HYPERFLEET-1247 - feat: introduce NTF-000 error code for endpoint not found

[rafabene]

Summary

• Adds CodeNotFoundEndpoint (HYPERFLEET-NTF-000) for the catch-all 404 handler (no route matched)
• SendNotFound() now returns NTF-000 instead of NTF-001, allowing consumers to distinguish between a broken/misconfigured URL and a genuine resource not found (force-delete)
• NTF-001 (CodeNotFoundGeneric) remains unchanged for service-layer resource-not-found responses

Test plan

• make lint — 0 issues
• make test — 1265 tests passing
• Companion adapter PR: HYPERFLEET-1247 - fix: distinguish broken URL 404 from resource 404 hyperfleet-adapter#211

Fixes: https://redhat.atlassian.net/browse/HYPERFLEET-1247

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 389b210c-af58-405b-96a7-88e02cfc315a

📥 Commits

Reviewing files that changed from the base of the PR and between 8e6c795 and f296507.

📒 Files selected for processing (4)

• pkg/api/error.go
• pkg/api/error_test.go
• pkg/errors/errors.go
• pkg/errors/errors_test.go

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• openshift-hyperfleet/architecture (manual)
• openshift-hyperfleet/hyperfleet-api (manual)
• openshift-hyperfleet/hyperfleet-sentinel (manual)
• openshift-hyperfleet/hyperfleet-adapter (manual) → reviewed against open PR #211 HYPERFLEET-1247-distinguish-precondition-404-from-force-delete instead of the default branch
• openshift-hyperfleet/hyperfleet-broker (manual)

🚧 Files skipped from review as they are similar to previous changes (4)

• pkg/api/error_test.go
• pkg/errors/errors_test.go
• pkg/api/error.go
• pkg/errors/errors.go

---

📝 Walkthrough

Summary by CodeRabbit

• Bug Fixes
  • Updated 404 “Not Found” responses to use a more specific RFC 9457 problem-details code and updated the “title”/“detail” text to refer to missing endpoints.
• New Features
  • Added a new RFC 9457 error code for “Endpoint Not Found” to improve consistency of 404 error metadata.
• Tests
  • Added/extended tests to verify the 404 problem+json payload (status/title/code/detail) and that the new code resolves correctly.

Walkthrough

Adds CodeNotFoundEndpoint (HYPERFLEET-NTF-000) to the RFC 9457 error catalog and maps it to a 404 Not Found problem definition. SendNotFound now returns that code instead of CodeNotFoundGeneric.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 10 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: introducing NTF-000 for endpoint-not-found 404 handling.
Description check	✅ Passed	The description is aligned with the changeset and correctly explains the new endpoint-not-found code and behavior.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	PASS: No non-test/example log statements in the PR interpolate or field-map token/password/credential/secret; only error-code mapping changed. CWE-532 not present.
No Hardcoded Secrets	✅ Passed	No hardcoded secrets, embedded credentials, or long base64 literals found in the touched files; only non-sensitive error-code strings. CWE-798 not present.
No Weak Cryptography	✅ Passed	No crypto/md5, crypto/des, crypto/rc4, SHA1/ECB, or secret comparisons found in touched files; only RFC9457 error-code/test edits (CWE-327).
No Injection Vectors	✅ Passed	No CWE-89/78/79/502 sinks were added in touched code; changes only add error-code constants and JSON problem-details fields.
No Privileged Containers	✅ Passed	No privileged settings in deployed manifests/templates; the only USER root is a documented build-stage exception before switching back to non-root (CWE-250 not exposed).
No Pii Or Sensitive Data In Logs	✅ Passed	PASS: The PR only changes 404 error codes/messages; no new slog/logr/zap/printf logging was added, and touched logs don't emit bodies, tokens, or obvious PII (CWE-532).

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

✨ Simplify code

• Create PR with simplified code

---

_{Comment @coderabbitai help to get the list of available commands.}

[hyperfleet-ci-bot]

Risk Score: 0 — risk/low

Signal	Detail	Points
PR size	46 lines	+0
Sensitive paths	none	+0
Test coverage	Tests cover changed packages	+0

_{Computed by hyperfleet-risk-scorer}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

pkg/api/error.go (1)

22-30: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Align 404 text fields with CodeNotFoundEndpoint semantics (CWE-436).

Code now indicates endpoint-not-found, but Title/Detail still describe resource-not-found. Keep these fields consistent so clients and operators don’t misclassify route misses.

Suggested patch

-	detail := fmt.Sprintf("The requested resource '%s' doesn't exist", r.URL.Path)
+	detail := fmt.Sprintf("The requested endpoint '%s' does not exist", r.URL.Path)
...
-		Title:     "Resource Not Found",
+		Title:     "Endpoint Not Found",

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/api/error.go` around lines 22 - 30, The 404 ProblemDetails in error
handling are inconsistent with CodeNotFoundEndpoint semantics because the Title
and Detail still describe a generic resource miss. Update the response
construction in the error response path that builds openapi.ProblemDetails so
the Title and Detail consistently describe an endpoint/route not found, matching
the CodeNotFoundEndpoint value and the existing errors.ErrorTypeNotFound. Keep
the same identifiers and structure, just align the text fields with the
endpoint-not-found meaning.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pkg/errors/errors.go`:
- Around line 43-44: The route-level 404 contract is using the wrong shared code
in docs and tests, while `CodeNotFoundEndpoint` should be the published value
for endpoint 404s and `CodeNotFoundGeneric` should remain for resource lookup
failures. Update every place that publishes or asserts the route-level 404
response to use `CodeNotFoundEndpoint` consistently, and leave
`CodeNotFoundGeneric` unchanged for generic/not-found resource cases; use the
`pkg/errors` constants as the source of truth when fixing downstream fixtures
and documentation.

---

Outside diff comments:
In `@pkg/api/error.go`:
- Around line 22-30: The 404 ProblemDetails in error handling are inconsistent
with CodeNotFoundEndpoint semantics because the Title and Detail still describe
a generic resource miss. Update the response construction in the error response
path that builds openapi.ProblemDetails so the Title and Detail consistently
describe an endpoint/route not found, matching the CodeNotFoundEndpoint value
and the existing errors.ErrorTypeNotFound. Keep the same identifiers and
structure, just align the text fields with the endpoint-not-found meaning.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: c06c4e39-beaa-40d9-800b-c418a45f5bc3

📥 Commits

Reviewing files that changed from the base of the PR and between 47284f3 and f5a4809.

📒 Files selected for processing (2)

• pkg/api/error.go
• pkg/errors/errors.go

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• openshift-hyperfleet/architecture (manual)
• openshift-hyperfleet/hyperfleet-api (manual)
• openshift-hyperfleet/hyperfleet-sentinel (manual)
• openshift-hyperfleet/hyperfleet-adapter (manual)
• openshift-hyperfleet/hyperfleet-broker (manual)

[kuudori]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kuudori

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [kuudori]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment