refactor: update exception handling to raise directly in inner function

Co-Authored-By: Aaron <AJ> Steers <aj@airbyte.io>

Author: devin-ai-integration[bot]

airbyte_cdk/cli/airbyte_cdk/_secrets.py

@@ -132,35 +132,37 @@ def fetch(
     )
     # Fetch and write secrets
     secret_count = 0
-    failed_secrets: list[str] = []
+    exceptions = []
 
     for secret in secrets:
         secret_file_path = _get_secret_filepath(
             secrets_dir=secrets_dir,
             secret=secret,
         )
-        error = _write_secret_file(
-            secret=secret,
-            client=client,
-            file_path=secret_file_path,
-        )
-
-        if error:
-            secret_name = _extract_secret_name(secret.name)
-            failed_secrets.append(secret_name)
-            click.echo(f"Failed to retrieve secret '{secret_name}': {error}", err=True)
-        else:
+        try:
+            _write_secret_file(
+                secret=secret,
+                client=client,
+                file_path=secret_file_path,
+                connector_name=connector_name,
+                gcp_project_id=gcp_project_id,
+            )
             click.echo(f"Secret written to: {secret_file_path.absolute()!s}", err=True)
             secret_count += 1
+        except ConnectorSecretWithNoValidVersionsError as e:
+            exceptions.append(e)
+            click.echo(
+                f"Failed to retrieve secret '{e.secret_name}': No enabled version found", err=True
+            )
 
-    if secret_count == 0 and not failed_secrets:
+    if secret_count == 0 and not exceptions:
         click.echo(
             f"No secrets found for connector: '{connector_name}'",
             err=True,
         )
 
-    if failed_secrets:
-        error_message = f"Failed to retrieve {len(failed_secrets)} secret(s)"
+    if exceptions:
+        error_message = f"Failed to retrieve {len(exceptions)} secret(s)"
         click.echo(
             style(
                 error_message,
@@ -169,11 +171,7 @@ def fetch(
             err=True,
         )
         if secret_count == 0:
-            raise ConnectorSecretWithNoValidVersionsError(
-                connector_name=connector_name,
-                secret_names=failed_secrets,
-                gcp_project_id=gcp_project_id,
-            )
+            raise exceptions[0]
 
     if not print_ci_secrets_masks:
         return
@@ -333,19 +331,23 @@ def _write_secret_file(
     secret: "Secret",  # type: ignore
     client: "secretmanager.SecretManagerServiceClient",  # type: ignore
     file_path: Path,
-) -> str | None:
+    connector_name: str,
+    gcp_project_id: str,
+) -> None:
     """Write the most recent enabled version of a secret to a file.
 
     Lists all enabled versions of the secret and selects the most recent one.
-    Returns an error message if no enabled versions are found.
+    Raises ConnectorSecretWithNoValidVersionsError if no enabled versions are found.
 
     Args:
         secret: The secret to write to a file
         client: The Secret Manager client
         file_path: The path to write the secret to
+        connector_name: The name of the connector
+        gcp_project_id: The GCP project ID
 
-    Returns:
-        str | None: Error message if no enabled version is found, None otherwise
+    Raises:
+        ConnectorSecretWithNoValidVersionsError: If no enabled version is found
     """
     # List all enabled versions of the secret.
     response = client.list_secret_versions(
@@ -358,14 +360,17 @@ def _write_secret_file(
 
     if not versions:
         secret_name = _extract_secret_name(secret.name)
-        return f"No enabled version found for secret: {secret_name}"
+        raise ConnectorSecretWithNoValidVersionsError(
+            connector_name=connector_name,
+            secret_name=secret_name,
+            gcp_project_id=gcp_project_id,
+        )
 
     enabled_version = versions[0]
 
     response = client.access_secret_version(name=enabled_version.name)
     file_path.write_text(response.payload.data.decode("UTF-8"))
     file_path.chmod(0o600)  # default to owner read/write only
-    return None
 
 
 def _get_secrets_dir(

airbyte_cdk/cli/airbyte_cdk/exceptions.py

@@ -9,19 +9,15 @@ class ConnectorSecretWithNoValidVersionsError(Exception):
     """Error when a connector secret has no valid versions."""
 
     connector_name: str
-    secret_names: list[str]
+    secret_name: str
     gcp_project_id: str
 
     def __str__(self) -> str:
         """Return a string representation of the exception."""
         from airbyte_cdk.cli.airbyte_cdk._secrets import _get_secret_url
 
-        urls = [
-            _get_secret_url(secret_name, self.gcp_project_id) for secret_name in self.secret_names
-        ]
-        urls_str = "\n".join([f"- {url}" for url in urls])
-        secrets_str = ", ".join(self.secret_names)
+        url = _get_secret_url(self.secret_name, self.gcp_project_id)
         return (
-            f"No valid versions found for the following secrets in connector '{self.connector_name}': {secrets_str}. "
-            f"Please check the following URLs for more information:\n{urls_str}"
+            f"No valid versions found for secret '{self.secret_name}' in connector '{self.connector_name}'. "
+            f"Please check the following URL for more information:\n- {url}"
         )

unit_tests/cli/airbyte_cdk/test_secrets.py

@@ -41,7 +41,13 @@ def test_write_secret_file_with_enabled_version(self, mock_client, mock_secret,
         mock_client.access_secret_version.return_value = mock_response
 
         # Call the function
-        result = _write_secret_file(mock_secret, mock_client, mock_file_path)
+        _write_secret_file(
+            secret=mock_secret,
+            client=mock_client,
+            file_path=mock_file_path,
+            connector_name="test-connector",
+            gcp_project_id="test-project",
+        )
 
         # Verify that list_secret_versions was called with the correct parameters
         mock_client.list_secret_versions.assert_called_once()
@@ -53,17 +59,21 @@ def test_write_secret_file_with_enabled_version(self, mock_client, mock_secret,
         # Verify that the file was created with the correct content
         assert mock_file_path.read_text() == '{"key": "value"}'
 
-        # Verify that no error was returned
-        assert result is None
-
     def test_write_secret_file_with_no_enabled_versions(
         self, mock_client, mock_secret, mock_file_path
     ):
         # Mock list_secret_versions to return an empty list (no enabled versions)
         mock_client.list_secret_versions.return_value = []
 
-        # Call the function
-        result = _write_secret_file(mock_secret, mock_client, mock_file_path)
+        # Call the function and expect an exception
+        with pytest.raises(ConnectorSecretWithNoValidVersionsError) as excinfo:
+            _write_secret_file(
+                secret=mock_secret,
+                client=mock_client,
+                file_path=mock_file_path,
+                connector_name="test-connector",
+                gcp_project_id="test-project",
+            )
 
         # Verify that list_secret_versions was called with the correct parameters
         mock_client.list_secret_versions.assert_called_once()
@@ -75,10 +85,10 @@ def test_write_secret_file_with_no_enabled_versions(
         # Verify that the file was not created
         assert not mock_file_path.exists()
 
-        # Verify that an error was returned
-        assert result is not None
-        assert "No enabled version found for secret" in result
-        assert "test-secret" in result
+        # Verify the exception details
+        assert excinfo.value.secret_name == "test-secret"
+        assert excinfo.value.connector_name == "test-connector"
+        assert excinfo.value.gcp_project_id == "test-project"
 
 
 @patch("airbyte_cdk.cli.airbyte_cdk._secrets._get_gsm_secrets_client")
@@ -118,9 +128,14 @@ def test_fetch_with_some_failed_secrets(
         with patch(
             "airbyte_cdk.cli.airbyte_cdk._secrets._write_secret_file"
         ) as mock_write_secret_file:
+            # First call succeeds, second call raises exception
             mock_write_secret_file.side_effect = [
                 None,  # Success for secret1
-                "No enabled version found for secret: test-secret-2",  # Failure for secret2
+                ConnectorSecretWithNoValidVersionsError(
+                    connector_name="test-connector",
+                    secret_name="test-secret-2",
+                    gcp_project_id="test-project",
+                ),  # Failure for secret2
             ]
 
             # Call the function
@@ -170,8 +185,16 @@ def test_fetch_with_all_failed_secrets(
             "airbyte_cdk.cli.airbyte_cdk._secrets._write_secret_file"
         ) as mock_write_secret_file:
             mock_write_secret_file.side_effect = [
-                "No enabled version found for secret: test-secret-1",  # Failure for secret1
-                "No enabled version found for secret: test-secret-2",  # Failure for secret2
+                ConnectorSecretWithNoValidVersionsError(
+                    connector_name="test-connector",
+                    secret_name="test-secret-1",
+                    gcp_project_id="test-project",
+                ),  # Failure for secret1
+                ConnectorSecretWithNoValidVersionsError(
+                    connector_name="test-connector",
+                    secret_name="test-secret-2",
+                    gcp_project_id="test-project",
+                ),  # Failure for secret2
             ]
 
             # Call the function