Added Permissions verbose & testing

vzucher · vzucher · commit 657edc0753e9 · 2025-11-21T16:46:06.000+01:00
diff --git a/src/brightdata/core/zone_manager.py b/src/brightdata/core/zone_manager.py
@@ -42,7 +42,8 @@ async def ensure_required_zones(
         self,
         web_unlocker_zone: str,
         serp_zone: Optional[str] = None,
-        browser_zone: Optional[str] = None
+        browser_zone: Optional[str] = None,
+        skip_verification: bool = False
     ) -> None:
         """
         Check if required zones exist and create them if they don't.
@@ -90,13 +91,42 @@ async def ensure_required_zones(
             # Create zones
             for zone_name, zone_type in zones_to_create:
                 logger.info(f"Creating zone: {zone_name} (type: {zone_type})")
-                await self._create_zone(zone_name, zone_type)
-                logger.info(f"Successfully created zone: {zone_name}")
-
-            # Verify zones were created
-            await self._verify_zones_created([zone[0] for zone in zones_to_create])
+                try:
+                    await self._create_zone(zone_name, zone_type)
+                    logger.info(f"Successfully created zone: {zone_name}")
+                except AuthenticationError as e:
+                    # Re-raise with clear message - this is a permission issue
+                    logger.error(f"Failed to create zone '{zone_name}' due to insufficient permissions")
+                    raise
+                except ZoneError as e:
+                    # Log and re-raise zone errors
+                    logger.error(f"Failed to create zone '{zone_name}': {e}")
+                    raise
 
-        except (ZoneError, AuthenticationError, APIError):
+            # Verify zones were created (unless skipped)
+            if not skip_verification:
+                try:
+                    await self._verify_zones_created([zone[0] for zone in zones_to_create])
+                except ZoneError as e:
+                    # Log verification failure but don't fail the entire operation
+                    logger.warning(
+                        f"Zone verification failed: {e}. "
+                        f"Zones may have been created but aren't yet visible in the API. "
+                        f"Check your dashboard at https://brightdata.com/cp/zones"
+                    )
+                    # Don't re-raise - zones were likely created successfully
+            else:
+                logger.info("Skipping zone verification (skip_verification=True)")
+
+        except AuthenticationError as e:
+            # Permission errors are critical - show clear message
+            logger.error(
+                "\n❌ ZONE CREATION BLOCKED: API token lacks required permissions\n"
+                f"   Error: {e}\n"
+                "   Fix: Update your token permissions at https://brightdata.com/cp/setting/users"
+            )
+            raise
+        except (ZoneError, APIError):
             raise
         except Exception as e:
             logger.error(f"Unexpected error while ensuring zones exist: {e}")
@@ -204,11 +234,36 @@ async def _create_zone(self, zone_name: str, zone_type: str) -> None:
                             logger.info(f"Zone {zone_name} already exists - this is expected")
                             return
 
-                        # Handle authentication errors
+                        # Handle authentication/permission errors
                         if response.status in (HTTP_UNAUTHORIZED, HTTP_FORBIDDEN):
-                            raise AuthenticationError(
-                                f"Authentication failed ({response.status}) creating zone '{zone_name}': {error_text}"
-                            )
+                            # Check for specific permission error
+                            if "permission" in error_text.lower() or "lacks the required" in error_text.lower():
+                                error_msg = (
+                                    f"\n{'='*70}\n"
+                                    f"❌ PERMISSION ERROR: Cannot create zone '{zone_name}'\n"
+                                    f"{'='*70}\n"
+                                    f"Your API key lacks the required permissions for zone creation.\n\n"
+                                    f"To fix this:\n"
+                                    f"  1. Go to: https://brightdata.com/cp/setting/users\n"
+                                    f"  2. Find your API token\n"
+                                    f"  3. Enable 'Zone Management' or 'Create Zones' permission\n"
+                                    f"  4. Save changes and try again\n\n"
+                                    f"API Response: {error_text}\n"
+                                    f"{'='*70}\n"
+                                )
+                                logger.error(error_msg)
+                                raise AuthenticationError(
+                                    f"API key lacks permission to create zones. "
+                                    f"Update permissions at https://brightdata.com/cp/setting/users"
+                                )
+                            else:
+                                # Generic auth error
+                                logger.error(
+                                    f"Authentication failed ({response.status}) creating zone '{zone_name}': {error_text}"
+                                )
+                                raise AuthenticationError(
+                                    f"Authentication failed ({response.status}) creating zone '{zone_name}': {error_text}"
+                                )
 
                         # Handle bad request
                         if response.status == HTTP_BAD_REQUEST:
@@ -245,41 +300,55 @@ async def _verify_zones_created(self, zone_names: List[str]) -> None:
         """
         Verify that zones were successfully created by checking the zones list.
 
+        Note: Zones may take several seconds to appear in the API after creation.
+        This method retries multiple times with exponential backoff.
+
         Args:
             zone_names: List of zone names to verify
 
         Raises:
-            ZoneError: If zone verification fails
+            ZoneError: If zone verification fails after all retries
         """
-        max_attempts = 3
-        retry_delay = 1.0
+        max_attempts = 5  # Increased from 3 to handle slower propagation
+        base_delay = 2.0  # Increased from 1.0 for better reliability
 
         for attempt in range(max_attempts):
             try:
-                logger.info(f"Verifying zone creation (attempt {attempt + 1}/{max_attempts})")
-                await asyncio.sleep(retry_delay)
+                # Calculate delay with exponential backoff
+                wait_time = base_delay * (1.5 ** attempt) if attempt > 0 else base_delay
+                logger.info(f"Verifying zone creation (attempt {attempt + 1}/{max_attempts}) after {wait_time:.1f}s...")
+                await asyncio.sleep(wait_time)
 
                 zones = await self._get_zones()
                 existing_zone_names = {zone.get('name') for zone in zones}
 
                 missing_zones = [name for name in zone_names if name not in existing_zone_names]
 
                 if not missing_zones:
-                    logger.info("All zones verified successfully")
+                    logger.info(f"All {len(zone_names)} zone(s) verified successfully")
                     return
 
                 if attempt == max_attempts - 1:
-                    raise ZoneError(
-                        f"Zone verification failed: zones {missing_zones} not found after creation"
+                    # Final attempt failed - provide helpful error message
+                    error_msg = (
+                        f"Zone verification failed after {max_attempts} attempts: "
+                        f"zones {missing_zones} not found after creation. "
+                        f"The zones may have been created but are not yet visible in the API. "
+                        f"Please check your dashboard at https://brightdata.com/cp/zones"
                     )
+                    logger.error(error_msg)
+                    raise ZoneError(error_msg)
 
-                logger.warning(f"Zones not yet visible: {missing_zones}. Retrying verification...")
+                logger.warning(
+                    f"Zones not yet visible: {missing_zones}. "
+                    f"Retrying in {base_delay * (1.5 ** attempt):.1f}s..."
+                )
 
             except ZoneError:
                 if attempt == max_attempts - 1:
                     raise
                 logger.warning(f"Zone verification attempt {attempt + 1} failed, retrying...")
-                await asyncio.sleep(retry_delay * (2 ** attempt))
+                await asyncio.sleep(base_delay * (1.5 ** attempt))
 
     async def list_zones(self) -> List[Dict[str, Any]]:
         """
diff --git a/tests/enes/zones/permission.py b/tests/enes/zones/permission.py
@@ -0,0 +1,121 @@
+#!/usr/bin/env python3
+"""
+Test to demonstrate improved permission error handling.
+
+This test shows how the SDK now provides clear, helpful error messages
+when API tokens lack zone creation permissions.
+"""
+
+import os
+import sys
+import asyncio
+from pathlib import Path
+
+sys.path.insert(0, str(Path(__file__).parent.parent.parent.parent / "src"))
+
+from brightdata import BrightDataClient
+from brightdata.exceptions import AuthenticationError
+
+
+async def test_permission_error_handling():
+    """Test that permission errors are caught and displayed clearly."""
+    
+    print("\n" + "="*70)
+    print("🧪 TESTING PERMISSION ERROR HANDLING")
+    print("="*70)
+    
+    print("""
+This test demonstrates the improved error handling when your API token
+lacks zone creation permissions.
+
+Expected behavior:
+  ✅ Clear error message explaining the issue
+  ✅ Direct link to fix the problem
+  ✅ No silent failures
+  ✅ Helpful instructions for users
+    """)
+    
+    if not os.environ.get("BRIGHTDATA_API_TOKEN"):
+        print("\n❌ ERROR: No API token found")
+        return False
+    
+    client = BrightDataClient(
+        auto_create_zones=True,
+        web_unlocker_zone="test_permission_zone",
+        validate_token=False
+    )
+    
+    print("🔧 Attempting to create a zone with auto_create_zones=True...")
+    print("-" * 70)
+    
+    try:
+        async with client:
+            # This will trigger zone creation
+            print("\n⏳ Initializing client (will attempt zone creation)...")
+            print("   If your token lacks permissions, you'll see a clear error message.\n")
+            
+            # If we get here, zones were created successfully or already exist
+            zones = await client.list_zones()
+            print(f"✅ SUCCESS: Client initialized, {len(zones)} zones available")
+            
+            # Check if our test zone exists
+            zone_names = {z.get('name') for z in zones}
+            if "test_permission_zone" in zone_names:
+                print("   ✓ Test zone was created successfully")
+                print("   ✓ Your API token HAS zone creation permissions")
+            else:
+                print("   ℹ️  Test zone not created (may already exist with different name)")
+            
+            return True
+            
+    except AuthenticationError as e:
+        print("\n" + "="*70)
+        print("✅ PERMISSION ERROR CAUGHT (Expected if you lack permissions)")
+        print("="*70)
+        print(f"\nError Message:\n{e}")
+        print("\n" + "="*70)
+        print("📝 This is the IMPROVED error handling!")
+        print("="*70)
+        print("""
+Before: Error was unclear and could fail silently
+After:  Clear message with actionable steps to fix the issue
+
+The error message should have told you:
+  1. ❌ What went wrong (permission denied)
+  2. 🔗 Where to fix it (https://brightdata.com/cp/setting/users)
+  3. 📋 What to do (enable zone creation permission)
+        """)
+        return True  # This is expected behavior
+        
+    except Exception as e:
+        print(f"\n❌ UNEXPECTED ERROR: {e}")
+        import traceback
+        traceback.print_exc()
+        return False
+
+
+if __name__ == "__main__":
+    try:
+        success = asyncio.run(test_permission_error_handling())
+        
+        print("\n" + "="*70)
+        if success:
+            print("✅ TEST PASSED")
+            print("="*70)
+            print("""
+Summary:
+  • Permission errors are now caught and displayed clearly
+  • Users get actionable instructions to fix the problem
+  • No more silent failures
+  • SDK provides helpful guidance
+            """)
+        else:
+            print("❌ TEST FAILED")
+        print("="*70)
+        
+        sys.exit(0 if success else 1)
+        
+    except KeyboardInterrupt:
+        print("\n⚠️  Test interrupted")
+        sys.exit(2)
+
