CLOUDP-330561: Moves unauth error check to common errors

[cveticm]

Proposed changes

Issues

Initial work to move unauth check from builder.go to transport.go (#4034) neglected digest and access token transport clients. This meant that if either of these transport methods received a 401 response, the error would not be wrapped with any additional messaging. For example, when a user's access token expires.

Solution

To fix this, I have moved the unauth check to atlas.go.
The flow now is:

• a command finishes executing
• if err
  • check if 401
    • if 401, print custom error message

Note that the raw transport error message will be printed to terminal before the command is fully complete. This means we cannot wrap the error but can only print additional messaging. In practice this looks much the same as the previous implementation:

Error: https://cloud-dev.mongodb.com/api/atlas/v2/groups/670cd17af33cea212ea1ed61/clusters GET: HTTP 401 Unauthorized (Error code: "") Detail: You are not authorized for this resource. Reason: Unauthorized. Params: []
this action requires authentication

To log in using your Atlas username and password or to set credentials using API key, run: atlas auth login

Jira ticket: CLOUDP-330561

Checklist

• I have signed the MongoDB CLA
• I have added tests that prove my fix is effective or that my feature works
• I have added any necessary documentation in document requirements section listed in CONTRIBUTING.md (if appropriate)
• I have addressed the @mongodb/docs-cloud-team comments (if appropriate)
• I have updated test/README.md (if an e2e test has been added)
• I have run make fmt and formatted my code

[cveticm]

transport wrapper no longer needed since its primary purpose, to check for unauth, is now done after the command executes

[github-actions]

Coverage Report 📉

Branch	Commit	Coverage
SA_refactor_feature_branch	5fbb105	25.8%
CLOUDP-330561_commonerror_unauth_check	9869e7a	25.7%
	Difference	-.1%

[jeroenvervaeke]

I don't think this is the proper way to check the error code coming from the API.

I think you'll have to use:

admin.AsError(err)

I was first going to recommend using the errorcode: UNAUTHORIZED, but it looks like we have so many variations.

It's better to check the HTTP status code instead (through the error).

Unfortunately I don't fully remember how to get the status code from the SDK, let me know if you can't find it and want to look into it together

[andreaangiolillo]

Unfortunately I don't fully remember how to get the status code from the SDK, let me know if you can't find it and want to look into it together

AsError returns the ApiError struct which contains the error code as param
https://github.com/mongodb/atlas-sdk-go/blob/main/admin/model_api_error.go#L6

[cveticm]

Yes i tried this initially, but these unauth errors aren't GenericOpenAPIError types so admin.AsError(err) returns !ok.

[fmenezes]

I think we need a custom error, perhaps should we introduce error handling on transport and create an ErrUnauthorized? at least a generic http error that has code as a property

[andreaangiolillo]

shouldn't we print this to stderr?

[fmenezes]

I think this prints it twice because cobra prints it

[fmenezes]

If we are moving the error check here we should remove each individual usage of it and move it here