mongodb · cveticm · Jul 16, 2025 · Jul 16, 2025 · Jul 18, 2025 · fmenezes
@@ -21,6 +21,7 @@ import (
 	"strings"
 
 	"github.com/AlecAivazis/survey/v2/core"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/cli/commonerrors"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/cli/root"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/config"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/telemetry"
@@ -36,6 +37,10 @@ func execute(rootCmd *cobra.Command) {
 
 To learn more, see our documentation: https://www.mongodb.com/docs/atlas/cli/stable/connect-atlas-cli/`
 	if cmd, err := rootCmd.ExecuteContextC(ctx); err != nil {
+		errMsg := commonerrors.GetHumanFriendlyErrorMessage(err)
+		if errMsg != nil {
+			fmt.Fprintln(os.Stderr, errMsg)
+		}
 		if !telemetry.StartedTrackingCommand() {
 			telemetry.StartTrackingCommand(cmd, os.Args[1:])
 		}

@@ -16,14 +16,21 @@ package commonerrors
 
 import (
 	"errors"
+	"net/http"
 
-	"go.mongodb.org/atlas-sdk/v20250312005/admin"
+	atlasClustersPinned "go.mongodb.org/atlas-sdk/v20240530005/admin"
+	atlasv2 "go.mongodb.org/atlas-sdk/v20250312005/admin"
+	atlas "go.mongodb.org/atlas/mongodbatlas"
 )
 
 var (
 	errClusterUnsupported         = errors.New("atlas supports this command only for M10+ clusters. You can upgrade your cluster by running the 'atlas cluster upgrade' command")
 	errOutsideVPN                 = errors.New("forbidden action outside access allow list, if you are a MongoDB employee double check your VPN connection")
 	errAsymmetricShardUnsupported = errors.New("trying to run a cluster wide scaling command on an independent shard scaling cluster. Use --autoScalingMode 'independentShardScaling' instead")
+	ErrUnauthorized               = errors.New(`this action requires authentication
+
+To log in using your Atlas username and password, run: atlas auth login
+To set credentials using API keys, run: atlas config init`)
 )
 
 const (
@@ -35,7 +42,7 @@ func Check(err error) error {
 		return nil
 	}
 
-	apiError, ok := admin.AsError(err)
+	apiError, ok := atlasv2.AsError(err)
 	if ok {
 		switch apiError.GetErrorCode() {
 		case "TENANT_CLUSTER_UPDATE_UNSUPPORTED":
@@ -49,16 +56,51 @@ func Check(err error) error {
 	return err
 }
 
+// GetHumanFriendErrorMessage returns a human-friendly error message if error is status code 401.
+func GetHumanFriendlyErrorMessage(err error) error {
+	if err == nil {
+		return nil
+	}
+
+	statusCode := GetErrorStatusCode(err)
+	if statusCode == http.StatusUnauthorized {
+		return ErrUnauthorized
+	}
+	return nil
+}
+
+// GetErrorStatusCode returns the HTTP status code from the error.
+// It checks for v2 SDK, the pinned clusters SDK and the old SDK errors.
+// If the error is not an API error or is nil, it returns 0.
+func GetErrorStatusCode(err error) int {
+	if err == nil {
+		return 0
+	}
+	apiError, ok := atlasv2.AsError(err)
+	if ok {
+		return apiError.GetError()
+	}
+	apiPinnedError, ok := atlasClustersPinned.AsError(err)
+	if ok {
+		return apiPinnedError.GetError()
+	}
+	var atlasErr *atlas.ErrorResponse
+	if errors.As(err, &atlasErr) {
+		return atlasErr.HTTPCode
+	}
+	return 0
+}
+
 func IsAsymmetricShardUnsupported(err error) bool {
-	apiError, ok := admin.AsError(err)
+	apiError, ok := atlasv2.AsError(err)
 	if !ok {
 		return false
 	}
 	return apiError.GetErrorCode() == asymmetricShardUnsupportedErrorCode
 }
 
 func IsCannotUseFlexWithClusterApis(err error) bool {
-	apiError, ok := admin.AsError(err)
+	apiError, ok := atlasv2.AsError(err)
 	if !ok {
 		return false
 	}

@@ -20,17 +20,19 @@ import (
 	"errors"
 	"testing"
 
-	"go.mongodb.org/atlas-sdk/v20250312005/admin"
+	atlasClustersPinned "go.mongodb.org/atlas-sdk/v20240530005/admin"
+	atlasv2 "go.mongodb.org/atlas-sdk/v20250312005/admin"
+	atlas "go.mongodb.org/atlas/mongodbatlas"
 )
 
 func TestCheck(t *testing.T) {
 	dummyErr := errors.New("dummy error")
 
-	skderr := &admin.GenericOpenAPIError{}
-	skderr.SetModel(admin.ApiError{ErrorCode: "TENANT_CLUSTER_UPDATE_UNSUPPORTED"})
+	skderr := &atlasv2.GenericOpenAPIError{}
+	skderr.SetModel(atlasv2.ApiError{ErrorCode: "TENANT_CLUSTER_UPDATE_UNSUPPORTED"})
 
-	asymmetricShardErr := &admin.GenericOpenAPIError{}
-	asymmetricShardErr.SetModel(admin.ApiError{ErrorCode: asymmetricShardUnsupportedErrorCode})
+	asymmetricShardErr := &atlasv2.GenericOpenAPIError{}
+	asymmetricShardErr.SetModel(atlasv2.ApiError{ErrorCode: asymmetricShardUnsupportedErrorCode})
 
 	testCases := []struct {
 		name string
@@ -67,3 +69,83 @@ func TestCheck(t *testing.T) {
 		})
 	}
 }
+
+func TestGetHumanFriendlyErrorMessage(t *testing.T) {
+	dummyErr := errors.New("dummy error")
+	testErr := &atlasv2.GenericOpenAPIError{}
+	testErr.SetModel(atlasv2.ApiError{Error: 401})
+
+	testCases := []struct {
+		name string
+		err  error
+		want error
+	}{
+		{
+			name: "unauthorized error",
+			err:  testErr,
+			want: ErrUnauthorized,
+		},
+		{
+			name: "arbitrary error",
+			err:  dummyErr,
+			want: nil,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			if got := GetHumanFriendlyErrorMessage(tc.err); !errors.Is(got, tc.want) {
+				t.Errorf("GetHumanFriendlyErrorMessage(%v) = %v, want %v", tc.err, got, tc.want)
+			}
+		})
+	}
+}
+
+func TestGetErrorStatusCode(t *testing.T) {
+	dummyErr := errors.New("dummy error")
+
+	unauthorizedCode := 401
+	forbiddenCode := 403
+	notFoundCode := 404
+
+	atlasErr := &atlas.ErrorResponse{HTTPCode: unauthorizedCode}
+	atlasv2Err := &atlasv2.GenericOpenAPIError{}
+	atlasv2Err.SetModel(atlasv2.ApiError{Error: forbiddenCode})
+	atlasClustersPinnedErr := &atlasClustersPinned.GenericOpenAPIError{}
+	atlasClustersPinnedErr.SetModel(atlasClustersPinned.ApiError{Error: &notFoundCode})
+
+	testCases := []struct {
+		name string
+		err  error
+		want int
+	}{
+		{
+			name: "atlas unauthorized error",
+			err:  atlasErr,
+			want: unauthorizedCode,
+		},
+		{
+			name: "atlasv2 forbidden error",
+			err:  atlasv2Err,
+			want: forbiddenCode,
+		},
+		{
+			name: "atlasClusterPinned not found error",
+			err:  atlasClustersPinnedErr,
+			want: notFoundCode,
+		},
+		{
+			name: "arbitrary error",
+			err:  dummyErr,
+			want: 0,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			if got := GetErrorStatusCode(tc.err); got != tc.want {
+				t.Errorf("GetErrorStatusCode(%v) = %v, want %v", tc.err, got, tc.want)
+			}
+		})
+	}
+}
@@ -71,8 +71,7 @@ func (s *Store) httpClient(httpTransport http.RoundTripper) (*http.Client, error
 
 		return &http.Client{Transport: tr}, nil
 	default:
-		tr := &transport.AuthRequiredRoundTripper{Base: httpTransport}
-		return &http.Client{Transport: tr}, nil
+		return &http.Client{Transport: httpTransport}, nil
 	}
 }
 

@@ -15,15 +15,13 @@
 package transport
 
 import (
-	"fmt"
 	"net"
 	"net/http"
 	"time"
 
 	"github.com/mongodb-forks/digest"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/config"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/oauth"
-	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/validate"
 	atlasauth "go.mongodb.org/atlas/auth"
 )
 
@@ -112,24 +110,3 @@ func (tr *tokenTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 
 	return tr.base.RoundTrip(req)
 }
-
-type AuthRequiredRoundTripper struct {
-	Base http.RoundTripper
-}
-
-func (tr *AuthRequiredRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
-	resp, err := tr.Base.RoundTrip(req)
-	if resp != nil && resp.StatusCode == http.StatusUnauthorized {
-		return nil, fmt.Errorf(
-			`%w
-
-To log in using your Atlas username and password, run: atlas auth login
-To set credentials using API keys, run: atlas config init`,
-			validate.ErrMissingCredentials,
-		)
-	}
-	if err != nil {
-		return nil, err
-	}
-	return resp, nil
-}
@@ -24,6 +24,7 @@ import (
 	"slices"
 	"strings"
 
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/cli/commonerrors"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/config"
 )
 
@@ -95,8 +96,6 @@ func ObjectID(s string) error {
 	return nil
 }
 
-var ErrMissingCredentials = errors.New("this action requires authentication")
-
 // Credentials validates public and private API keys have been set.
 func Credentials() error {
 	if t, err := config.Token(); t != nil {
@@ -106,13 +105,7 @@ func Credentials() error {
 		return nil
 	}
 
-	return fmt.Errorf(
-		`%w
-
-To log in using your Atlas username and password, run: atlas auth login
-To set credentials using API keys, run: atlas config init`,
-		ErrMissingCredentials,
-	)
+	return commonerrors.ErrUnauthorized
 }
 
 var ErrAlreadyAuthenticatedAPIKeys = errors.New("already authenticated with an API key")

@@ -169,7 +169,7 @@ func TestCredentials(t *testing.T) {
 	})
 }
 
-func TestNoAPIKeyss(t *testing.T) {
+func TestNoAPIKeys(t *testing.T) {
 	t.Run("no credentials", func(t *testing.T) {
 		if err := NoAPIKeys(); err != nil {
 			t.Fatalf("NoAPIKeys() unexpected error %v\n", err)