rpk: improve error messages in security/acl

[r-vasquez]

Fixes #24278

• 3d21ec9 Adds the ErrMessage field that comes from the ACLCreate response to our Error:

$ rpk security acl create --allow-role "RedpandaRole:admin" --operation read --topic foo
PRINCIPAL           HOST  RESOURCE-TYPE  RESOURCE-NAME  RESOURCE-PATTERN-TYPE  OPERATION  PERMISSION  ERROR
RedpandaRole:admin  *     TOPIC          foo            LITERAL                READ       ALLOW       INVALID_CONFIG: A Redpanda Enterprise Edition license is required to create an ACL with a role binding. To request an Enterprise license, please visit https://redpanda.com/upgrade. To try Redpanda Enterprise for 30 days, visit https://redpanda.com/try-enterprise.

• 9625c2f decode the Error Message from the admin API to avoid printing the full json (We log now the json response)

# Previously
$ rpk security role create admin
unable to create role "admin": request POST http://127.0.0.1:9644/v1/security/roles failed: Forbidden, body: "{\"message\": \"Enterprise License Required\", \"code\": 403}"

# Now
$ rpk security role create admin
unable to create role "admin": Enterprise License Required

The log will be:

12:42:40.026  DEBUG  got admin API error: request POST http://127.0.0.1:9644/v1/security/roles failed: Forbidden, body: "{\"message\": \"Enterprise License Required\", \"code\": 403}"

Backports Required

• none - not a bug fix
• none - this is a backport
• none - issue does not exist in previous branches
• none - papercut/not impactful enough to backport
• v24.3.x
• v24.2.x
• v24.1.x

Release Notes

• none

[gene-redpanda]

LGTM, I like this concept.

[mattschumpert]

I guess we could add the same CTAs to the create role command response as well?

But up to you @r-vasquez

lgtm.

[r-vasquez]

@mattschumpert This comes from the Admin API, which is actually adding the CTA now 👍 (#24261) I tested on a nightly that's why you don't see it in my example.

except the first one that @BenPope tested for me 🤣

[vbotbuildovich]

non flaky failures in https://buildkite.com/redpanda/redpanda/builds/58809#01936975-6b36-4eb6-9e91-b473e1bfc49a:

"rptest.tests.rpk_role_test.RpkRoleTest.test_create_list_delete"

non flaky failures in https://buildkite.com/redpanda/redpanda/builds/58809#01936975-6b40-413c-a5ec-2962037bac74:

"rptest.tests.rpk_role_test.RpkRoleTest.test_assign_describe"

non flaky failures in https://buildkite.com/redpanda/redpanda/builds/58809#01936975-6b3d-4866-9bfa-8f0780d05ca8:

"rptest.tests.acls_test.AccessControlListTestUpgrade.test_invalid_acl_topic_name"

non flaky failures in https://buildkite.com/redpanda/redpanda/builds/58809#0193697a-055f-4085-ac52-3283f4ac1cbc:

"rptest.tests.rpk_role_test.RpkRoleTest.test_assign_describe"

non flaky failures in https://buildkite.com/redpanda/redpanda/builds/58809#0193697a-0564-447e-9d21-e7522d7e3e99:

"rptest.tests.acls_test.AccessControlListTestUpgrade.test_invalid_acl_topic_name"

non flaky failures in https://buildkite.com/redpanda/redpanda/builds/58809#0193697a-0561-40eb-9dcb-dd11fa9f75ca:

"rptest.tests.rpk_role_test.RpkRoleTest.test_create_list_delete"

[vbotbuildovich]

Retry command for Build#58809

please wait until all jobs are finished before running the slash command

/ci-repeat 1
tests/rptest/tests/rpk_role_test.py::RpkRoleTest.test_create_list_delete
tests/rptest/tests/rpk_role_test.py::RpkRoleTest.test_assign_describe
tests/rptest/tests/acls_test.py::AccessControlListTestUpgrade.test_invalid_acl_topic_name

[r-vasquez]

Force Push:

• Fix ducktape test assertion now that our error message contains more than the error
• Handle nil error case in TryDecodeMessage

[vbotbuildovich]

the below tests from https://buildkite.com/redpanda/redpanda/builds/58824#019369d8-c3a6-407f-9ab3-32de9ff2cb41 have failed and will be retried

storage_e2e_single_thread_rpunit

[vbotbuildovich]

/backport v24.3.x