[db-errors] Make conversion from TransactionError to PublicError explicit (#9505)

- Removes `impl From<TransactionError<PublicError>> for PublicError`
- Makes the conversion explicit, with a caller-acknowledged function
called `into_public_ignore_retries`
- Updates call-sites. Generally, this was "just a rename", but
`nexus/db-queries/src/db/datastore/deployment/external_networking.rs`
had structural changes which now allow retry errors to be propagated up
to the transaction retry wrapper.

Author: smklein

nexus/db-errors/src/transaction_error.rs

@@ -68,6 +68,24 @@ impl<T> TransactionError<T> {
             _ => NotRetryable(self),
         }
     }
+
+    /// Maps a `TransactionError<T>` to a `TransactionError<T2>`
+    ///
+    /// Applyies an operation transforming `T` to `T2`.
+    /// The API here resembles [Result::map_err] intentionally.
+    pub fn map<T2, O>(self, op: O) -> TransactionError<T2>
+    where
+        O: FnOnce(T) -> T2,
+    {
+        match self {
+            TransactionError::CustomError(err) => {
+                TransactionError::CustomError(op(err))
+            }
+            TransactionError::Database(db_err) => {
+                TransactionError::Database(db_err)
+            }
+        }
+    }
 }
 
 impl<T: std::fmt::Debug> TransactionError<T> {
@@ -100,9 +118,22 @@ impl From<PublicError> for TransactionError<PublicError> {
     }
 }
 
-impl From<TransactionError<PublicError>> for PublicError {
-    fn from(err: TransactionError<PublicError>) -> Self {
-        match err {
+impl TransactionError<PublicError> {
+    /// Converts a `TransactionError<PublicError>` into a `PublicError`.
+    ///
+    /// This is basically an `impl From<Self> -> PublicError`, but with
+    /// a different name to force the caller to label the contract
+    /// happening here:
+    ///
+    /// - When Diesel APIs are invoked within a transaction, they
+    /// may return errors indicating "please retry the transaction".
+    /// - If those are silently converted into the `PublicError` type, retry
+    /// information is not propagated up to the transaction retry wrapper, which
+    /// uses those errors to direct automated retry.
+    ///
+    /// However, outside of transactions, this conversion is harmless.
+    pub fn into_public_ignore_retries(self) -> PublicError {
+        match self {
             TransactionError::CustomError(err) => err,
             TransactionError::Database(err) => {
                 public_error_from_diesel(err, ErrorHandler::Server)

nexus/db-queries/src/db/datastore/deployment.rs

@@ -210,7 +210,7 @@ impl DataStore {
             })
             .await
             .map_err(|e| match err.take() {
-                Some(txn_error) => txn_error.into(),
+                Some(txn_error) => txn_error.into_public_ignore_retries(),
                 None => public_error_from_diesel(e, ErrorHandler::Server),
             })?;
         Ok(r)
@@ -632,7 +632,7 @@ impl DataStore {
             })
             .await
             .map_err(|e| match err.take() {
-                Some(err) => err.into(),
+                Some(err) => err.into_public_ignore_retries(),
                 None => public_error_from_diesel(e, ErrorHandler::Server),
             })?;
 
@@ -1828,7 +1828,7 @@ impl DataStore {
             })
             .await
             .map_err(|e| match err.take() {
-                Some(err) => err.into(),
+                Some(err) => err.into_public_ignore_retries(),
                 None => public_error_from_diesel(e, ErrorHandler::Server),
             })?;
 
@@ -1962,7 +1962,7 @@ impl DataStore {
                         .map(|(_sled_id, zone)| zone),
                 )
                 .await
-                .map_err(|e| err.bail(e.into()))?;
+                .map_err(|e| err.bail(e))?;
                 self.ensure_zone_external_networking_allocated_on_connection(
                     &conn,
                     opctx,
@@ -1973,15 +1973,15 @@ impl DataStore {
                         .map(|(_sled_id, zone)| zone),
                 )
                 .await
-                .map_err(|e| err.bail(e.into()))?;
+                .map_err(|e| err.bail(e))?;
 
                 Ok(())
             }
         })
         .await
         .map_err(|e| {
             if let Some(err) = err.take() {
-                err.into()
+                err.into_public_ignore_retries()
             } else {
                 public_error_from_diesel(e, ErrorHandler::Server)
             }
@@ -2132,7 +2132,9 @@ impl DataStore {
         opctx.authorize(authz::Action::Read, &authz::BLUEPRINT_CONFIG).await?;
 
         let conn = self.pool_connection_authorized(opctx).await?;
-        let target = Self::blueprint_current_target_only(&conn).await?;
+        let target = Self::blueprint_current_target_only(&conn)
+            .await
+            .map_err(|err| err.into_public_ignore_retries())?;
 
         // The blueprint for the current target cannot be deleted while it is
         // the current target, but it's possible someone else (a) made a new
@@ -2162,7 +2164,9 @@ impl DataStore {
     ) -> Result<BlueprintTarget, Error> {
         opctx.authorize(authz::Action::Read, &authz::BLUEPRINT_CONFIG).await?;
         let conn = self.pool_connection_authorized(opctx).await?;
-        Self::blueprint_current_target_only(&conn).await.map_err(|e| e.into())
+        Self::blueprint_current_target_only(&conn)
+            .await
+            .map_err(|e| e.into_public_ignore_retries())
     }
 
     // Helper to fetch the current blueprint target (without fetching the entire

nexus/db-queries/src/db/datastore/deployment/external_networking.rs

@@ -10,6 +10,7 @@ use crate::db::DataStore;
 use crate::db::fixed_data::vpc_subnet::DNS_VPC_SUBNET;
 use crate::db::fixed_data::vpc_subnet::NEXUS_VPC_SUBNET;
 use crate::db::fixed_data::vpc_subnet::NTP_VPC_SUBNET;
+use nexus_db_errors::TransactionError;
 use nexus_db_lookup::DbConnection;
 use nexus_db_model::IncompleteNetworkInterface;
 use nexus_db_model::IpConfig;
@@ -89,7 +90,7 @@ impl DataStore {
         conn: &async_bb8_diesel::Connection<DbConnection>,
         opctx: &OpContext,
         zones_to_allocate: impl Iterator<Item = &BlueprintZoneConfig>,
-    ) -> Result<(), Error> {
+    ) -> Result<(), TransactionError<Error>> {
         // Looking up the service pool IDs requires an opctx; we'll do this at
         // most once inside the loop below, when we first encounter an address
         // of the same IP version.
@@ -150,7 +151,7 @@ impl DataStore {
         conn: &async_bb8_diesel::Connection<DbConnection>,
         log: &Logger,
         zones_to_deallocate: impl Iterator<Item = &BlueprintZoneConfig>,
-    ) -> Result<(), Error> {
+    ) -> Result<(), TransactionError<Error>> {
         for z in zones_to_deallocate {
             let Some((external_ip, nic)) = z.zone_type.external_networking()
             else {
@@ -185,7 +186,7 @@ impl DataStore {
                     nic.id,
                 )
                 .await
-                .map_err(|err| err.into_external())?;
+                .map_err(|txn_err| txn_err.map(|err| err.into_external()))?;
             if deleted_nic {
                 info!(log, "successfully deleted Omicron zone vNIC");
             } else {
@@ -204,7 +205,7 @@ impl DataStore {
         zone_id: OmicronZoneUuid,
         external_ip: OmicronZoneExternalIp,
         log: &Logger,
-    ) -> Result<bool, Error> {
+    ) -> Result<bool, TransactionError<Error>> {
         // localhost is used by many components in the test suite.  We can't use
         // the normal path because normally a given external IP must only be
         // used once.  Just treat localhost in the test suite as though it's
@@ -240,7 +241,8 @@ impl DataStore {
                 return Err(Error::invalid_request(format!(
                     "zone {zone_id} already has {} IPs allocated (expected 1)",
                     allocated_ips.len()
-                )));
+                ))
+                .into());
             }
         };
 
@@ -254,7 +256,8 @@ impl DataStore {
                 return Err(Error::invalid_request(format!(
                     "zone {zone_id} has invalid IP database record: {}",
                     InlineErrorChain::new(&err)
-                )));
+                ))
+                .into());
             }
         };
 
@@ -268,7 +271,8 @@ impl DataStore {
             );
             return Err(Error::invalid_request(format!(
                 "zone {zone_id} has a different IP allocated ({existing_ip:?})",
-            )));
+            ))
+            .into());
         }
     }
 
@@ -280,7 +284,7 @@ impl DataStore {
         zone_id: OmicronZoneUuid,
         nic: &NetworkInterface,
         log: &Logger,
-    ) -> Result<bool, Error> {
+    ) -> Result<bool, TransactionError<Error>> {
         // See the comment in is_external_ip_already_allocated().
         //
         // TODO-completeness: Ensure this works for dual-stack Omicron service
@@ -338,7 +342,8 @@ impl DataStore {
             return Err(Error::invalid_request(format!(
                 "zone {zone_id} already has {} non-matching NIC(s) allocated",
                 allocated_nics.len()
-            )));
+            ))
+            .into());
         }
 
         info!(log, "NIC allocation required for zone");
@@ -354,7 +359,7 @@ impl DataStore {
         zone_id: OmicronZoneUuid,
         external_ip: OmicronZoneExternalIp,
         log: &Logger,
-    ) -> Result<(), Error> {
+    ) -> Result<(), TransactionError<Error>> {
         // Only attempt to allocate `external_ip` if it isn't already assigned
         // to this zone.
         //
@@ -395,20 +400,22 @@ impl DataStore {
         service_id: OmicronZoneUuid,
         nic: &NetworkInterface,
         log: &Logger,
-    ) -> Result<(), Error> {
+    ) -> Result<(), TransactionError<Error>> {
         // We don't pass `nic.kind` into the database below, but instead
         // explicitly call `service_create_network_interface`. Ensure this is
         // indeed a service NIC.
         match &nic.kind {
             NetworkInterfaceKind::Instance { .. } => {
                 return Err(Error::invalid_request(
                     "invalid NIC kind (expected service, got instance)",
-                ));
+                )
+                .into());
             }
             NetworkInterfaceKind::Probe { .. } => {
                 return Err(Error::invalid_request(
                     "invalid NIC kind (expected service, got probe)",
-                ));
+                )
+                .into());
             }
             NetworkInterfaceKind::Service { .. } => (),
         }
@@ -429,7 +436,8 @@ impl DataStore {
                 return Err(Error::invalid_request(format!(
                     "no VPC subnet available for {} zone",
                     zone_kind.report_str()
-                )));
+                ))
+                .into());
             }
         };
 
@@ -465,7 +473,7 @@ impl DataStore {
         let created_nic = self
             .create_network_interface_raw_conn(conn, nic_arg)
             .await
-            .map_err(|err| err.into_external())?;
+            .map_err(|txn_err| txn_err.map(|err| err.into_external()))?;
 
         // We don't pass all the properties of `nic` into the create request
         // above. Double-check that the properties the DB assigned match
@@ -496,7 +504,8 @@ impl DataStore {
                 "database cleanup required: unexpected NIC ({created_nic:?}) \
                  allocated for {} {service_id}",
                 zone_kind.report_str(),
-            )));
+            ))
+            .into());
         }
 
         info!(log, "successfully allocated service vNIC");

nexus/db-queries/src/db/datastore/dns.rs

@@ -70,9 +70,9 @@ impl DataStore {
         dns_group: DnsGroup,
     ) -> ListResultVec<DnsZone> {
         let conn = self.pool_connection_authorized(opctx).await?;
-        Ok(self
-            .dns_zones_list_all_on_connection(opctx, &conn, dns_group)
-            .await?)
+        self.dns_zones_list_all_on_connection(opctx, &conn, dns_group)
+            .await
+            .map_err(|err| err.into_public_ignore_retries())
     }
 
     /// Variant of [`Self::dns_zones_list_all`] which may be called from a
@@ -116,7 +116,8 @@ impl DataStore {
                 &*self.pool_connection_authorized(opctx).await?,
                 dns_group,
             )
-            .await?;
+            .await
+            .map_err(|err| err.into_public_ignore_retries())?;
         Ok(version)
     }
 
@@ -411,7 +412,7 @@ impl DataStore {
             })
             .await
             .map_err(|e| match err.take() {
-                Some(err) => err.into(),
+                Some(err) => err.into_public_ignore_retries(),
                 None => public_error_from_diesel(e, ErrorHandler::Server),
             })
     }
@@ -1865,12 +1866,11 @@ mod test {
             update.add_name(String::from("n2"), records1.clone()).unwrap();
 
             let conn = datastore.pool_connection_for_tests().await.unwrap();
-            let error = Error::from(
-                datastore
-                    .dns_update_incremental(&opctx, &conn, update)
-                    .await
-                    .unwrap_err(),
-            );
+            let error = datastore
+                .dns_update_incremental(&opctx, &conn, update)
+                .await
+                .unwrap_err()
+                .into_public_ignore_retries();
             let msg = error.to_string();
             assert!(msg.starts_with("Internal Error: "), "Message: {msg:}");
             assert!(

nexus/db-queries/src/db/datastore/external_ip.rs

@@ -178,7 +178,7 @@ impl DataStore {
         &self,
         conn: &async_bb8_diesel::Connection<DbConnection>,
         service_id: Uuid,
-    ) -> LookupResult<Vec<ExternalIp>> {
+    ) -> Result<Vec<ExternalIp>, TransactionError<Error>> {
         use nexus_db_schema::schema::external_ip::dsl;
         dsl::external_ip
             .filter(dsl::is_service.eq(true))
@@ -187,7 +187,7 @@ impl DataStore {
             .select(ExternalIp::as_select())
             .get_results_async(conn)
             .await
-            .map_err(|e| public_error_from_diesel(e, ErrorHandler::Server))
+            .map_err(|err| err.into())
     }
 
     /// Allocates a floating IP address for instance usage.
@@ -233,7 +233,9 @@ impl DataStore {
         data: IncompleteExternalIp,
     ) -> CreateResult<ExternalIp> {
         let conn = self.pool_connection_authorized(opctx).await?;
-        let ip = Self::allocate_external_ip_on_connection(&conn, data).await?;
+        let ip = Self::allocate_external_ip_on_connection(&conn, data)
+            .await
+            .map_err(|err| err.into_public_ignore_retries())?;
         Ok(ip)
     }
 
@@ -675,7 +677,9 @@ impl DataStore {
         ip_id: Uuid,
     ) -> Result<bool, Error> {
         let conn = self.pool_connection_authorized(opctx).await?;
-        self.deallocate_external_ip_on_connection(&conn, ip_id).await
+        self.deallocate_external_ip_on_connection(&conn, ip_id)
+            .await
+            .map_err(|err| err.into_public_ignore_retries())
     }
 
     /// Variant of [Self::deallocate_external_ip] which may be called from a
@@ -684,7 +688,7 @@ impl DataStore {
         &self,
         conn: &async_bb8_diesel::Connection<DbConnection>,
         ip_id: Uuid,
-    ) -> Result<bool, Error> {
+    ) -> Result<bool, TransactionError<Error>> {
         use nexus_db_schema::schema::external_ip::dsl;
         let now = Utc::now();
         diesel::update(dsl::external_ip)
@@ -698,7 +702,7 @@ impl DataStore {
                 UpdateStatus::Updated => true,
                 UpdateStatus::NotUpdatedButExists => false,
             })
-            .map_err(|e| public_error_from_diesel(e, ErrorHandler::Server))
+            .map_err(|e| e.into())
     }
 
     /// Moves an instance's ephemeral IP from 'Attached' to 'Detaching'.