(secure-onboarding) Handle and populate errors from secure backend (#455

)

Fix summary:
-------------
Currently any of the backend API errors are returned by the provider as:
"Error: Empty Summary: This is always a bug in the provider and should be
 reported to the provider developers." This is not useful at all.

Hence, surfacing up the errors coming from backend during Create/Read/Update/Delete
operations for secure_cloud_auth_account and secure_organization resources.

Testing done:
---------------
Tested on an actual setup that errors are populated appropriately.

sysdig/internal/client/v2/cloudauth.go

@@ -19,30 +19,34 @@ const (
 
 type CloudauthAccountSecureInterface interface {
 	Base
-	CreateCloudauthAccountSecure(ctx context.Context, cloudAccount *CloudauthAccountSecure) (*CloudauthAccountSecure, error)
+	CreateCloudauthAccountSecure(ctx context.Context, cloudAccount *CloudauthAccountSecure) (*CloudauthAccountSecure, string, error)
 	GetCloudauthAccountSecure(ctx context.Context, accountID string) (*CloudauthAccountSecure, string, error)
 	DeleteCloudauthAccountSecure(ctx context.Context, accountID string) (string, error)
 	UpdateCloudauthAccountSecure(ctx context.Context, accountID string, cloudAccount *CloudauthAccountSecure) (*CloudauthAccountSecure, string, error)
 }
 
-func (client *Client) CreateCloudauthAccountSecure(ctx context.Context, cloudAccount *CloudauthAccountSecure) (*CloudauthAccountSecure, error) {
+func (client *Client) CreateCloudauthAccountSecure(ctx context.Context, cloudAccount *CloudauthAccountSecure) (*CloudauthAccountSecure, string, error) {
 	payload, err := client.marshalProto(cloudAccount)
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}
 
 	response, err := client.requester.Request(ctx, http.MethodPost, client.cloudauthAccountsURL(), payload)
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}
 	defer response.Body.Close()
 
 	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
-		err = client.ErrorFromResponse(response)
-		return nil, err
+		errStatus, err := client.ErrorAndStatusFromResponse(response)
+		return nil, errStatus, err
 	}
 
-	return client.unmarshalProto(response.Body)
+	cloudauthAccount, err := client.unmarshalProto(response.Body)
+	if err != nil {
+		return nil, "", err
+	}
+	return cloudauthAccount, "", nil
 }
 
 func (client *Client) GetCloudauthAccountSecure(ctx context.Context, accountID string) (*CloudauthAccountSecure, string, error) {

sysdig/internal/client/v2/organization.go

@@ -17,30 +17,34 @@ const (
 
 type OrganizationSecureInterface interface {
 	Base
-	CreateOrganizationSecure(ctx context.Context, org *OrganizationSecure) (*OrganizationSecure, error)
+	CreateOrganizationSecure(ctx context.Context, org *OrganizationSecure) (*OrganizationSecure, string, error)
 	GetOrganizationSecure(ctx context.Context, orgID string) (*OrganizationSecure, string, error)
 	DeleteOrganizationSecure(ctx context.Context, orgID string) (string, error)
 	UpdateOrganizationSecure(ctx context.Context, orgID string, org *OrganizationSecure) (*OrganizationSecure, string, error)
 }
 
-func (client *Client) CreateOrganizationSecure(ctx context.Context, org *OrganizationSecure) (*OrganizationSecure, error) {
+func (client *Client) CreateOrganizationSecure(ctx context.Context, org *OrganizationSecure) (*OrganizationSecure, string, error) {
 	payload, err := client.marshalOrg(org)
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}
 
 	response, err := client.requester.Request(ctx, http.MethodPost, client.organizationsURL(), payload)
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}
 	defer response.Body.Close()
 
 	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated && response.StatusCode != http.StatusAccepted {
-		err = client.ErrorFromResponse(response)
-		return nil, err
+		errStatus, err := client.ErrorAndStatusFromResponse(response)
+		return nil, errStatus, err
 	}
 
-	return client.unmarshalOrg(response.Body)
+	organization, err := client.unmarshalOrg(response.Body)
+	if err != nil {
+		return nil, "", err
+	}
+	return organization, "", nil
 }
 
 func (client *Client) GetOrganizationSecure(ctx context.Context, orgID string) (*OrganizationSecure, string, error) {

sysdig/resource_sysdig_secure_cloud_auth_account.go

@@ -181,9 +181,9 @@ func resourceSysdigSecureCloudauthAccountCreate(ctx context.Context, data *schem
 		return diag.FromErr(err)
 	}
 
-	cloudauthAccount, err := client.CreateCloudauthAccountSecure(ctx, cloudauthAccountFromResourceData(data))
+	cloudauthAccount, errStatus, err := client.CreateCloudauthAccountSecure(ctx, cloudauthAccountFromResourceData(data))
 	if err != nil {
-		return diag.FromErr(err)
+		return diag.Errorf("Error creating resource: %s %s", errStatus, err)
 	}
 
 	data.SetId(cloudauthAccount.Id)
@@ -206,11 +206,10 @@ func resourceSysdigSecureCloudauthAccountRead(ctx context.Context, data *schema.
 		if strings.Contains(errStatus, "404") {
 			return nil
 		}
-		return diag.FromErr(err)
+		return diag.Errorf("Error reading resource: %s %s", errStatus, err)
 	}
 
 	err = cloudauthAccountToResourceData(data, cloudauthAccount)
-
 	if err != nil {
 		return diag.FromErr(err)
 	}
@@ -229,23 +228,23 @@ func resourceSysdigSecureCloudauthAccountUpdate(ctx context.Context, data *schem
 		if strings.Contains(errStatus, "404") {
 			return nil
 		}
-		return diag.FromErr(err)
+		return diag.Errorf("Error reading resource: %s %s", errStatus, err)
 	}
 
 	newCloudAccount := cloudauthAccountFromResourceData(data)
 
 	// validate and reject non-updatable resource schema fields upfront
 	err = validateCloudauthAccountUpdate(existingCloudAccount, newCloudAccount)
 	if err != nil {
-		return diag.FromErr(err)
+		return diag.Errorf("Error updating resource: %s", err)
 	}
 
 	_, errStatus, err = client.UpdateCloudauthAccountSecure(ctx, data.Id(), newCloudAccount)
 	if err != nil {
 		if strings.Contains(errStatus, "404") {
 			return nil
 		}
-		return diag.FromErr(err)
+		return diag.Errorf("Error updating resource: %s %s", errStatus, err)
 	}
 
 	return nil
@@ -263,7 +262,7 @@ func resourceSysdigSecureCloudauthAccountDelete(ctx context.Context, data *schem
 		if strings.Contains(errStatus, "404") {
 			return nil
 		}
-		return diag.FromErr(err)
+		return diag.Errorf("Error deleting resource: %s %s", errStatus, err)
 	}
 
 	return nil

sysdig/resource_sysdig_secure_organization.go

@@ -61,9 +61,9 @@ func resourceSysdigSecureOrganizationCreate(ctx context.Context, data *schema.Re
 
 	org := secureOrganizationFromResourceData(data)
 
-	orgCreated, err := client.CreateOrganizationSecure(ctx, org)
+	orgCreated, errStatus, err := client.CreateOrganizationSecure(ctx, org)
 	if err != nil {
-		return diag.FromErr(err)
+		return diag.Errorf("Error creating resource: %s %s", errStatus, err)
 	}
 
 	data.SetId(orgCreated.Id)
@@ -82,7 +82,7 @@ func resourceSysdigSecureOrganizationDelete(ctx context.Context, data *schema.Re
 		if strings.Contains(errStatus, "404") {
 			return nil
 		}
-		return diag.FromErr(err)
+		return diag.Errorf("Error deleting resource: %s %s", errStatus, err)
 	}
 
 	return nil
@@ -99,7 +99,7 @@ func resourceSysdigSecureOrganizationRead(ctx context.Context, data *schema.Reso
 		if strings.Contains(errStatus, "404") {
 			return nil
 		}
-		return diag.FromErr(err)
+		return diag.Errorf("Error reading resource: %s %s", errStatus, err)
 	}
 
 	err = secureOrganizationToResourceData(data, org)
@@ -123,7 +123,7 @@ func resourceSysdigSecureOrganizationUpdate(ctx context.Context, data *schema.Re
 		if strings.Contains(errStatus, "404") {
 			return nil
 		}
-		return diag.FromErr(err)
+		return diag.Errorf("Error updating resource: %s %s", errStatus, err)
 	}
 
 	return nil