Merge pull request #87 from ovh/dev/aamstutz/handle-iam-errors

amstuta · web-flow · commit 945a2dafa77c · 2025-02-06T11:15:41.000+01:00
feat: Add missing IAM permissions in error string
diff --git a/ovh/error.go b/ovh/error.go
@@ -35,8 +35,22 @@ func (err APIError) Error() string {
 		fmt.Fprint(&sb, err.Class, ": ")
 	}
 
+	// Catch missing IAM permissions, if any
+	var missingIAMActionsDetails []string
+	if missingAuthenticationActions, ok := err.Details["unauthorizedActionsByAuthentication"]; ok && missingAuthenticationActions != "" {
+		missingIAMActionsDetails = append(missingIAMActionsDetails, missingAuthenticationActions)
+	}
+	if missingIAMActions, ok := err.Details["unauthorizedActionsByIAM"]; ok && missingIAMActions != "" {
+		missingIAMActionsDetails = append(missingIAMActionsDetails, missingIAMActions)
+	}
+
+	message := err.Message
+	if len(missingIAMActionsDetails) > 0 {
+		message += fmt.Sprintf(" (missing IAM permissions: %s)", strings.Join(missingIAMActionsDetails, ", "))
+	}
+
 	// Real error message, quoted
-	fmt.Fprintf(&sb, "%q", err.Message)
+	fmt.Fprintf(&sb, "%q", message)
 
 	// QueryID if any
 	if err.QueryID != "" {
diff --git a/ovh/error_test.go b/ovh/error_test.go
@@ -31,4 +31,33 @@ func TestErrorString(t *testing.T) {
 	td.Cmp(t, err.Error(), expected)
 	td.Cmp(t, err.String(), expected)
 
+	err = APIError{
+		Code:    http.StatusForbidden,
+		Message: `User not granted for this request`,
+		Class:   "Client::Forbidden",
+		QueryID: "EU.ext-99.foobar",
+		Details: map[string]string{
+			"unauthorizedActionsByAuthentication": "",
+			"unauthorizedActionsByIAM":            "account:apiovh:me/installationTemplate/get",
+		},
+	}
+
+	expected = `OVHcloud API error (status code 403): Client::Forbidden: "User not granted for this request (missing IAM permissions: account:apiovh:me/installationTemplate/get)" (X-OVH-Query-Id: EU.ext-99.foobar)`
+	td.Cmp(t, err.Error(), expected)
+	td.Cmp(t, err.String(), expected)
+
+	err = APIError{
+		Code:    http.StatusForbidden,
+		Message: `User not granted for this request`,
+		Class:   "Client::Forbidden",
+		QueryID: "EU.ext-99.foobar",
+		Details: map[string]string{
+			"unauthorizedActionsByAuthentication": "account:apiovh:me/accessRestriction/ip/get",
+			"unauthorizedActionsByIAM":            "account:apiovh:me/installationTemplate/get",
+		},
+	}
+
+	expected = `OVHcloud API error (status code 403): Client::Forbidden: "User not granted for this request (missing IAM permissions: account:apiovh:me/accessRestriction/ip/get, account:apiovh:me/installationTemplate/get)" (X-OVH-Query-Id: EU.ext-99.foobar)`
+	td.Cmp(t, err.Error(), expected)
+	td.Cmp(t, err.String(), expected)
 }
