fix: properly catch and report ApiExceptions

[johanneskoester]

Summary by CodeRabbit

• Bug Fixes

  • Improved error reporting now provides clearer, more informative feedback when operations encounter unexpected failures, enhancing overall troubleshooting without altering the existing behavior for authentication-related errors.

• New Features

  • Enhanced testing capabilities by integrating MinIO for object storage testing, including setup and creation of a test S3 bucket.
  • Introduced a new configuration for deploying MinIO, ensuring persistent storage and easy access.
  • Added a method to retrieve the endpoint URL for MinIO in the testing framework.

[coderabbitai]

📝 Walkthrough

Walkthrough

The changes introduce an additional error handling mechanism in the _kubernetes_retry method, raising a WorkflowError with a message for non-401 ApiException errors. The handling of 401 errors remains unchanged, where the method attempts to reauthenticate and retry the function. Additionally, the CI workflow has been updated to include steps for setting up and testing a MinIO server, along with the introduction of a new YAML configuration file for deploying MinIO.

Changes

File Path	Change Summary
snakemake_executor_plugin_kubernetes/__init__.py	Enhanced error handling in _kubernetes_retry: raises a WorkflowError with a message for non-401 ApiException; maintains reauthentication and retry for 401 errors.
.github/workflows/ci.yml	Added steps to set up MinIO using comfuture/minio-action@v1 and modified /etc/hosts; updated "Test minio" step to follow new setup.
.github/workflows/assets/minio.yaml	Introduced a new YAML configuration for deploying MinIO, including a Deployment resource and a Service resource.
tests/tests.py	Added a new property method endpoint_url in the TestWorkflows class returning a hardcoded URL.

Sequence Diagram(s)

sequenceDiagram
    participant Caller as Caller
    participant Retry as _kubernetes_retry
    participant Kubernetes as Kubernetes API
    participant Auth as Authentication

    Caller->>Retry: Call _kubernetes_retry
    Retry->>Kubernetes: Execute request
    Kubernetes-->>Retry: Throw ApiException(e)
    Retry->>Retry: Check e.status
    alt e.status == 401
        Retry->>Auth: Reauthenticate
        Auth-->>Retry: Credentials refreshed
        Retry->>Kubernetes: Retry request
    else Other error
        Retry->>Caller: Raise WorkflowError("Kubernetes request failed: " + e)
    end

Loading

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 97a2160 and 23fcbd9.

📒 Files selected for processing (1)

• tests/tests.py (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• tests/tests.py

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: testing

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

snakemake_executor_plugin_kubernetes/__init__.py (1)

578-583: Improve exception chaining for better error traceability.

The addition of error handling for non-401 API exceptions is good, but it should use exception chaining to preserve the original exception's traceback, which is helpful for debugging.

            except kubernetes.client.rest.ApiException as e:
                if e.status == 401:
                    # Unauthorized.
                    # Reload config in order to ensure token is
                    # refreshed. Then try again.
                    return self._reauthenticate_and_retry(func)
-                raise WorkflowError("Kubernetes request failed.", e)
+                raise WorkflowError("Kubernetes request failed.", e) from e

This change ensures that the original ApiException traceback is preserved when the WorkflowError is raised, making debugging easier.

🧰 Tools

🪛 Ruff (0.8.2)

583-583: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1b668c1 and bc97170.

📒 Files selected for processing (1)

• snakemake_executor_plugin_kubernetes/__init__.py (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

`**/*.py`: Do not try to improve formatting. Do not suggest type annotations for functions that are defined inside of functions or methods. Do not suggest type annotation of the `s...

**/*.py: Do not try to improve formatting.
Do not suggest type annotations for functions that are defined inside of functions or methods.
Do not suggest type annotation of the self argument of methods.
Do not suggest type annotation of the cls argument of classmethods.
Do not suggest return type annotation if a function or method does not contain a return statement.

• snakemake_executor_plugin_kubernetes/__init__.py

🪛 Ruff (0.8.2)

snakemake_executor_plugin_kubernetes/__init__.py

583-583: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: testing
• GitHub Check: linting

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

.github/workflows/ci.yml (3)

69-74: Review: Secure the MinIO Setup Credentials
The "Setup minio" step is correctly configured to initialize a MinIO server. However, using hard-coded credentials (access_key: minio and secret_key: minio123) might be acceptable for testing but can lead to inadvertent exposure if not handled correctly. Consider using GitHub secrets to store these credentials for improved security and maintainability.

---

76-82: Review: Validate MinIO Test Step Configuration
The "Test minio" step exports the required AWS environment variables and attempts to create an S3 bucket named test on the local MinIO endpoint. Ensure that the AWS CLI is available in the runner environment and that the endpoint URL and bucket creation command behave as expected. Optionally, you could add a verification step to check if the bucket was successfully created, which would provide more robust feedback in the CI process.

---

83-111: General CI Workflow Integration Note
The overall structure of the CI workflow remains clear and the new MinIO steps are integrated appropriately within the testing job. Ensure that these changes do not interfere with or mask issues related to the ApiException error handling in your Kubernetes retry logic, as mentioned in the PR objectives. It might be helpful to include integration tests that validate both the Kubernetes error reporting and the MinIO setup if they interact in any way.

🧰 Tools

🪛 actionlint (1.7.4)

83-83: the runner of "actions/setup-python@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

93-93: the runner of "actions/setup-python@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bc97170 and 60fb53e.

📒 Files selected for processing (1)

• .github/workflows/ci.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: testing

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 60fb53e and b9a2fca.

📒 Files selected for processing (2)

• .github/workflows/assets/minio.yaml (1 hunks)
• .github/workflows/ci.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/ci.yml

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/assets/minio.yaml

2-2: unexpected key "apiVersion" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

2-2: "on" section is missing in workflow

(syntax-check)

---

2-2: "jobs" section is missing in workflow

(syntax-check)

---

3-3: unexpected key "kind" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

4-4: unexpected key "metadata" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

6-6: unexpected key "spec" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

🪛 YAMLlint (1.35.1)

.github/workflows/assets/minio.yaml

[warning] 27-27: wrong indentation: expected 8 but found 6

(indentation)

---

[warning] 31-31: wrong indentation: expected 8 but found 6

(indentation)

---

[warning] 33-33: wrong indentation: expected 10 but found 8

(indentation)

---

[error] 33-33: trailing spaces

(trailing-spaces)

---

[warning] 37-37: wrong indentation: expected 10 but found 8

(indentation)

---

[warning] 40-40: wrong indentation: expected 10 but found 8

(indentation)

---

[warning] 45-45: wrong indentation: expected 10 but found 8

(indentation)

---

[error] 46-46: no new line character at the end of file

(new-line-at-end-of-file)

🪛 GitHub Actions: CI

.github/workflows/assets/minio.yaml

[error] 1-1: Error: resource mapping not found for name: 'my-minio-fs' namespace: '' from '.github/workflows/assets/minio.yaml': no matches for kind 'Deployment' in version 'extensions/v1'. Ensure CRDs are installed first.

🔇 Additional comments (1)

.github/workflows/assets/minio.yaml (1)

1-12: PVC Block Looks Good

The PersistentVolumeClaim is defined correctly with API version v1 and appropriate storage request.

🧰 Tools

🪛 actionlint (1.7.4)

2-2: unexpected key "apiVersion" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

2-2: "on" section is missing in workflow

(syntax-check)

---

2-2: "jobs" section is missing in workflow

(syntax-check)

---

3-3: unexpected key "kind" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

4-4: unexpected key "metadata" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

6-6: unexpected key "spec" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

🪛 GitHub Actions: CI

[error] 1-1: Error: resource mapping not found for name: 'my-minio-fs' namespace: '' from '.github/workflows/assets/minio.yaml': no matches for kind 'Deployment' in version 'extensions/v1'. Ensure CRDs are installed first.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

.github/workflows/assets/minio.yaml (4)

1-25: Deployment Resource: Validate Configuration and Best Practices
The Deployment resource is correctly updated to use apiVersion: apps/v1 and includes a proper selector field matching the pod template labels. Please double-check that the indentation of the template: and its nested spec: sections is consistent with Kubernetes configurations. Additionally, while plaintext credentials are acceptable for CI testing, consider externalizing MINIO_ACCESS_KEY and MINIO_SECRET_KEY into secrets when moving to production environments.

🧰 Tools

🪛 actionlint (1.7.4)

1-1: unexpected key "apiVersion" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

1-1: "on" section is missing in workflow

(syntax-check)

---

1-1: "jobs" section is missing in workflow

(syntax-check)

---

2-2: unexpected key "kind" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

3-3: unexpected key "metadata" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

5-5: unexpected key "spec" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

27-38: Service Resource: Confirm Static Configuration and Consider Flexibility
The Service resource is correctly defined with the necessary selector and port mappings. Note that the static assignment of clusterIP: 10.96.3.3 works for your testing environment but may lead to conflicts or reduce flexibility in other environments. If possible, consider letting Kubernetes assign the cluster IP automatically (or configure it via a dedicated parameter).

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 38-38: no new line character at the end of file

(new-line-at-end-of-file)

---

38-38: Trailing Newline: Adhere to Best Practices
YAMLlint has flagged that there is no newline at the end of the file. Adding a newline after line 38 will improve compatibility with tools and is a best practice.

Below is a small diff to correct this:

-  clusterIP: 10.96.3.3
\ No newline at end of file
+  clusterIP: 10.96.3.3
+

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 38-38: no new line character at the end of file

(new-line-at-end-of-file)

---

1-38: Linter Configuration: Suppress Actionlint Warnings for Non-Workflow Files
Actionlint is reporting unexpected keys such as apiVersion, kind, and metadata because it expects GitHub Actions workflow syntax. Since this file is a Kubernetes manifest used in your CI/CD pipeline, consider configuring Actionlint (or your linter settings) to ignore files in the .github/workflows/assets/ directory.

🧰 Tools

🪛 actionlint (1.7.4)

1-1: unexpected key "apiVersion" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

1-1: "on" section is missing in workflow

(syntax-check)

---

1-1: "jobs" section is missing in workflow

(syntax-check)

---

2-2: unexpected key "kind" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

3-3: unexpected key "metadata" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

5-5: unexpected key "spec" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

🪛 YAMLlint (1.35.1)

[error] 38-38: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b9a2fca and 5cf25f4.

📒 Files selected for processing (2)

• .github/workflows/assets/minio.yaml (1 hunks)
• .github/workflows/ci.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/ci.yml

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/assets/minio.yaml

1-1: unexpected key "apiVersion" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

1-1: "on" section is missing in workflow

(syntax-check)

---

1-1: "jobs" section is missing in workflow

(syntax-check)

---

2-2: unexpected key "kind" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

3-3: unexpected key "metadata" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

---

5-5: unexpected key "spec" for "workflow" section. expected one of "concurrency", "defaults", "env", "jobs", "name", "on", "permissions", "run-name"

(syntax-check)

🪛 YAMLlint (1.35.1)

.github/workflows/assets/minio.yaml

[error] 38-38: no new line character at the end of file

(new-line-at-end-of-file)

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

tests/tests.py (1)

34-37: Looks good! Consider adding a docstring.

The addition of the endpoint_url property to specify the MinIO server endpoint is appropriate for the test class. This aligns with the PR objectives to improve API exception handling, as it helps set up proper testing infrastructure.

Consider adding a docstring to explain the purpose of this property and its relationship to the MinIO testing setup.

    @property
    def endpoint_url(self):
+        """Return the MinIO endpoint URL used for testing."""
        return "http://host.docker.internal:9000"

🧰 Tools

🪛 GitHub Actions: CI

[warning] 37-37: Flake8: W292 no newline at end of file

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4bb90ef and a4dfcc2.

📒 Files selected for processing (2)

• .github/workflows/ci.yml (1 hunks)
• tests/tests.py (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/ci.yml

🧰 Additional context used

📓 Path-based instructions (1)

`**/*.py`: Do not try to improve formatting. Do not suggest type annotations for functions that are defined inside of functions or methods. Do not suggest type annotation of the `s...

**/*.py: Do not try to improve formatting.
Do not suggest type annotations for functions that are defined inside of functions or methods.
Do not suggest type annotation of the self argument of methods.
Do not suggest type annotation of the cls argument of classmethods.
Do not suggest return type annotation if a function or method does not contain a return statement.

• tests/tests.py

🪛 GitHub Actions: CI

tests/tests.py

[warning] 37-37: Flake8: W292 no newline at end of file