From 5bb44a4a5c256c0d4052656ede20a3eda6df6066 Mon Sep 17 00:00:00 2001
From: Xe Iaso <xe@tailscale.com>
Date: Fri, 8 Jul 2022 10:53:50 -0400
Subject: [PATCH] cmd/gitops-pusher: correctly handle ACL tests failing (#5016)

Apparently the API for running ACL tests returns a 200 if the ACL tests
fail. This is weird, but we can handle it.

Signed-off-by: Xe <xe@tailscale.com>
---
 cmd/gitops-pusher/gitops-pusher.go | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/cmd/gitops-pusher/gitops-pusher.go b/cmd/gitops-pusher/gitops-pusher.go
index d27565816..0a1427a4b 100644
--- a/cmd/gitops-pusher/gitops-pusher.go
+++ b/cmd/gitops-pusher/gitops-pusher.go
@@ -132,7 +132,13 @@ func applyNewACL(ctx context.Context, tailnet, apiKey, policyFname, oldEtag stri
 	got := resp.StatusCode
 	want := http.StatusOK
 	if got != want {
-		return fmt.Errorf("wanted HTTP status code %d but got %d", want, got)
+		var ate ACLTestError
+		err := json.NewDecoder(resp.Body).Decode(&ate)
+		if err != nil {
+			return err
+		}
+
+		return ate
 	}
 
 	return nil
@@ -159,13 +165,19 @@ func testNewACLs(ctx context.Context, tailnet, apiKey, policyFname string) error
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != http.StatusOK {
-		var ate ACLTestError
-		err := json.NewDecoder(resp.Body).Decode(&ate)
-		if err != nil {
-			return err
-		}
+	got := resp.StatusCode
+	want := http.StatusOK
+	if got != want {
+		return fmt.Errorf("wanted HTTP status code %d but got %d", want, got)
+	}
+
+	var ate ACLTestError
+	err = json.NewDecoder(resp.Body).Decode(&ate)
+	if err != nil {
+		return err
+	}
 
+	if len(ate.Data) != 0 {
 		return ate
 	}