cleanup

Author: drewmalin

pkg/cmd/register/register.go

@@ -12,7 +12,6 @@ import (
 
 	nodev1 "buf.build/gen/go/brevdev/devplane/protocolbuffers/go/devplaneapi/v1"
 	"connectrpc.com/connect"
-	"github.com/cenkalti/backoff/v4"
 	"github.com/google/uuid"
 
 	"github.com/brevdev/brev-cli/pkg/config"
@@ -24,14 +23,6 @@ import (
 	"github.com/spf13/cobra"
 )
 
-const (
-	backoffInitialInterval = 1 * time.Second
-	backoffMaxInterval     = 10 * time.Second
-	backoffMaxElapsedTime  = 1 * time.Minute
-
-	backoffPrintRound = 500 * time.Millisecond
-)
-
 // RegisterStore defines the store methods needed by the register command.
 type RegisterStore interface {
 	GetCurrentUser() (*entity.User, error)
@@ -217,7 +208,9 @@ func runRegister(ctx context.Context, t *terminal.Terminal, s RegisterStore, nam
 	runSetup(node, t, deps)
 
 	if deps.prompter.ConfirmYesNo("Would you like to enable SSH access to this device?") {
-		grantSSHAccess(ctx, t, deps, s, reg, brevUser, osUser)
+		if err := grantSSHAccess(ctx, t, deps, s, reg, brevUser, osUser); err != nil {
+			t.Vprintf("  Warning: SSH access not granted: %v\n", err)
+		}
 	}
 
 	return nil
@@ -339,7 +332,7 @@ func runSetup(node *nodev1.ExternalNode, t *terminal.Terminal, deps registerDeps
 	}
 }
 
-func grantSSHAccess(ctx context.Context, t *terminal.Terminal, deps registerDeps, tokenProvider externalnode.TokenProvider, reg *DeviceRegistration, brevUser *entity.User, osUser *user.User) {
+func grantSSHAccess(ctx context.Context, t *terminal.Terminal, deps registerDeps, tokenProvider externalnode.TokenProvider, reg *DeviceRegistration, brevUser *entity.User, osUser *user.User) error {
 	t.Vprint("")
 	t.Vprint(t.Green("Enabling SSH access on this device"))
 	t.Vprint("")
@@ -348,29 +341,11 @@ func grantSSHAccess(ctx context.Context, t *terminal.Terminal, deps registerDeps
 	t.Vprintf("  Linux user: %s\n", osUser.Username)
 	t.Vprint("")
 
-	backoffCtx := backoff.WithContext(backoff.NewExponentialBackOff(
-		backoff.WithInitialInterval(backoffInitialInterval),
-		backoff.WithMaxInterval(backoffMaxInterval),
-		backoff.WithMaxElapsedTime(backoffMaxElapsedTime),
-	), ctx)
-
-	opToTry := func() error {
-		err := GrantSSHAccessToNode(ctx, t, deps.nodeClients, tokenProvider, reg, brevUser, osUser)
-		if err != nil && !IsSSHConnectionError(err) {
-			return backoff.Permanent(err)
-		}
-		return err
-	}
-	onOpErr := func(err error, d time.Duration) {
-		t.Vprintf("  SSH access not yet granted; retrying in: %s...\n", d.Round(backoffPrintRound))
-	}
-
-	// Retry until the operation succeeds or the context is canceled.
-	err := backoff.RetryNotify(opToTry, backoffCtx, onOpErr)
+	err := GrantSSHAccessToNode(ctx, t, deps.nodeClients, tokenProvider, reg, brevUser, osUser)
 	if err != nil {
-		t.Vprintf("  Warning: SSH access not granted: %v\n", err)
-		return
+		return fmt.Errorf("grant SSH failed: %w", err)
 	}
 
 	t.Vprint(t.Green(fmt.Sprintf("SSH access enabled. You can now SSH to this device via: brev shell %s", reg.DisplayName)))
+	return nil
 }

pkg/cmd/register/register_test.go

@@ -500,31 +500,6 @@ Peers count: 0/0 Connected`
 	}
 }
 
-func TestIsSSHConnectionError(t *testing.T) {
-	t.Run("nil", func(t *testing.T) {
-		if IsSSHConnectionError(nil) {
-			t.Error("IsSSHConnectionError(nil) should be false")
-		}
-	})
-	t.Run("plain_error", func(t *testing.T) {
-		if IsSSHConnectionError(fmt.Errorf("some error")) {
-			t.Error("IsSSHConnectionError(plain error) should be false")
-		}
-	})
-	t.Run("connection_error_type", func(t *testing.T) {
-		err := &sshConnectionError{err: fmt.Errorf("transient")}
-		if !IsSSHConnectionError(err) {
-			t.Error("IsSSHConnectionError(sshConnectionError) should be true")
-		}
-	})
-	t.Run("wrapped_connection_error", func(t *testing.T) {
-		err := fmt.Errorf("wrapped: %w", &sshConnectionError{err: fmt.Errorf("transient")})
-		if !IsSSHConnectionError(err) {
-			t.Error("IsSSHConnectionError(wrapped sshConnectionError) should be true")
-		}
-	})
-}
-
 func Test_runRegister_GrantSSH_retries_on_connection_error_then_succeeds(t *testing.T) {
 	regStore := &mockRegistrationStore{}
 

pkg/cmd/register/sshkeys.go

@@ -8,6 +8,7 @@ import (
 	"os/user"
 	"path/filepath"
 	"strings"
+	"time"
 
 	nodev1 "buf.build/gen/go/brevdev/devplane/protocolbuffers/go/devplaneapi/v1"
 	"connectrpc.com/connect"
@@ -16,20 +17,16 @@ import (
 	"github.com/brevdev/brev-cli/pkg/entity"
 	"github.com/brevdev/brev-cli/pkg/externalnode"
 	"github.com/brevdev/brev-cli/pkg/terminal"
+	"github.com/cenkalti/backoff/v4"
 )
 
-// sshConnectionError marks an error as being due to a transient connection/transport failure
-type sshConnectionError struct{ err error }
+const (
+	backoffInitialInterval = 1 * time.Second
+	backoffMaxInterval     = 10 * time.Second
+	backoffMaxElapsedTime  = 1 * time.Minute
 
-func (e *sshConnectionError) Error() string { return e.err.Error() }
-func (e *sshConnectionError) Unwrap() error { return e.err }
-
-// IsSSHConnectionError reports whether err indicates a transient connection/transport
-// failure that may be retried. Used by grantSSHAccess to decide whether to backoff-retry.
-func IsSSHConnectionError(err error) bool {
-	var e *sshConnectionError
-	return errors.As(err, &e)
-}
+	backoffPrintRound = 500 * time.Millisecond
+)
 
 // BrevKeyComment is the marker appended to every SSH key that Brev installs.
 // It allows RemoveBrevAuthorizedKeys to identify and remove exactly those keys.
@@ -56,28 +53,44 @@ func GrantSSHAccessToNode(
 	}
 
 	client := nodeClients.NewNodeClient(tokenProvider, config.GlobalConfig.GetBrevPublicAPIURL())
-	_, err := client.GrantNodeSSHAccess(ctx, connect.NewRequest(&nodev1.GrantNodeSSHAccessRequest{
-		ExternalNodeId: reg.ExternalNodeID,
-		UserId:         targetUser.ID,
-		LinuxUser:      osUser.Username,
-	}))
-	if err != nil {
-		// Transport errors (connection reset, EOF) are transient — leave the key
-		// installed so retries don't need to reinstall it, and signal the caller
-		// with a distinct error type.
-		var connectErr *connect.Error
-		if errors.As(err, &connectErr) && connectErr.Code() == connect.CodeInternal {
-			return &sshConnectionError{err: fmt.Errorf("failed to grant SSH access (transient): %w", err)}
-		}
-		// Permanent error — roll back the key so we don't leave an unrecorded entry.
-		if targetUser.PublicKey != "" {
-			if rerr := RemoveAuthorizedKey(osUser, targetUser.PublicKey); rerr != nil {
-				t.Vprintf("  %s\n", t.Yellow(fmt.Sprintf("Warning: failed to remove SSH key after failed grant: %v", rerr)))
+
+	backoffCtx := backoff.WithContext(backoff.NewExponentialBackOff(
+		backoff.WithInitialInterval(backoffInitialInterval),
+		backoff.WithMaxInterval(backoffMaxInterval),
+		backoff.WithMaxElapsedTime(backoffMaxElapsedTime),
+	), ctx)
+
+	opToTry := func() error {
+		_, err := client.GrantNodeSSHAccess(ctx, connect.NewRequest(&nodev1.GrantNodeSSHAccessRequest{
+			ExternalNodeId: reg.ExternalNodeID,
+			UserId:         targetUser.ID,
+			LinuxUser:      osUser.Username,
+		}))
+		if err != nil {
+			// Retryable error
+			var connectErr *connect.Error
+			if errors.As(err, &connectErr) && connectErr.Code() == connect.CodeInternal {
+				return fmt.Errorf("failed to grant SSH access (transient): %w", err)
+			}
+
+			// Permanent error — roll back the key so we don't leave an unrecorded entry and abort the backoff retry
+			if targetUser.PublicKey != "" {
+				if rerr := RemoveAuthorizedKey(osUser, targetUser.PublicKey); rerr != nil {
+					t.Vprintf("  %s\n", t.Yellow(fmt.Sprintf("Warning: failed to remove SSH key after failed grant: %v", rerr)))
+				}
 			}
+			return backoff.Permanent(fmt.Errorf("failed to grant SSH access: %w", err))
 		}
+
+		return nil
+	}
+	onOpErr := func(err error, d time.Duration) {
+		t.Vprintf("  SSH access not yet granted; retrying in: %s...\n", d.Round(backoffPrintRound))
+	}
+	err := backoff.RetryNotify(opToTry, backoffCtx, onOpErr)
+	if err != nil {
 		return fmt.Errorf("failed to grant SSH access: %w", err)
 	}
-
 	return nil
 }