Service accounts: refactor errors (#50917)

pkg/services/serviceaccounts/database/database.go

@@ -44,7 +44,7 @@ func (s *ServiceAccountsStoreImpl) CreateServiceAccount(ctx context.Context, org
 	newuser, err := s.sqlStore.CreateUser(ctx, cmd)
 	if err != nil {
 		if errors.Is(err, models.ErrUserAlreadyExists) {
-			return nil, &ErrSAInvalidName{}
+			return nil, ErrServiceAccountAlreadyExists
 		}
 		return nil, fmt.Errorf("failed to create service account: %w", err)
 	}
@@ -439,16 +439,15 @@ func (s *ServiceAccountsStoreImpl) RevertApiKey(ctx context.Context, keyId int64
 	key := query.Result
 
 	if key.ServiceAccountId == nil {
-		// TODO: better error message
-		return fmt.Errorf("API key is not linked to service account")
+		return fmt.Errorf("API key is not service account token")
 	}
 
 	tokens, err := s.ListTokens(ctx, key.OrgId, *key.ServiceAccountId)
 	if err != nil {
-		return fmt.Errorf("cannot revert API key: %w", err)
+		return fmt.Errorf("cannot revert token: %w", err)
 	}
 	if len(tokens) > 1 {
-		return fmt.Errorf("cannot revert API key: service account contains more than one token")
+		return fmt.Errorf("cannot revert token: service account contains more than one token")
 	}
 
 	err = s.sqlStore.WithTransactionalDbSession(ctx, func(sess *sqlstore.DBSession) error {
@@ -473,7 +472,7 @@ func (s *ServiceAccountsStoreImpl) RevertApiKey(ctx context.Context, keyId int64
 	})
 
 	if err != nil {
-		return fmt.Errorf("cannot revert to API key: %w", err)
+		return fmt.Errorf("cannot revert token to API key: %w", err)
 	}
 	return nil
 }

pkg/services/serviceaccounts/database/errors.go

@@ -1,52 +1,12 @@
 package database
 
 import (
-	"fmt"
-
-	"github.com/grafana/grafana/pkg/models"
+	"errors"
 )
 
-type ErrSAInvalidName struct {
-}
-
-func (e *ErrSAInvalidName) Error() string {
-	return "service account name already in use"
-}
-
-func (e *ErrSAInvalidName) Unwrap() error {
-	return models.ErrUserAlreadyExists
-}
-
-type ErrMissingSAToken struct {
-}
-
-func (e *ErrMissingSAToken) Error() string {
-	return "service account token not found"
-}
-
-func (e *ErrMissingSAToken) Unwrap() error {
-	return models.ErrApiKeyNotFound
-}
-
-type ErrInvalidExpirationSAToken struct {
-}
-
-func (e *ErrInvalidExpirationSAToken) Error() string {
-	return "service account token not found"
-}
-
-func (e *ErrInvalidExpirationSAToken) Unwrap() error {
-	return models.ErrInvalidApiKeyExpiration
-}
-
-type ErrDuplicateSAToken struct {
-	name string
-}
-
-func (e *ErrDuplicateSAToken) Error() string {
-	return fmt.Sprintf("service account token %s already exists in the organization", e.name)
-}
-
-func (e *ErrDuplicateSAToken) Unwrap() error {
-	return models.ErrDuplicateApiKey
-}
+var (
+	ErrServiceAccountAlreadyExists = errors.New("service account already exists")
+	ErrServiceAccountTokenNotFound = errors.New("service account token not found")
+	ErrInvalidTokenExpiration      = errors.New("invalid SecondsToLive value")
+	ErrDuplicateToken              = errors.New("service account token with given name already exists in the organization")
+)

pkg/services/serviceaccounts/database/token_store.go

@@ -35,7 +35,7 @@ func (s *ServiceAccountsStoreImpl) AddServiceAccountToken(ctx context.Context, s
 		key := models.ApiKey{OrgId: cmd.OrgId, Name: cmd.Name}
 		exists, _ := sess.Get(&key)
 		if exists {
-			return &ErrDuplicateSAToken{cmd.Name}
+			return ErrDuplicateToken
 		}
 
 		updated := time.Now()
@@ -44,7 +44,7 @@ func (s *ServiceAccountsStoreImpl) AddServiceAccountToken(ctx context.Context, s
 			v := updated.Add(time.Second * time.Duration(cmd.SecondsToLive)).Unix()
 			expires = &v
 		} else if cmd.SecondsToLive < 0 {
-			return &ErrInvalidExpirationSAToken{}
+			return ErrInvalidTokenExpiration
 		}
 
 		token := models.ApiKey{
@@ -74,13 +74,12 @@ func (s *ServiceAccountsStoreImpl) DeleteServiceAccountToken(ctx context.Context
 		if err != nil {
 			return err
 		}
-		n, err := result.RowsAffected()
-		if err != nil {
-			return err
-		} else if n == 0 {
-			return &ErrMissingSAToken{}
+		affected, err := result.RowsAffected()
+		if affected == 0 {
+			return ErrServiceAccountTokenNotFound
 		}
-		return nil
+
+		return err
 	})
 }