fix(ibm-watsonx-s3): fail fast on precheck and guard bearer token JSON parsing

[awalker4]

Summary

• Adds an optional max_retries parameter to get_catalog() so callers can override the retry budget
• precheck() now passes max_retries=1, surfacing connection errors immediately instead of blocking through the full exponential-backoff window (~70s)
• Moves response.json() inside the try/except in generate_bearer_token() so non-JSON responses from the IAM endpoint are caught and wrapped as an auth error rather than raised as a bare exception

Test plan

• Run IBM Watsonx S3 precheck with valid credentials — should pass
• Run precheck with invalid credentials — should fail immediately with auth error
• Run precheck with unreachable endpoint — should fail quickly (1 attempt) rather than retrying

🤖 Generated with Claude Code

---

Note

Medium Risk
Adjusts IBM watsonx S3 connection/auth error paths and retry behavior, which can change how quickly failures surface and what exceptions callers see. Scope is limited to the connector and covered by new unit tests, but mis-tuned retries could impact reliability in flaky networks.

Overview
Improves IBM watsonx S3 connector resiliency and UX by failing fast during precheck(): get_catalog() now accepts an optional max_retries override and precheck() uses max_retries=1 to avoid long exponential backoff on connection issues.

Hardens IAM token generation by moving response.json() inside the try block in generate_bearer_token(), ensuring non-JSON/parse failures are wrapped via wrap_error instead of escaping unhandled. Adds unit tests for the new retry override and token JSON parsing behavior, and bumps version to 1.4.15 with a changelog entry.

^{Written by Cursor Bugbot for commit fde6e0d. This will update automatically on new commits. Configure here.}

[potter-potter]

@claude please review

[claude]

Claude finished @potter-potter's task —— View job

---

Code Review

Todo List

• Read repository guidelines (CLAUDE.md)
• Review changed files and implementation
• Analyze code for correctness and best practices
• Provide comprehensive feedback

Review Summary ✅

This is a well-implemented fix that addresses two specific issues in the IBM watsonx.data S3 connector: slow failure during precheck validation and improper error handling in authentication token generation. The changes are minimal, focused, and safe.

✅ Strengths

1. Excellent Problem Targeting

• Addresses a real user experience issue where precheck was taking ~70s to fail with bad credentials
• The max_retries=1 approach for precheck is smart - validation should fail fast, while data operations can have full retry logic

2. Improved Error Handling

• Moving response.json() inside the try-catch block in generate_bearer_token() (lines 132-137) properly wraps JSON parsing exceptions
• Non-JSON responses from IBM IAM endpoint will now be caught and wrapped as auth errors instead of propagating as raw exceptions

3. Clean API Design

• The optional max_retries parameter in get_catalog() maintains backward compatibility
• Default behavior unchanged for existing callers
• Clear parameter validation logic: retries = max_retries if max_retries is not None else self.max_retries_connection

4. Good Documentation

• Clear inline comment explaining the rationale for max_retries=1 in precheck
• Commit message properly describes the changes
• Changelog entry follows project conventions

🔍 Technical Analysis

Function Signature Change (ibm_watsonx_s3.py:158)

def get_catalog(self, max_retries: Optional[int] = None) -> Generator["RestCatalog", None, None]:

• Backward compatible optional parameter ✅
• Proper typing with Optional[int] ✅
• Maintains existing return type ✅

Bearer Token Fix (ibm_watsonx_s3.py:132-137)

try:
    response = httpx.post(DEFAULT_IBM_CLOUD_AUTH_URL, headers=headers, data=data)
    response.raise_for_status()
    return response.json()  # Now inside try block
except Exception as e:
    raise self.wrap_error(e)

• Properly handles JSON parsing failures ✅
• Maintains existing error wrapping behavior ✅
• Follows existing error handling patterns ✅

Precheck Implementation (ibm_watsonx_s3.py:232)

with self.connection_config.get_catalog(max_retries=1) as catalog:

• Using max_retries=1 means one attempt, no retries - exactly what's needed for fast failure ✅
• Maintains same validation logic ✅

🎯 Minor Observations

1. Version Management

• Version bump to 1.4.14 and changelog entry are appropriate
• Following semantic versioning correctly (patch version for bug fix)

2. Consistency

• The change maintains consistency with the existing codebase patterns
• Error handling follows the established wrap_error() approach
• Logging and exception types match existing conventions

🚀 Impact Assessment

Risk: Low ✅

• Changes are localized to the IBM watsonx connector
• No breaking API changes
• Backward compatible modifications only
• Error handling improvements reduce failure surface area

Benefits:

• Dramatically improves user experience during credential validation
• More robust authentication error handling
• Maintains full retry logic for actual data operations
• Better error messages for malformed IAM responses

✅ Recommendation

APPROVE - This is a solid, well-thought-out fix that directly addresses user pain points without introducing risk. The implementation is clean, maintains backward compatibility, and follows established patterns in the codebase.

---

[potter-potter]

LG - just merge in latest from origin

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}