feat: return auth error

If controller encounter a auth error (token invalid), error stay silent
to user

Author: guilhem

internal/controller/linodemachine_controller.go

@@ -178,8 +178,13 @@ func (r *LinodeMachineReconciler) reconcile(ctx context.Context, logger logr.Log
 	//nolint:dupl // Code duplication is simplicity in this case.
 	defer func() {
 		if err != nil {
-			// Only set failure reason if the error is not retryable.
-			if linodego.ErrHasStatus(err, http.StatusBadRequest) {
+			// Set specific failure reason for authentication errors
+			if util.IsAuthenticationError(err) {
+				failureReason = util.CredentialError
+			}
+
+			// Set failure status for terminal errors (400, 401, 403, 404)
+			if util.IsTerminalError(err) {
 				machineScope.LinodeMachine.Status.FailureReason = util.Pointer(failureReason)
 				machineScope.LinodeMachine.Status.FailureMessage = util.Pointer(err.Error())
 				machineScope.LinodeMachine.SetCondition(metav1.Condition{

internal/controller/linodemachine_controller_helpers.go

@@ -75,8 +75,9 @@ func retryIfTransient(err error, logger logr.Logger) (ctrl.Result, error) {
 		}
 		return ctrl.Result{RequeueAfter: reconciler.DefaultMachineControllerRetryDelay}, nil
 	}
-	logger.Error(err, "unknown Linode API error")
-	return ctrl.Result{RequeueAfter: reconciler.DefaultMachineControllerRetryDelay}, nil
+	// Return the error for terminal errors (400, 401, 403, 404) so that
+	// the reconciler can set appropriate conditions and events
+	return ctrl.Result{}, err
 }
 
 func fillCreateConfig(createConfig *linodego.InstanceCreateOptions, machineScope *scope.MachineScope) {

util/errors.go

@@ -29,8 +29,9 @@ var (
 
 // List of failure reasons to use in the status fields of our resources
 var (
-	CreateError  = "CreateError"
-	DeleteError  = "DeleteError"
-	UpdateError  = "UpdateError"
-	UnknownError = "UnknownError"
+	CreateError     = "CreateError"
+	DeleteError     = "DeleteError"
+	UpdateError     = "UpdateError"
+	UnknownError    = "UnknownError"
+	CredentialError = "CredentialError"
 )

util/helpers.go

@@ -61,6 +61,24 @@ func IsRetryableError(err error) bool {
 		linodego.ErrorFromError) || errors.Is(err, http.ErrHandlerTimeout) || errors.Is(err, os.ErrDeadlineExceeded) || errors.Is(err, io.ErrUnexpectedEOF)
 }
 
+// IsAuthenticationError determines if the error is an authentication or authorization error (401/403)
+// These errors are terminal and should not be retried without user intervention
+func IsAuthenticationError(err error) bool {
+	return linodego.ErrHasStatus(err, http.StatusUnauthorized, http.StatusForbidden)
+}
+
+// IsTerminalError determines if the error is terminal and should not be retried.
+// Terminal errors include bad requests (400), authentication errors (401/403), and not found (404)
+func IsTerminalError(err error) bool {
+	return linodego.ErrHasStatus(
+		err,
+		http.StatusBadRequest,
+		http.StatusUnauthorized,
+		http.StatusForbidden,
+		http.StatusNotFound,
+	)
+}
+
 // GetInstanceID determines the instance ID from the ProviderID
 func GetInstanceID(providerID *string) (int, error) {
 	if providerID == nil {