yoshidan · stepancheg · Feb 5, 2025
diff --git a/foundation/auth/src/error.rs b/foundation/auth/src/error.rs
@@ -17,8 +17,8 @@ pub enum Error {
     #[error("jwt error: {0}")]
     JwtError(#[from] jsonwebtoken::errors::Error),
 
-    #[error("http error: {0}")]
-    HttpError(#[from] reqwest::Error),
+    #[error("http error on {0}: {1}")]
+    HttpError(String, reqwest::Error),
 
     #[error("GOOGLE_APPLICATION_CREDENTIALS or default credentials is required: {0}")]
     CredentialsIOError(#[from] std::io::Error),

diff --git a/foundation/auth/src/token_source/authorized_user_token_source.rs b/foundation/auth/src/token_source/authorized_user_token_source.rs
@@ -63,9 +63,11 @@ impl TokenSource for UserAccountTokenSource {
             .post(self.token_url.to_string())
             .json(&data)
             .send()
-            .await?
+            .await
+            .map_err(|e| Error::HttpError(self.token_url.clone(), e))?
             .json::<InternalToken>()
-            .await?;
+            .await
+            .map_err(|e| Error::HttpError(self.token_url.clone(), e))?;
 
         return Ok(it.to_token(time::OffsetDateTime::now_utc()));
     }

diff --git a/foundation/auth/src/token_source/compute_identity_source.rs b/foundation/auth/src/token_source/compute_identity_source.rs
@@ -71,9 +71,11 @@ impl TokenSource for ComputeIdentitySource {
             .get(self.token_url.to_string())
             .header(METADATA_FLAVOR_KEY, METADATA_GOOGLE)
             .send()
-            .await?
+            .await
+            .map_err(|e| Error::HttpError(self.token_url.clone(), e))?
             .text()
-            .await?;
+            .await
+            .map_err(|e| Error::HttpError(self.token_url.clone(), e))?;
 
         let exp = jsonwebtoken::decode::<ExpClaim>(&jwt, &self.decoding_key, &self.validation)?
             .claims

diff --git a/foundation/auth/src/token_source/compute_token_source.rs b/foundation/auth/src/token_source/compute_token_source.rs
@@ -41,9 +41,11 @@ impl TokenSource for ComputeTokenSource {
             .get(self.token_url.to_string())
             .header(METADATA_FLAVOR_KEY, METADATA_GOOGLE)
             .send()
-            .await?
+            .await
+            .map_err(|e| Error::HttpError(self.token_url.clone(), e))?
             .json::<InternalToken>()
-            .await?;
+            .await
+            .map_err(|e| Error::HttpError(self.token_url.clone(), e))?;
         return Ok(it.to_token(time::OffsetDateTime::now_utc()));
     }
 }
diff --git a/foundation/auth/src/token_source/impersonate_token_source.rs b/foundation/auth/src/token_source/impersonate_token_source.rs
@@ -55,12 +55,22 @@ impl TokenSource for ImpersonateTokenSource {
                 format!("{} {}", auth_token.token_type, auth_token.access_token),
             )
             .send()
-            .await?;
+            .await
+            .map_err(|e| Error::HttpError(self.url.clone(), e))?;
         let response = if !response.status().is_success() {
             let status = response.status().as_u16();
-            return Err(Error::UnexpectedImpersonateTokenResponse(status, response.text().await?));
+            return Err(Error::UnexpectedImpersonateTokenResponse(
+                status,
+                response
+                    .text()
+                    .await
+                    .map_err(|e| Error::HttpError(self.url.clone(), e))?,
+            ));
         } else {
-            response.json::<ImpersonateTokenResponse>().await?
+            response
+                .json::<ImpersonateTokenResponse>()
+                .await
+                .map_err(|e| Error::HttpError(self.url.clone(), e))?
         };
 
         let expiry = time::OffsetDateTime::parse(&response.expire_time, &Rfc3339)?;

diff --git a/foundation/auth/src/token_source/service_account_token_source.rs b/foundation/auth/src/token_source/service_account_token_source.rs
@@ -171,7 +171,7 @@ impl OAuth2ServiceAccountTokenSource {
     }
 
     /// Checks whether an HTTP response is successful and returns it, or returns an error.
-    async fn check_response_status(response: Response) -> Result<Response, Error> {
+    async fn check_response_status(token_url: &String, response: Response) -> Result<Response, Error> {
         // Check the status code, returning the response if it is not an error.
         let error = match response.error_for_status_ref() {
             Ok(_) => return Ok(response),
@@ -188,7 +188,7 @@ impl OAuth2ServiceAccountTokenSource {
                 error: response.error,
                 error_description: response.error_description,
             })
-            .unwrap_or(Error::HttpError(error)))
+            .unwrap_or(Error::HttpError(token_url.to_owned(), error)))
     }
 }
 
@@ -222,19 +222,33 @@ impl TokenSource for OAuth2ServiceAccountTokenSource {
                     .ok_or(Error::NoTargetAudienceFound)?
                     .as_str()
                     .ok_or(Error::NoTargetAudienceFound)?;
-                let response = self.client.post(self.token_url.as_str()).form(&form).send().await?;
-                Ok(Self::check_response_status(response)
+                let response = self
+                    .client
+                    .post(self.token_url.as_str())
+                    .form(&form)
+                    .send()
+                    .await
+                    .map_err(|e| Error::HttpError(self.token_url.clone(), e))?;
+                Ok(Self::check_response_status(&self.token_url, response)
                     .await?
                     .json::<InternalIdToken>()
-                    .await?
+                    .await
+                    .map_err(|e| Error::HttpError(self.token_url.clone(), e))?
                     .to_token(audience)?)
             }
             false => {
-                let response = self.client.post(self.token_url.as_str()).form(&form).send().await?;
-                Ok(Self::check_response_status(response)
+                let response = self
+                    .client
+                    .post(self.token_url.as_str())
+                    .form(&form)
+                    .send()
+                    .await
+                    .map_err(|e| Error::HttpError(self.token_url.clone(), e))?;
+                Ok(Self::check_response_status(&self.token_url, response)
                     .await?
                     .json::<InternalToken>()
-                    .await?
+                    .await
+                    .map_err(|e| Error::HttpError(self.token_url.clone(), e))?
                     .to_token(iat))
             }
         }