OSIS-166: preserve Vault server faults (5xx) instead of masking them as 400#161
Closed
anurag4DSB wants to merge 1 commit into
Closed
Conversation
…as 400 The six create/update paths (createTenant, createUser, createS3Credential, updateCredentialStatus, updateUser, updateTenant) caught a Vault error and rethrew it as 400 unconditionally, so a genuine Vault 5xx reached the error boundary as a 400 and was logged at INFO without a trace. Preserve genuine Vault server faults (5xx) so the boundary logs them once at ERROR with the trace, keeping 400 for real client-side rejections. The boundary stays the single logging seam; no service-layer log is added back.
|
LGTM — logic is correct and well-scoped. The toResponseException helper and the inline updateTenant variant both preserve 5xx faithfully; the error boundary already handles both paths (5xx → ERROR with trace, 4xx → INFO). No catch blocks were missed. Tests cover both code paths (helper via createTenant, inline via updateTenant). |
Contributor
Author
|
Superseded by #169, which re-creates the 5xx passthrough minimally on top of main (works via Spring's default ResponseStatusException handling, no error boundary needed). Closing this one. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Intent: why does this change exist?
The six create/update endpoints downgraded every Vault failure to 400, so a genuine Vault server error reached the error boundary as a client 400 and was logged at INFO with no stack trace. That hid intermittent Vault server faults from the logs (full outages are still caught by
VaultHealthIndicator). Found in review of #159.System impact: what's affected, including downstream?
ScalityOsisServiceImpl:createTenant,createUser,createS3Credential,updateCredentialStatus,updateUser,updateTenant. OSE now receives a 5xx (instead of 400) from these endpoints when Vault itself returns a server error; a transient Vault failure reads as retryable rather than as a bad request. Stacked on #159.Preserved behavior: what explicitly stays the same?
Client-side Vault rejections (4xx) still map to 400 and log at INFO with no trace.
updateTenantkeeps itsE_BAD_REQUESTerrorCode on the 400 path. Non-Vault exceptions in these paths still map to 400 as before. The error boundary, response body shape, and logging seam are unchanged.Intended change: what's different after this PR?
A genuine Vault server fault (5xx) propagates with its 5xx status, so the single error boundary logs it once at ERROR with the stack trace. A small
toResponseExceptionhelper centralizes the rule;updateTenantkeeps it inline to retain its errorCode. The boundary stays the only place that logs, so this keeps the "log once" invariant rather than re-adding a service-layer ERROR log.Verification: how do we know this worked, or how would we know if it didn't?
./gradlew buildgreen (incl. JaCoCo 75%, SpotBugs, PMD). New tests assertcreateTenantandupdateTenantsurface a Vault 500 as 500, not 400; the existing 400-mapping and consistency tests still pass.🤖 Generated with Claude Code · Jira: OSIS-166