[errors] de-specialize Transient in favor of Tags.

tokenserver/appengine/impl/certchecker/certchecker.go

 // Copyright 2016 The LUCI Authors. All rights reserved.
 // Use of this source code is governed under the Apache License, Version 2.0
 // that can be found in the LICENSE file.
 
 // Package certchecker contains implementation of CertChecker.
 //
 // CertChecker knows how to check certificate signatures and revocation status.
 //
 // Uses datastore entities managed by 'certconfig' package.
 package certchecker
 
 import (
         "crypto/x509"
         "fmt"
         "time"
 
         "golang.org/x/net/context"
 
         ds "github.com/luci/gae/service/datastore"
         "github.com/luci/gae/service/info"
         "github.com/luci/luci-go/common/clock"
         "github.com/luci/luci-go/common/data/caching/lazyslot"
         "github.com/luci/luci-go/common/data/caching/proccache"
-        "github.com/luci/luci-go/common/errors"
+        "github.com/luci/luci-go/common/retry/transient"
 
         "github.com/luci/luci-go/tokenserver/appengine/impl/certconfig"
 )
 
 const (
         // RefetchCAPeriod is how often to check CA entity in the datastore.
         //
         // A big value here is acceptable, since CA is changing only when service
         // config is changing (which happens infrequently).
         RefetchCAPeriod = 5 * time.Minute
@@ skipping 98 matching lines @@
 //
 // It caches CertChecker objects in local memory and reuses them between
 // requests.
 func GetCertChecker(c context.Context, cn string) (*CertChecker, error) {
         checker, err := proccache.GetOrMake(c, proccacheKey(cn), func() (interface{}, time.Duration, error) {
                 // To avoid storing CertChecker for non-existent CAs in local memory forever,
                 // we do a datastore check when creating the checker. It happens once during
                 // the process lifetime.
                 switch exists, err := ds.Exists(c, ds.NewKey(c, "CA", cn, 0, nil)); {
                 case err != nil:
-                        return nil, 0, errors.WrapTransient(err)
+                        return nil, 0, transient.Tag.Apply(err)
                 case !exists.All():
                         return nil, 0, Error{
                                 error:  fmt.Errorf("no such CA %q", cn),
                                 Reason: NoSuchCA,
                         }
                 }
                 checker := &CertChecker{
                         CN:  cn,
                         CRL: certconfig.NewCRLChecker(cn, certconfig.CRLShardCount, refetchCRLPeriod(c)),
                 }
@@ skipping 122 matching lines @@
 // certconfig.CA struct (that will be cached in ch.ca as usual). It acts as an
 // indicator to GetCA to return NoSuchCA error, since returning a error here
 // would just cause a retry of 'refetchCA' later, and returning (nil, nil) is
 // forbidden (per lazyslot.Slot API).
 func (ch *CertChecker) refetchCA(c context.Context) (*certconfig.CA, error) {
         ca := &certconfig.CA{CN: ch.CN}
         switch err := ds.Get(c, ca); {
         case err == ds.ErrNoSuchEntity:
                 return &certconfig.CA{}, nil // GetCA knows that empty struct means "no such CA"
         case err != nil:
-                return nil, errors.WrapTransient(err)
+                return nil, transient.Tag.Apply(err)
         }
 
         parsedConf, err := ca.ParseConfig()
         if err != nil {
                 return nil, fmt.Errorf("can't parse stored config for %q - %s", ca.CN, err)
         }
         ca.ParsedConfig = parsedConf
 
         parsedCert, err := x509.ParseCertificate(ca.Cert)
         if err != nil {
                 return nil, fmt.Errorf("can't parse stored cert for %q - %s", ca.CN, err)
         }
         ca.ParsedCert = parsedCert
 
         return ca, nil
 }