Skip to content

GCP error handling should treat SERVICE_DISABLED responses as expected for optional APIs #2339

New issue
New issue
Open
#2340
Open
GCP error handling should treat SERVICE_DISABLED responses as expected for optional APIs#2339
#2340
Labels
bugSomething isn't working
@drwicid

Description

@drwicid
drwicid
opened on Mar 10, 2026

Description

Summary

Some optional GCP APIs return PERMISSION_DENIED responses with SERVICE_DISABLED details when the service has not been enabled in a project. The current error handling logic only checks the traditional error.errors payload and misses newer error.details entries, so expected disabled-service responses are recorded as failures.

The fix is to recognize SERVICE_DISABLED from the structured error details payload and apply the shared expected-error set in Filestore snapshot collection.

Impact

  • Optional services can generate noisy collector errors instead of being treated as expected absence.
  • Filestore snapshot collection reports avoidable regional failures when the API is disabled.
  • Error handling is inconsistent across older and newer Google API error payload formats.

Affected Files And Changes

  • plugins/gcp/fix_plugin_gcp/resources/base.py
    • Add PERMISSION_DENIED:googleapis.com:SERVICE_DISABLED to the expected error set.
    • Read additional structured reasons from error.details when parsing HTTP error payloads.
  • plugins/gcp/fix_plugin_gcp/resources/filestore.py
    • Pass the shared expected GCP error set into Filestore snapshot collection.
  • plugins/gcp/test/test_base.py
    • Add coverage proving the base error handler suppresses a SERVICE_DISABLED response.
  • plugins/gcp/test/test_filestore.py
    • Add a Filestore-specific regression test verifying disabled services do not populate regional errors.

Expected Behavior

  • Disabled optional GCP APIs should be handled as expected when the reason is SERVICE_DISABLED.
  • Structured error.details payloads should be parsed alongside legacy error.errors payloads.
  • Filestore snapshot collection should not emit regional errors when the API is simply disabled.

Version

v4.3.0

Environment

Docker

Steps to Reproduce

  1. Run a collection against a GCP project with filestore service disabled
  2. Observe PermissionDenied exception

Logs



Additional Context


No response
Metadata
Metadata
Assignees
No one assigned
    Labels
    bugSomething isn't working
    Type
    No type
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions