errors: Support contextual error handling strategies (#1246)

Currently `app_core::errors` handles synthesis of all error responses.
This means that this module needs to know about all possible error
types. To work around this, we wrap some errors with a special
`HttpError` type so this module can create a synthetic response.
Furthermore, this means that we can't handle errors differently in
inbound/outbound contexts.

This change modies the `error::respond` module with a new strategy
trait--`HttpRescue`--that is responsible for producing a
`SyntheticHttpResponse` if the error can be handled and returning an
error if it should not be handled gracefully.

This change enables us to perform narrower error handling in more places
in the stack--for example, so that some error responses are included in
response metrics.

This change modifies HTTP/1 error responses to include a `connection:
close` header when the server-side connection is being torn down.

Author: olix0r

linkerd/app/admin/src/stack.rs

@@ -81,10 +81,12 @@ impl Config {
         let admin = crate::server::Admin::new(report, ready, shutdown, trace);
         let admin = svc::stack(move |_| admin.clone())
             .push(metrics.proxy.http_endpoint.to_layer::<classify::Response, _, Http>())
-            .push(metrics.http_errors.to_layer())
             .push_on_service(
                 svc::layers()
-                    .push(errors::respond::layer())
+                    .push(errors::NewRespond::layer(|error: Error| -> Result<_> {
+                        tracing::warn!(%error, "Unexpected error");
+                        Ok(errors::SyntheticHttpResponse::unexpected_error())
+                    }))
                     .push(http::BoxResponse::layer()),
             )
             .push(http::NewServeHttp::layer(Default::default(), drain.clone()))

linkerd/app/core/src/errors/mod.rs

@@ -1,44 +1,20 @@
 pub mod respond;
 
-use linkerd_error::Error;
+pub use self::respond::{HttpRescue, NewRespond, SyntheticHttpResponse};
+pub use linkerd_proxy_http::h2::H2Error;
 pub use linkerd_timeout::{FailFastError, ResponseTimeout};
 use thiserror::Error;
 
 #[derive(Debug, Error)]
 #[error("connect timed out after {0:?}")]
-pub(crate) struct ConnectTimeout(pub std::time::Duration);
+pub struct ConnectTimeout(pub(crate) std::time::Duration);
 
-#[derive(Debug, Error)]
-#[error("{source}")]
-pub struct HttpError {
-    #[source]
-    source: Error,
-    http_status: http::StatusCode,
-    grpc_status: tonic::Code,
-}
-
-impl HttpError {
-    pub fn bad_request(source: impl Into<Error>) -> Self {
-        Self {
-            source: source.into(),
-            http_status: http::StatusCode::BAD_REQUEST,
-            grpc_status: tonic::Code::InvalidArgument,
-        }
-    }
-
-    pub fn forbidden(source: impl Into<Error>) -> Self {
-        Self {
-            source: source.into(),
-            http_status: http::StatusCode::FORBIDDEN,
-            grpc_status: tonic::Code::PermissionDenied,
-        }
-    }
-
-    pub fn loop_detected(source: impl Into<Error>) -> Self {
-        Self {
-            source: source.into(),
-            http_status: http::StatusCode::LOOP_DETECTED,
-            grpc_status: tonic::Code::Aborted,
-        }
+/// Obtain the source error at the end of a chain of `Error`s.
+pub fn root_cause<'e>(
+    mut error: &'e (dyn std::error::Error + 'static),
+) -> &'e (dyn std::error::Error + 'static) {
+    while let Some(e) = error.source() {
+        error = e;
     }
+    error
 }