fix(security): surface XSUAA error bodies via shared helper#736
Open
maximilianbraun wants to merge 5 commits into
Open
fix(security): surface XSUAA error bodies via shared helper#736maximilianbraun wants to merge 5 commits into
maximilianbraun wants to merge 5 commits into
Conversation
Adds internal/clients/security/SpecifyAPIError so the rolecollection, group-assigner and user-assigner clients all unwrap *xsuaa.GenericOpenAPIError into a message that carries the response body instead of the HTTP status only. Existing 404 short-circuits are preserved.
maximilianbraun
added
the
release-notes/bugfix
maximilianbraun
requested a deployment
to
pr-e2e-approval
GitHub Actions
Waiting
XSUAA models are map[string]any which prints as map[k:v] — uglier than the JSON Body() they were parsed from. The model branch was mimicry of the subaccount helper; for XSUAA, Body() alone is the cleaner surface.
maximilianbraun
requested a deployment
to
pr-e2e-approval
GitHub Actions
Waiting
maximilianbraun
commented
Jun 20, 2026
maximilianbraun
left a comment
maximilianbraun
left a comment
Member
Author
There was a problem hiding this comment.
internal/clients/security/{rolecollection,rolecollectiongroupassignment,rolecollectionuserassignment}/*_test.go — The four-line reflect.NewAt(...UnsafeAddr()).Elem().Set(reflect.ValueOf(body)) dance to set the unexported body field on *xsuaa.GenericOpenAPIError is now inlined 3× across the new sub-package tests, plus a 4th copy as newGenericErr in errors_test.go. Same shape PR #731 just consolidated for the account-side: drop these copies, add internal/testutils/openapi_errors.go::NewXsuaaAPIError(body []byte) error, call it from all four sites. Each test shrinks to one line and the regeneration-rot risk lives in one place.
Reviewer flagged 4 inline reflect+unsafe copies that all set the unexported `body` field on a *xsuaa.GenericOpenAPIError. Extract to internal/testutils/openapi_errors_xsuaa.go::NewXsuaaAPIError so each test site collapses to one line. Filed under a separate filename from PR #731's openapi_errors.go to avoid a rebase collision; the two helpers can be unified once both branches land.
maximilianbraun
requested a deployment
to
pr-e2e-approval
GitHub Actions
Waiting
maximilianbraun
commented
Jun 20, 2026
maximilianbraun
left a comment
maximilianbraun
left a comment
Member
Author
There was a problem hiding this comment.
Helper is minimal — single body []byte param, nil short-circuit matches the empty-returns-self case, the IsValid() guard handles SDK regeneration. All 4 inline copies collapsed to one-liners, no scope creep. Resolved.
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
had a problem deploying
to
pr-e2e-no-approval
GitHub Actions
Failure
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
had a problem deploying
to
pr-e2e-no-approval
GitHub Actions
Failure
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
maximilianbraun
temporarily deployed
to
pr-e2e-no-approval
GitHub Actions
Inactive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Mirrors PR #716 (subaccount) for the three XSUAA security clients. Adds a single
SpecifyAPIErrorhelper atinternal/clients/security/errors.goand routes every.Execute()error in:internal/clients/security/rolecollection/xsuaa_rolecollection.gointernal/clients/security/rolecollectiongroupassignment/xsuaa_group_assigner.gointernal/clients/security/rolecollectionuserassignment/xsuaa_user_assigner.gothrough it. The helper type-asserts to
*xsuaa.GenericOpenAPIErrorand surfaces the parsed model (or, failing that, the raw response body) so users see the actual XSUAA error payload inSyncedconditions instead of a bare500 Internal Server Error.Why a separate helper
The XSUAA OpenAPI client lives in its own module (
internal/openapi_clients/btp-xsuaa-service-api-go/pkg) with its ownGenericOpenAPIErrortype, so the existing helper ininternal/controller/account/subaccount/subaccount.gocannot be reused as-is. The new helper has the same shape but targets the XSUAA error type, withmap[string]anyas the model.The existing 404 short-circuits in
rolecollection.Deleteanduserassignment.HasRoleare deliberately preserved.Test plan
go build ./... && go vet ./...cleango test -race -count=1 ./internal/clients/security/...green (helper unit tests + one per-file integration test asserting the response body is surfaced)gofmt -l internal/clients/security/cleanrelease-notes/bugfix