Skip to content

Reply cleanly on unhandled credential errors in run channel#4881

Merged
midigofrank merged 2 commits into
mainfrom
4853-run-channel-unhandled-credential-errors
Jun 18, 2026
Merged

Reply cleanly on unhandled credential errors in run channel#4881
midigofrank merged 2 commits into
mainfrom
4853-run-channel-unhandled-credential-errors

Conversation

@midigofrank

@midigofrank midigofrank commented Jun 18, 2026

Copy link
Copy Markdown
Collaborator

Description

RunChannel.handle_credential_error/5 pattern-matched a fixed set of error tags with no fallback, so an unexpected error term — most notably an OAuth provider timeout during token refresh, which surfaces as an untyped transport error — raised FunctionClauseError and crashed the channel mid-fetch:credential, dropping the worker's connection.

Add a fallback clause that logs the unexpected term and replies with a clean error so the worker receives a response instead of losing the connection.

Closes #4853

Validation steps

  1. (How can a reviewer validate your work?)

AI Usage

Please disclose whether you've used AI anywhere in this PR (it's cool, we just
want to know!):

  • I have used Claude Code
  • I have used another model
  • I have not used AI

You can read more details in our
Responsible AI Policy

Pre-submission checklist

  • I have performed an AI review of my code (we recommend using /review
    with Claude Code)
  • I have implemented and tested all related authorization policies.
    (e.g., :owner, :admin, :editor, :viewer)
  • I have updated the changelog.
  • I have ticked a box in "AI usage" in this PR

@github-project-automation github-project-automation Bot moved this to New Issues in Core Jun 18, 2026
@midigofrank midigofrank self-assigned this Jun 18, 2026
RunChannel.handle_credential_error/5 pattern-matched a fixed set of
error tags with no fallback, so an unexpected error term — most notably
an OAuth provider timeout during token refresh, which surfaces as an
untyped transport error — raised FunctionClauseError and crashed the
channel mid-fetch:credential, dropping the worker's connection.

Add a fallback clause that logs the unexpected term and replies with a
clean error so the worker receives a response instead of losing the
connection.
@midigofrank midigofrank force-pushed the 4853-run-channel-unhandled-credential-errors branch from 42430fd to 4ba2628 Compare June 18, 2026 13:40
@midigofrank midigofrank marked this pull request as ready for review June 18, 2026 14:03
@midigofrank midigofrank requested a review from elias-ba June 18, 2026 14:03
@github-actions

Copy link
Copy Markdown

Security Review ✅

  • S0 (project scoping): N/A — the diff only adds a fallback error-reply clause in run_channel.ex:553-562; no new queries or entrypoints for project-scoped data.
  • S1 (authorization): N/A — no new actions added; the existing fetch:credential authorization path is unchanged, the new clause only formats an error reply.
  • S2 (audit trail): N/A — the fallback only logs and replies with an error message; no insert/update/delete on config resources.

@midigofrank

Copy link
Copy Markdown
Collaborator Author

@elias-ba I'm merging this in. I know you were interested in some metrics? I haven't added any, this change simply stops the run channel from crashing when it receives an unknown error from the Credentials.resolve_credential_body/2. There are some audits in place for tracking these errors: https://github.com/OpenFn/lightning/blob/main/lib/lightning/credentials/audit.ex#L80

@midigofrank midigofrank merged commit 6ba781e into main Jun 18, 2026
5 of 6 checks passed
@midigofrank midigofrank deleted the 4853-run-channel-unhandled-credential-errors branch June 18, 2026 14:14
@github-project-automation github-project-automation Bot moved this from New Issues to Done in Core Jun 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

RunChannel.handle_credential_error/5 has no fallback clause for unexpected OAuth errors

1 participant