Skip to content

Improve error wrapping in tbot identity service#62103

Merged
strideynet merged 1 commit intomasterfrom
strideynet/improve-identity-service-error-wrapping
Dec 10, 2025
Merged

Improve error wrapping in tbot identity service#62103
strideynet merged 1 commit intomasterfrom
strideynet/improve-identity-service-error-wrapping

Conversation

@strideynet
Copy link
Copy Markdown
Contributor

@strideynet strideynet commented Dec 9, 2025
edited
Loading

@webvictim ran into a fairly non-descript error recently:

tbot[3906116]: 2025-12-09T10:47:57.963-04:00 WARN [TBOT:SVC:] Task failed. Backing off and retrying attempt:3 retry_limit:5 backoff:2.781922502s error:[
tbot[3906116]: ERROR REPORT:
tbot[3906116]: Original Error: syscall.Errno permission denied
tbot[3906116]: Stack Trace: ...
tbot[3906116]: User Message: permission denied] internal/loop.go:172

The root cause being that the known_hosts file was owned by another user. I took a look and it turns out that in some of these older code paths, we've really not done a good job of wrapping errors.

After my changes, it looks a little more like:

ERROR REPORT:
Original Error: *trace.AccessDeniedError open /Users/noah/code/gravitational/teleport-scratch/tbot/workload-identity/identity/known_hosts: permission denied
Stack Trace: ...
User Message: rendering OpenSSH config
        writing known_hosts to destination
                reading "/Users/noah/code/gravitational/teleport-scratch/tbot/workload-identity/identity/known_hosts"
                        open /Users/noah/code/gravitational/teleport-scratch/tbot/workload-identity/identity/known_hosts: permission denied] internal/loop.go:172

changelog: Improved detail of error messages for identity service in tbot

@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from boxofrad December 9, 2025 23:16
@strideynet strideynet added this pull request to the merge queue Dec 10, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Dec 10, 2025
@strideynet strideynet added this pull request to the merge queue Dec 10, 2025
Merged via the queue into master with commit 39161bd Dec 10, 2025
47 checks passed
@strideynet strideynet deleted the strideynet/improve-identity-service-error-wrapping branch December 10, 2025 10:02
@backport-bot-workflows
Copy link
Copy Markdown
Contributor

backport-bot-workflows bot commented Dec 10, 2025

@strideynet See the table below for backport results.

Branch Result
branch/v17 Create PR
branch/v18 Create PR

This was referenced Dec 10, 2025
Merged
Merged
21KennethTran pushed a commit that referenced this pull request Jan 6, 2026
@strideynet @21KennethTran
Improve error wrapping in tbot identity service (#62103)
af4b2f1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timothyb89 timothyb89 timothyb89 approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees

No one assigned

Labels

backport/branch/v17 backport/branch/v18 machine-id size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@strideynet @timothyb89 @rosstimothy