@kumori/aurora-backend-handler 1.0.87 → 1.0.89

package/helpers/account-helper.ts

@@ -1,5 +1,28 @@
 import { Account, Notification } from "@kumori/aurora-interfaces";
+const CREDENTIAL_ERROR_CODES = new Set([
+  "_error_retrieving_credentials_",
+  "_invalid_account_credentials_",
+  "_unsupported_region_",
+]);
 
+/**
+ * All statuses that mean the account has reached a final error state.
+ * Pollers and status-strategy consumers should treat these as terminal.
+ */
+export const ACCOUNT_ERROR_STATUSES = new Set([
+  "error",
+  "invalid_credentials",
+  "failed",
+]);
+
+/**
+ * Map a raw backend error code to the normalized account status
+ * we write to accountsMap / the Account object.
+ */
+export const resolveErrorStatus = (
+  code: string,
+): "invalid_credentials" | "error" =>
+  CREDENTIAL_ERROR_CODES.has(code) ? "invalid_credentials" : "error";
 
 interface HandleAccountEventParams {
   entityId: string;
@@ -39,10 +62,10 @@ interface HandleAccountOperationErrorResult {
   eventType: "creationError" | "updateError" | "deletionError";
 }
 /**
- * Extract cloud provider credentials from event data
+ * Extract cloud provider credentials from event data.
  */
 const extractCloudProviderCredentials = (
-  eventData: any
+  eventData: any,
 ): { providerType: string; credentials: any } => {
   let providerType = "";
   let credentials = {};
@@ -52,18 +75,24 @@ const extractCloudProviderCredentials = (
     credentials = {
       region: eventData.spec.credentials.openstack?.region_name || "",
       interface: eventData.spec.credentials.openstack?.interface || "",
-      apiVersion: eventData.spec.credentials.openstack?.identity_api_version || "",
+      apiVersion:
+        eventData.spec.credentials.openstack?.identity_api_version || "",
       authType: eventData.spec.credentials.openstack?.auth_type || "",
       authUrl: eventData.spec.credentials.openstack?.auth?.auth_url || "",
-      credentialId: eventData.spec.credentials.openstack?.auth?.application_credential_id || "",
-      credentialSecret: eventData.spec.credentials.openstack?.auth?.application_credential_secret || "",
+      credentialId:
+        eventData.spec.credentials.openstack?.auth?.application_credential_id ||
+        "",
+      credentialSecret:
+        eventData.spec.credentials.openstack?.auth
+          ?.application_credential_secret || "",
     };
   } else if (eventData.spec.credentials.aws) {
     providerType = "aws";
     credentials = {
       region: eventData.spec.credentials.aws?.region || "",
       credentialId: eventData.spec.credentials.aws?.aws_access_key_id || "",
-      credentialSecret: eventData.spec.credentials.aws?.aws_secret_access_key || "",
+      credentialSecret:
+        eventData.spec.credentials.aws?.aws_secret_access_key || "",
     };
   } else if (eventData.spec.credentials.azure) {
     providerType = "azure";
@@ -87,28 +116,72 @@ const extractCloudProviderCredentials = (
 };
 
 /**
- * Determine account status from event data
+ * Determine the canonical account status from a WebSocket event.
+ *
+ * Priority order:
+ *   1. Soft-deleted accounts → 'deleting'
+ *   2. validCredentials status reported by the backend (covers both
+ *      success and the async credential-validation path)
+ *   3. Keep the existing status so we never regress a terminal state
+ *      (e.g. don't overwrite 'invalid_credentials' with 'pending')
+ *   4. Default to 'pending' for brand-new accounts
  */
 const determineAccountStatus = (
   eventData: any,
-  existingAccount: Account | undefined
+  existingAccount: Account | undefined,
 ): string => {
   if (eventData.meta?.deleted) {
     return "deleting";
   }
-  if (eventData.status.validCredentials?.status) {
-    return eventData.status.validCredentials.status;
+  const rawStatus: string | undefined =
+    eventData.status?.validCredentials?.status;
+  if (rawStatus) {
+    if (CREDENTIAL_ERROR_CODES.has(rawStatus)) {
+      return "invalid_credentials";
+    }
+    return rawStatus;
   }
-  if (existingAccount?.status) {
+  if (existingAccount?.status && existingAccount.status !== "pending") {
     return existingAccount.status;
   }
   return "pending";
 };
 
+/**
+ * Translates account error notifications → account.status on accountsMap
+ * so that waitForAccountStatus only needs to poll account.status, not notifications.
+ *
+ * Called from the websocket-manager's `user` event case immediately after
+ * handleUserEvent so the status is always written in the same event-loop tick.
+ */
+export const syncAccountStatusFromNotifications = (
+  notifications: any[] = [],
+  accountsMap: Map<string, Account>,
+): void => {
+  for (const notification of notifications) {
+    if (notification.type !== "error") continue;
+    if (
+      notification.subtype !== "account-creation-error" &&
+      notification.subtype !== "account-update-error"
+    )
+      continue;
+
+    const accountName: string = notification.data?.account;
+    if (!accountName) continue;
+
+    const account = accountsMap.get(accountName);
+    if (!account || ACCOUNT_ERROR_STATUSES.has(account.status)) continue;
+
+    const code: string = notification.info_content?.code ?? "";
+    accountsMap.set(accountName, {
+      ...account,
+      status: resolveErrorStatus(code),
+    });
+  }
+};
 
 /**
- * Handles the "account" event from WebSocket messages
- * Processes account data updates and cloud provider credentials
+ * Handles the "account" kind event from WebSocket messages.
  */
 export const handleAccountEvent = ({
   entityId,
@@ -117,11 +190,13 @@ export const handleAccountEvent = ({
   accountsMap,
 }: HandleAccountEventParams): HandleAccountEventResult => {
   const accountTenantId = parentParts.tenant;
-  const { providerType, credentials } = extractCloudProviderCredentials(eventData);
+  const { providerType, credentials } =
+    extractCloudProviderCredentials(eventData);
   const accountLabels: Record<string, string> = eventData.meta.labels;
   const hasCredentials = "__axebow::managedCredentials" in accountLabels;
   const existingAccount = accountsMap.get(entityId);
   const accountStatus = determineAccountStatus(eventData, existingAccount);
+
   const newAccount: Account = {
     id: entityId,
     name: entityId,
@@ -196,9 +271,8 @@ export const handleAccountEvent = ({
   };
 };
 
-
 /**
- * Handles successful account operations (CREATE, UPDATE, DELETE)
+ * Handles successful account operations (CREATE, UPDATE, DELETE).
  */
 export const handleAccountOperationSuccess = ({
   action,
@@ -206,57 +280,37 @@ export const handleAccountOperationSuccess = ({
   originalData,
 }: HandleAccountOperationSuccessParams): HandleAccountOperationSuccessResult => {
   if (action === "DELETE") {
-    const accountNotification: Notification = {
-      type: "success",
-      subtype: "account-deleted",
-      date: Date.now().toString(),
-      status: "unread",
-      callToAction: false,
-      data: {
-        account: originalData.name,
-        tenant: originalData.tenant,
-      },
-    };
-
     return {
       updatedAccount: null,
       shouldDelete: true,
-      notification: accountNotification,
+      notification: {
+        type: "success",
+        subtype: "account-deleted",
+        date: Date.now().toString(),
+        status: "unread",
+        callToAction: false,
+        data: { account: originalData.name, tenant: originalData.tenant },
+      },
       eventType: "deleted",
     };
   }
 
   if (originalData) {
-    const updatedAccount = { ...originalData, status: "active" };
-
-    let subtype: string;
-    let eventType: "created" | "updated" | null = null;
-
-    if (action === "CREATE") {
-      subtype = "account-created";
-      eventType = "created";
-    } else {
-      subtype = "account-updated";
-      eventType = "updated";
-    }
-
-    const accountNotification: Notification = {
-      type: "success",
-      subtype,
-      date: Date.now().toString(),
-      status: "unread",
-      callToAction: false,
-      data: {
-        account: updatedAccount.name,
-        tenant: updatedAccount.tenant,
-      },
-    };
+    const updatedAccount: Account = { ...originalData, status: "active" };
+    const isCreate = action === "CREATE";
 
     return {
       updatedAccount,
       shouldDelete: false,
-      notification: accountNotification,
-      eventType,
+      notification: {
+        type: "success",
+        subtype: isCreate ? "account-created" : "account-updated",
+        date: Date.now().toString(),
+        status: "unread",
+        callToAction: false,
+        data: { account: updatedAccount.name, tenant: updatedAccount.tenant },
+      },
+      eventType: isCreate ? "created" : "updated",
     };
   }
 
@@ -275,9 +329,12 @@ export const handleAccountOperationSuccess = ({
   };
 };
 
-
 /**
- * Handles failed account operations (CREATE, UPDATE, DELETE)
+ * Handles failed account operations (CREATE, UPDATE, DELETE).
+ *
+ * For CREATE failures the account is removed from the map (shouldDelete = true).
+ * For UPDATE failures the existing account is kept but stamped with the
+ * resolved error status so waitForAccountStatus can terminate cleanly.
  */
 export const handleAccountOperationError = ({
   action,
@@ -285,52 +342,52 @@ export const handleAccountOperationError = ({
   originalData,
   error,
 }: HandleAccountOperationErrorParams): HandleAccountOperationErrorResult => {
-  let subtype: string;
-  let eventType: "creationError" | "updateError" | "deletionError";
-  let shouldDelete = false;
+  const isCreate = action === "CREATE";
+  const isUpdate = action === "UPDATE";
 
-  if (action === "CREATE") {
-    subtype = "account-creation-error";
-    eventType = "creationError";
-    shouldDelete = true;
-  } else if (action === "UPDATE") {
-    subtype = "account-update-error";
-    eventType = "updateError";
-  } else {
-    subtype = "account-deletion-error";
-    eventType = "deletionError";
-  }
+  const subtype = isCreate
+    ? "account-creation-error"
+    : isUpdate
+      ? "account-update-error"
+      : "account-deletion-error";
+
+  const eventType: "creationError" | "updateError" | "deletionError" = isCreate
+    ? "creationError"
+    : isUpdate
+      ? "updateError"
+      : "deletionError";
+  const errorCode: string = error?.error?.code ?? error?.code ?? "";
+  const errorStatus = resolveErrorStatus(errorCode);
 
-  const accountErrorNotification: Notification = {
+  const notification: Notification = {
     type: "error",
     subtype,
     date: Date.now().toString(),
     status: "unread",
     info_content: {
-      code: error?.error?.code || "UNKNOWN_ERROR",
-      message: error?.error?.content || error?.error?.message || "Unknown error",
-      timestamp: error?.error?.timestamp || Date.now().toString(),
+      code: errorCode || "UNKNOWN_ERROR",
+      message:
+        error?.error?.content ?? error?.error?.message ?? "Unknown error",
+      timestamp: error?.error?.timestamp ?? Date.now().toString(),
     },
     callToAction: false,
     data: {
-      account: entityName || originalData?.name || originalData?.account || "unknown",
-      tenant: originalData?.tenant || "unknown",
+      account:
+        entityName || originalData?.name || originalData?.account || "unknown",
+      tenant: originalData?.tenant ?? "unknown",
     },
   };
-
-  let updatedAccount: Account | null = null;
-
-  if (!shouldDelete && originalData) {
-    updatedAccount = {
-      ...originalData,
-      status: "error",
+  if (isCreate) {
+    return {
+      updatedAccount: null,
+      shouldDelete: true,
+      notification,
+      eventType,
     };
   }
+  const updatedAccount: Account | null = originalData
+    ? { ...originalData, status: errorStatus }
+    : null;
 
-  return {
-    updatedAccount,
-    shouldDelete,
-    notification: accountErrorNotification,
-    eventType,
-  };
-};
+  return { updatedAccount, shouldDelete: false, notification, eventType };
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kumori/aurora-backend-handler",
-  "version": "1.0.87",
+  "version": "1.0.89",
   "description": "backend handler",
   "main": "backend-handler.ts",
   "scripts": {

package/websocket-manager.ts

@@ -53,6 +53,7 @@ import {
   handleAccountEvent,
   handleAccountOperationError,
   handleAccountOperationSuccess,
+  syncAccountStatusFromNotifications,
 } from "./helpers/account-helper";
 import {
   handleCAEvent,
@@ -191,7 +192,6 @@ const REPORTING_ITERATIONS = 5;
 const REPORTING_INTERVAL = 1000;
 let hasLoadedReportingOnce = false;
 let recentlyUpdatedServices = new Map<string, Service>();
-
 /**
  * Helper function to safely stringify error objects
  */
@@ -644,6 +644,7 @@ const handleEvent = async (message: WSMessage) => {
         userEventResult.deletedTenantKeys.forEach((key) => {
           tenantsMap.delete(key);
         });
+        syncAccountStatusFromNotifications(userData.notifications, accountsMap);
         break;
       case "environment":
         const envEventResult = handleEnvironmentEvent({
@@ -1453,6 +1454,7 @@ const handleOperationError = (operation: PendingOperation, error: any) => {
       } else if (accErrorResult.updatedAccount) {
         accountsMap.set(entityName, accErrorResult.updatedAccount);
       }
+
       if (accErrorResult.eventType === "creationError") {
         eventHelper.account.publish.creationError(originalData);
       } else if (accErrorResult.eventType === "updateError") {
@@ -1480,6 +1482,10 @@ const handleOperationError = (operation: PendingOperation, error: any) => {
       environmentsMap.set(entityName, envErrorResult.updatedEnvironment);
       break;
   }
+  setTimeout(async () => {
+    rebuildHierarchy();
+    await updateUserWithPlatformInfo();
+  }, 100);
 };
 const handleDeleteEvent = async (message: WSMessage) => {
   const keyParts = parseKeyPath(message.payload.key);