fix: introduce a typed error for repository plugin not found

[frewilhelm]

We removed the registration of AnyConsumerIdentity for the OCI Credential plugin in #1890. While working on it, we noticed that, now, we error out when no repository plugin is found for a consumer type, e.g. HelmChartRepository, because we do not have a fallback repository anymore.

This PR introduces a typed error to handle this. By returning ErrNoRepositoryPluginFound the caller can decide what to do with it. In our case, we do want to append the error ErrNoIndirectCredentials when resolving the credential indirectly, so the caller can, for example, just log the error and continue.

// TODO(@frewilhelm): Discuss if we want to introduce another API instead, e.g. IsRegistered(typed runtime.Typed)

Currently, we just introduced a typed error. However, we should discuss if we want to add an API, e.g. IsRegistered(typed runtime.Typed) instead to give potential other users the possibility to use the functionality

---

This is a required PR for #1890 because we need to update the credential module to make it work. You can take a look at the PR to see how the error is used in bindings/go/plugin/manager/registries/credentialrepository/graph_integration.go

Summary by CodeRabbit

• New Features

  • Added a distinct error signal to surface a specific "no repository plugin" condition.

• Bug Fixes

  • Improved fallback resolution so missing plugin cases produce clearer, combined error information, yielding more precise and actionable credential-resolution errors for end users.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 76ad5216-7e59-4574-89c2-ee6eda1e3e3a

📥 Commits

Reviewing files that changed from the base of the PR and between d06308b and d996c33.

📒 Files selected for processing (1)

• bindings/go/credentials/plugins.go

🚧 Files skipped from review as they are similar to previous changes (1)

• bindings/go/credentials/plugins.go

---

📝 Walkthrough

Walkthrough

Adds a new exported error variable ErrNoRepositoryPluginFound and updates indirect credential resolution to return ErrNoIndirectCredentials when a fallback repository-plugin lookup fails with that specific error.

Changes

Cohort / File(s)	Summary
Credentials error export bindings/go/credentials/plugins.go	Adds exported error ErrNoRepositoryPluginFound = errors.New("no repository plugin found") and imports errors.
Indirect resolution handling bindings/go/credentials/resolve_indirect.go	After fallback plugin lookup using AnyConsumerIdentityType, detects ErrNoRepositoryPluginFound and returns ErrNoIndirectCredentials joined with the original error for that case; other error paths remain unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

I dug through code with ears alert and round,
Found a missing plugin where errors were found.
I named the gap so future hops will see,
When indirect searches come to me—
A tidy trail for rabbit feet unbound. 🐇✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main change: introducing a typed error for when a repository plugin is not found, which is exactly what the changeset implements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

bindings/go/credentials/plugins.go (1)

53-55: Consider using errors.New for sentinel errors and a more specific message.

For sentinel errors that don't require formatting and are compared using errors.Is(), errors.New is more idiomatic. Additionally, the error message could be more specific to indicate it's a repository plugin.

♻️ Suggested improvement

-// ErrNoRepositoryPluginFound is returned when no repository plugin can be found for a given typed object.
-// TODO(`@frewilhelm`): Discuss if we want to introduce another API instead, e.g. IsRegistered(typed runtime.Typed)
-var ErrNoRepositoryPluginFound = fmt.Errorf("plugin not found")
+// ErrNoRepositoryPluginFound is returned when no repository plugin can be found for a given typed object.
+// TODO(`@frewilhelm`): Discuss if we want to introduce another API instead, e.g. IsRegistered(typed runtime.Typed)
+var ErrNoRepositoryPluginFound = errors.New("no repository plugin found")

This would also allow removing the "fmt" import (line 5) since it's only used for this error declaration.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bindings/go/credentials/plugins.go` around lines 53 - 55, Replace the
sentinel error declaration ErrNoRepositoryPluginFound to use errors.New with a
more specific message (e.g., "repository plugin not found") instead of
fmt.Errorf, update any imports to remove "fmt" and add "errors" if necessary,
and keep the existing variable name so callers using
errors.Is(ErrNoRepositoryPluginFound, ...) continue to work.

bindings/go/credentials/resolve_indirect.go (1)

37-39: Consider including the original error for consistency.

When anyErr is ErrNoRepositoryPluginFound, only anyErr is joined with ErrNoIndirectCredentials, but the original err from line 26 is discarded. For other error cases (line 41), both errors are joined. Consider whether the original error should also be included for debugging/traceability:

return nil, errors.Join(err, anyErr, ErrNoIndirectCredentials)

If this is intentional (e.g., to provide a cleaner error when both calls fail with the same "not found" reason), the current approach is fine—just wanted to flag the inconsistency.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bindings/go/credentials/resolve_indirect.go` around lines 37 - 39, The branch
that handles errors.Is(anyErr, ErrNoRepositoryPluginFound) currently returns
errors.Join(anyErr, ErrNoIndirectCredentials) and drops the original err; update
that return to include the original err as well (i.e., return errors.Join(err,
anyErr, ErrNoIndirectCredentials)) so the stack/traceability is consistent with
the other branch that joins both err and anyErr; locate the conditional using
anyErr, ErrNoRepositoryPluginFound, ErrNoIndirectCredentials in
resolve_indirect.go and modify the return accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@bindings/go/credentials/plugins.go`:
- Around line 53-55: Replace the sentinel error declaration
ErrNoRepositoryPluginFound to use errors.New with a more specific message (e.g.,
"repository plugin not found") instead of fmt.Errorf, update any imports to
remove "fmt" and add "errors" if necessary, and keep the existing variable name
so callers using errors.Is(ErrNoRepositoryPluginFound, ...) continue to work.

In `@bindings/go/credentials/resolve_indirect.go`:
- Around line 37-39: The branch that handles errors.Is(anyErr,
ErrNoRepositoryPluginFound) currently returns errors.Join(anyErr,
ErrNoIndirectCredentials) and drops the original err; update that return to
include the original err as well (i.e., return errors.Join(err, anyErr,
ErrNoIndirectCredentials)) so the stack/traceability is consistent with the
other branch that joins both err and anyErr; locate the conditional using
anyErr, ErrNoRepositoryPluginFound, ErrNoIndirectCredentials in
resolve_indirect.go and modify the return accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b540cfcf-1a14-46b4-a8a7-df9179a5fc8b

📥 Commits

Reviewing files that changed from the base of the PR and between 42fe62e and 4c96a8f.

📒 Files selected for processing (2)

• bindings/go/credentials/plugins.go
• bindings/go/credentials/resolve_indirect.go