feat: enhance 403 error messaging for Docker image push failures#1925
Merged
jeremybeard merged 7 commits intoastronomer:mainfrom Sep 2, 2025
Merged
feat: enhance 403 error messaging for Docker image push failures#1925jeremybeard merged 7 commits intoastronomer:mainfrom
jeremybeard merged 7 commits intoastronomer:mainfrom
Conversation
- Add specific error messaging for 403 Forbidden errors during image push - Provide actionable troubleshooting steps for common causes: * Invalid cached Docker credentials * Incompatible containerd snapshotter configuration - Include link to detailed support documentation - Add comprehensive tests for error detection and messaging - Support error detection in both pushWithClient and pushWithBash flows Resolves common pain point for new users encountering authentication issues during astro deploy operations.
Follow Go error message convention by starting with lowercase letter to address stylecheck linter warning ST1005.
- Move 403 error detection to only trigger after both pushWithClient and pushWithBash methods fail - Remove overly broad 'unauthorized' pattern from 403 detection - Ensure bash fallback is always attempted for failed pushWithClient - Update tests to reflect more specific error detection This fixes a regression where the enhanced 403 error messaging was interfering with the normal Docker push fallback mechanism.
Update test expectation to reflect that 403 error detection now only occurs after both pushWithClient and pushWithBash methods fail, which is the correct behavior.
- Modify pushWithBash to capture stderr output and include it in error - Enhance is403Error to check entire error chain using errors.Unwrap - Remove debug logging for clean production code This ensures that Docker push errors containing '403 Forbidden' are properly captured and detected, allowing enhanced error messaging to display helpful troubleshooting guidance to users.
1829d72 to
49b5b8a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Users encountering 403 Forbidden errors during
astro deployreceive cryptic error messages that provide no actionable guidance. This is particularly common for new users with Docker Desktop's containerd snapshotter enabled, leading to support escalations and poor user experience. Slack ThreadCurrent Error Message:
Solution
Enhanced error handling in the Docker image push flow to detect 403 authentication errors and provide specific, actionable troubleshooting guidance.
New Error Message:
Technical Changes
Core Implementation
is403Error()function that checks entire error chains usingerrors.Unwrap()to detect 403/forbidden patternspushWithBash()to capture and preserve Docker stderr output containing actual error detailsimagePush403ErrMsgconstant with comprehensive troubleshooting guidancepushWithClient()andpushWithBash()methods fail, preserving normal fallback behaviorKey Files Modified
airflow/docker_image.go: Core error handling and detection logicairflow/docker_image_test.go: Comprehensive test coverage for new functionalityTesting
Unit Tests
TestIs403Errorcovering various error patterns and edge casesTestDockerImagePush403Errorvalidating end-to-end error flowEnd-to-End Validation
Tested real-world scenario with Docker Desktop containerd snapshotter:
Test 1 (Containerd ON - Error Case):
astro deployTest 2 (Containerd OFF - Success Case):
astro deployRegression Testing
Impact Assessment
Positive Impact
Risk Mitigation
Reviewer Checklist
Related Issues
Addresses the 403 authentication error issue described in the Astronomer support article: https://support.astronomer.io/hc/en-us/articles/41427905156243-403-errors-on-image-push
This enhancement directly improves the user experience for the containerd snapshotter configuration issue commonly encountered by Docker Desktop users.