Add validate account before creating

[MarcusGoldschmidt]

Description

• Bug fix
• New feature

Useful links:

• Baton SDK coding guidelines
• New contributor guide

Summary by CodeRabbit

• Bug Fixes

  • Account resources are no longer re-provisioned if they already exist; existing resources are detected and returned instead of creating duplicates.

• Improvements

  • Creation responses now explicitly indicate when a new account was created, alongside the returned resource and plaintext data.
  • Pre-validation added to short-circuit provisioning when an existing resource is found.

• Chores

  • Internal error handling refined for clearer failure signals.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds a package-level error in pkg/bsql/provisioning.go and a pre-provisioning existence check in pkg/bsql/user_syncer.go that returns an existing Resource and sets IsCreateAccountResult true, skipping provisioning when a matching account resource already exists.

Changes

Cohort / File(s)	Summary
Error handling addition pkg/bsql/provisioning.go	Introduces package-level error ErrUnableFindResourceProvisioning and replaces an inline fmt.Errorf used when no matching resource provisioning is found.
CreateAccount pre-check & response update pkg/bsql/user_syncer.go	Adds a pre-validation check for an existing account resource; if found, logs and returns a success result containing the existing Resource and sets IsCreateAccountResult true. Non-ErrUnableFindResourceProvisioning errors are wrapped and returned; provisioning proceeds when no existing resource is found.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Verify validateAccount uses the new ErrUnableFindResourceProvisioning consistently.
• Confirm CreateAccount early-return path populates Resource and IsCreateAccountResult correctly.
• Check error wrapping preserves context and that normal provisioning flow is unchanged when no existing resource is present.

Poem

🐰 I hopped through lines of careful code,
Found a friend already on the road,
Saved a query, lightened the load,
Named an error — tidy mode,
I twitched my nose and munched a node.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding account validation before resource provisioning in the CreateAccount flow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch goldschmidt/validate-account

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6b0b588 and 77b1c00.

📒 Files selected for processing (1)

• pkg/bsql/user_syncer.go (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.go: Error handling: use fmt.Errorf with contextual messages; check specific errors with errors.Is
Organize imports: standard library first, then third-party, then project imports; alphabetize within each group
Naming: CamelCase for exported identifiers; camelCase for unexported; preserve acronyms like ID, URL, HTTP, API
Limit line length to a maximum of 200 characters
Comments for exported items must be complete sentences ending with periods
Do not use log.Fatal or log.Panic (ruleguard-enforced)

Files:

• pkg/bsql/user_syncer.go

🧬 Code graph analysis (1)

pkg/bsql/user_syncer.go (1)

pkg/bsql/provisioning.go (1)

• ErrUnableFindResourceProvisioning (16-16)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: go-test (ubuntu-latest)

🔇 Additional comments (3)

pkg/bsql/user_syncer.go (3)

139-144: LGTM! Pre-creation validation logic is correct.

The error handling properly distinguishes between "account not found" (allowing creation to proceed) and other validation errors (which are returned). The use of errors.Is follows Go best practices per the coding guidelines.

---

167-168: LGTM! IsCreateAccountResult correctly distinguishes new vs. existing accounts.

Setting IsCreateAccountResult: true only for newly created accounts (and leaving it false for pre-existing accounts at line 149-151) properly signals to callers whether account creation actually occurred.

---

146-152: Confirm CreateAccount is intentionally idempotent; consider adding documentation.

When an existing account is detected, CreateAccount returns it without updating credentials, even if new credentialOptions are provided. This is intentional: CreateAccount is idempotent and focuses on account creation, while credential updates must be performed via the separate Rotate method. Add a comment explaining this behavior to clarify the design for future maintainers.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

pkg/bsql/provisioning.go (1)

16-17: Add documentation comment for exported error variable.

Per Go conventions and the coding guidelines, exported identifiers should have documentation comments that are complete sentences ending with periods.

+// ErrUnableFindResourceProvisioning is returned when the validation query does not find a matching resource.
 var ErrUnableFindResourceProvisioning = errors.New("unable to find resource for account provisioning")

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0c04d4e and e388cce.

📒 Files selected for processing (2)

• pkg/bsql/provisioning.go (2 hunks)
• pkg/bsql/user_syncer.go (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.go: Error handling: use fmt.Errorf with contextual messages; check specific errors with errors.Is
Organize imports: standard library first, then third-party, then project imports; alphabetize within each group
Naming: CamelCase for exported identifiers; camelCase for unexported; preserve acronyms like ID, URL, HTTP, API
Limit line length to a maximum of 200 characters
Comments for exported items must be complete sentences ending with periods
Do not use log.Fatal or log.Panic (ruleguard-enforced)

Files:

• pkg/bsql/provisioning.go
• pkg/bsql/user_syncer.go

🧬 Code graph analysis (1)

pkg/bsql/user_syncer.go (1)

pkg/bsql/provisioning.go (1)

• ErrUnableFindResourceProvisioning (16-16)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: go-test (ubuntu-latest)

🔇 Additional comments (1)

pkg/bsql/provisioning.go (1)

184-186: LGTM!

Using the sentinel error here enables callers to distinguish "resource not found" from other validation failures using errors.Is().

[ggreer]

If it's already created, don't we want to update the password based on the credential options?

[ggreer]

Coderabbit has a good point about that error message, and our real fix should involve returning a new CreateAccountResponse with an AlreadyExistsResult, but this should help for now.

[ggreer]

Oh yeah, definitely remove the plaintextDataList from the return value, because those credentials are not the ones for the existing account.