sc-14491 Part 2: Updates GDS endpoints

[DanielSollis]

Scope of changes

Updates the GDS endpoints as part of the email verification epic.

Type of change

• bug fix
• new feature
• documentation
• other (describe)

Acceptance criteria

Describe how reviewers can test this change to be sure that it works correctly. Add a checklist if possible

Author checklist

• I have manually tested the change and/or added automation in the form of unit tests or integration tests
• I have updated the dependencies list
• I have recompiled and included new protocol buffers to reflect changes I made
• I have added new test fixtures as needed to support added tests
• Check this box if a reviewer can merge this pull request after approval (leave it unchecked if you want to do it yourself)
• I have moved the associated Shortcut story to "Ready for Review"

Reviewer(s) checklist

• Any new user-facing content that has been added for this PR has been QA'ed to ensure correct grammar, spelling, and understandability.

[pdeziel]

I had a few easy suggested changes and some broader design-oriented questions, let me know if you want to discuss.

[pdeziel]

Note that ideally we want to do the logging as close to the handlers as possible; I realize that the existing method also did logging here, so maybe we should just create a follow on story to remove the logging in this file and push it into the handlers.

[pdeziel]

Do we still need to iterate through the VASP's contacts to determine which contact(s) to mark verified? GetContactEmail only returns the first email in the contact order, but we still want to have a way to verify the other contacts right? For example, if the technical contact is verified then this endpoint would always return "contact already verified" which means that even with the right token we wouldn't be able to verify the other contacts.

[pdeziel]

Ok, I think we're getting closer, although we might be getting our wires crossed between what needs to be on the VASP contact vs. the new model contact. Do you want to meet up to try to sketch that out?

[pdeziel]

Structurally this looks good, I just had a lot of small comments relating to error messages and one slightly more important one relating to the found = true logic. Hopefully not too painful to apply those suggestions. I appreciate the code comments!

I think there is one additional change we need to make. In Register, we should set the VASP to pending review by copying the steps at the end of VerifyContact (it involves sending the review request to the admins). This will allow VASPs with an already verified email address to skip the VerifyContact process. I propose that we create a helper method that can be called by both Register and VerifyContact. Error handling might be tricky, so I think we should create a separate story for this.

[pdeziel]

Note: we probably want to distinguish between "not found" errors and all other database errors. In the "not found" case we want to do what you're doing here, create the contact since the store told us it doesn't exist. In the second case we actually aren't sure if the contact exists, it's possible that kubernetes bounced the trtl pod or something. In that case we just want to return a status error aborted to avoid overwriting an existing contact.

We should be able to do if errors.Is(err, storeerrors.ErrEntityNotFound) (may have to import the package above) to check for the not found error, and more generally we should be doing this for all the s.db.Retrieve error handling. However, it's possible that other places in the code don't have this handling because this code is old.

[pdeziel]

Approved so you can move forward, although I did have one remaining comment. Thanks for you patience on this!

[pdeziel]

Can we remove the found = true or is that causing issues?