ssh: actionable error when binary upload is reset by network proxy#5204
Open
ssh: actionable error when binary upload is reset by network proxy#5204
Conversation
When `databricks ssh connect` uploads the CLI binary to the workspace, a network intermediary (corporate egress proxy, VPN, firewall/WAF) may close the HTTP/2 stream mid-upload, surfacing as a cryptic `stream error: stream ID N; NO_ERROR; received from peer`. Detect this transport-level reset and wrap the error with a hint that the connection was closed by an intermediary and the user should try from a network without such restrictions. Co-authored-by: Isaac
Waiting for approvalBased on git history, these people are best suited to review:
Eligible reviewers: Suggestions based on git history. See OWNERS for ownership rules. |
The typed http2.StreamError check promoted golang.org/x/net to a direct dependency, failing the lint check that go.mod is unchanged. Rely on string match alone — http2.StreamError.Error() formats as "stream error: stream ID N; ..." which the existing string match catches. Co-authored-by: Isaac
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
databricks ssh connectuploads the CLI binary to the workspace, a network intermediary (corporate egress proxy, VPN, firewall/WAF) can close the HTTP/2 stream mid-upload. The Go HTTP/2 client surfaces this as a crypticstream error: stream ID N; NO_ERROR; received from peer, which is hard for end users to interpret.http2.StreamErrorand the wrapped string form) and wraps the error with a clear, actionable message pointing at network-side restrictions.Reported by a customer on
*.cloud.databricks.comwhose 50 MB CLI binary upload was reset within ~2 s — every step before the upload (cluster check, secrets, GitHub download) succeeded; only the final POST to/api/2.0/workspace-files/import-file/...failed with the stream reset.New error message
Test plan
go test ./experimental/ssh/internal/client/ -run TestIsStreamResetError -v— table-driven cases cover typedhttp2.StreamError, wrapped variant, raw string match, and unrelated errorsgo test ./experimental/ssh/internal/client/ -count=1— full client package greengo build ./experimental/ssh/...— cleanbin/databricks ssh connect --cluster <id>against a working workspace still succeeds (no spurious detection on the success path)This pull request and its description were written by Isaac.