fix: cleanup left over status.Error in favor of connect.NewError

service/health/health.go

@@ -2,14 +2,14 @@ package health
 
 import (
 	"context"
+	"errors"
 	"log/slog"
 
+	"connectrpc.com/connect"
 	"connectrpc.com/grpchealth"
 	"github.com/opentdf/platform/service/logger"
 	"github.com/opentdf/platform/service/pkg/serviceregistry"
-	"google.golang.org/grpc/codes"
 	healthpb "google.golang.org/grpc/health/grpc_health_v1"
-	"google.golang.org/grpc/status"
 )
 
 var serviceHealthChecks = make(map[string]func(context.Context) error)
@@ -75,12 +75,12 @@ func (s HealthService) Check(ctx context.Context, req *grpchealth.CheckRequest)
 }
 
 func (s HealthService) Watch(_ *healthpb.HealthCheckRequest, _ healthpb.Health_WatchServer) error {
-	return status.Error(codes.Unimplemented, "unimplemented")
+	return connect.NewError(connect.CodeUnimplemented, errors.New("unimplemented"))
 }
 
 func RegisterReadinessCheck(namespace string, service func(context.Context) error) error {
 	if _, ok := serviceHealthChecks[namespace]; ok {
-		return status.Error(codes.AlreadyExists, "readiness check already registered")
+		return errors.New("readiness check already registered")
 	}
 	serviceHealthChecks[namespace] = service
 

service/internal/auth/authn.go

@@ -6,6 +6,7 @@ import (
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"log/slog"
 	"net/http"
@@ -23,8 +24,6 @@ import (
 
 	sdkAudit "github.com/opentdf/platform/sdk/audit"
 	"github.com/opentdf/platform/service/logger"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 )
 
 const (
@@ -279,7 +278,7 @@ func (a Authentication) ConnectUnaryServerInterceptor() connect.UnaryInterceptor
 
 			header := req.Header()["Authorization"]
 			if len(header) < 1 {
-				return nil, status.Error(codes.Unauthenticated, "missing authorization header")
+				return nil, connect.NewError(connect.CodeUnauthenticated, errors.New("missing authorization header"))
 			}
 
 			// parse the rpc method
@@ -297,19 +296,19 @@ func (a Authentication) ConnectUnaryServerInterceptor() connect.UnaryInterceptor
 				req.Header()["Dpop"],
 			)
 			if err != nil {
-				return nil, status.Errorf(codes.Unauthenticated, "unauthenticated")
+				return nil, connect.NewError(connect.CodeUnauthenticated, errors.New("unauthenticated"))
 			}
 
 			// Check if the token is allowed to access the resource
 			if allowed, err := a.enforcer.Enforce(token, resource, action); err != nil {
 				if err.Error() == "permission denied" {
 					a.logger.Warn("permission denied", slog.String("azp", token.Subject()), slog.String("error", err.Error()))
-					return nil, status.Errorf(codes.PermissionDenied, "permission denied")
+					return nil, connect.NewError(connect.CodePermissionDenied, errors.New("permission denied"))
 				}
 				return nil, err
 			} else if !allowed {
 				a.logger.Warn("permission denied", slog.String("azp", token.Subject()))
-				return nil, status.Errorf(codes.PermissionDenied, "permission denied")
+				return nil, connect.NewError(connect.CodePermissionDenied, errors.New("permission denied"))
 			}
 
 			return next(newCtx, req)

service/internal/auth/authn_test.go

@@ -243,7 +243,10 @@ func (s *AuthSuite) Test_UnaryServerInterceptor_When_Authorization_Header_Missin
 	})(context.Background(), req)
 
 	s.Require().Error(err)
-	s.Require().ErrorIs(err, status.Error(codes.Unauthenticated, "missing authorization header"))
+
+	connectErr := connect.NewError(connect.CodeUnauthenticated, errors.New("missing authorization header"))
+
+	s.Require().ErrorAs(err, &connectErr)
 }
 
 func (s *AuthSuite) Test_CheckToken_When_Authorization_Header_Invalid_Expect_Error() {

service/kas/access/publicKey.go

@@ -11,8 +11,6 @@ import (
 	"connectrpc.com/connect"
 	kaspb "github.com/opentdf/platform/protocol/go/kas"
 	"github.com/opentdf/platform/service/internal/security"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
 )
 
@@ -116,7 +114,7 @@ func (p Provider) PublicKey(ctx context.Context, req *connect.Request[kaspb.Publ
 			return r(rsaPublicKeyPem, kid, err)
 		}
 	}
-	return nil, status.Error(codes.NotFound, "invalid algorithm or format")
+	return nil, connect.NewError(connect.CodeNotFound, errors.New("invalid algorithm or format"))
 }
 
 func exportRsaPublicKeyAsPemStr(pubkey *rsa.PublicKey) (string, error) {

service/wellknownconfiguration/wellknown_configuration.go

@@ -2,6 +2,7 @@ package wellknownconfiguration
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"log/slog"
 	"sync"
@@ -11,8 +12,6 @@ import (
 	"github.com/opentdf/platform/protocol/go/wellknownconfiguration/wellknownconfigurationconnect"
 	"github.com/opentdf/platform/service/logger"
 	"github.com/opentdf/platform/service/pkg/serviceregistry"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/structpb"
 )
 
@@ -56,7 +55,7 @@ func (s WellKnownService) GetWellKnownConfiguration(_ context.Context, _ *connec
 	rwMutex.RUnlock()
 	if err != nil {
 		s.logger.Error("failed to create struct for wellknown configuration", slog.String("error", err.Error()))
-		return nil, status.Error(codes.Internal, "failed to create struct for wellknown configuration")
+		return nil, connect.NewError(connect.CodeInternal, errors.New("failed to create struct for wellknown configuration"))
 	}
 
 	rsp := &wellknown.GetWellKnownConfigurationResponse{