Internal GitLab connection fails with unhelpful "request failed" error #1037
Description
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Problem
ValidateGitHubToken, ValidateGitLabToken, and ValidateGoogleToken in components/backend/handlers/integration_validation.go discard the underlying network error and return a generic "request failed". This hides the root cause — TLS errors, DNS failures, connection refused, timeouts — from both users and operator logs.
Steps to reproduce
- Deploy the latest version of the platform.
- Go to Settings → Integrations → GitLab.
- Enter a valid PAT for an internal GitLab instance (e.g.
https://gitlab.cee.redhat.com). - Click Connect.
Actual result
GitLab connectivity check failed: failed to connect to GitLab API at https://gitlab.cee.redhat.com: request failed
Expected result
An actionable error that includes the network-level cause, e.g.:
…request failed: tls: failed to verify certificate: x509: certificate signed by unknown authority
Suggested fix
The original comment says // Don't wrap error - could leak token from request details. The token is in the Authorization header, which *url.Error does not include — but the URL itself may be sensitive. Unwrap *url.Error to extract only the inner network error:
resp, err := client.Do(req)
if err != nil {
if urlErr, ok := err.(*url.Error); ok {
err = urlErr.Err
}
return false, fmt.Errorf("request failed: %w", err)
}Important: This change is security-relevant. Unit tests must verify that the returned error contains the network-level cause (e.g. TLS, DNS) but does not expose the request URL.