })
Just to clarify, Workload Identity on GKE works fine, this suggestion is only about improving the clarity of error messages in such cases.
I agree with including the request URL and bytes of the response body in the error, as it is difficult to investigate whether that error actually occurred.
@yoshidan do you have any idea how i can simulate this error locally or with a test?
is this the line where the error happens? and we need add more context?
https://github.com/yoshidan/google-cloud-rust/blob/main/foundation/auth/src/project.rs#L99
On this topic (let me know if I should make a separate issue), could we get the tonic errors re-exported?
I want to do something like this:
let mut reader = match bigquery_client
.read_table::<ReadRow>(&table_reference, None)
.await
{
Ok(r) => r,
Err(e) => match e {
gcloud_bigquery::storage::Error::GRPC(status) => match status.code() {
gcloud_bigquery::tonic::status::Code::NotFound => return Ok(Vec::new()),
// NotFound | AlreadyExists => return Ok(Vec::new()),
_ => bail!("grpc error: {e:?}"),
},
error => {
bail!("gcloud non-connection error: {error:?}");
}
},
};
EDIT: Potentially related, https://github.com/yoshidan/google-cloud-rust/issues/179
