[errors] de-specialize Transient in favor of Tags.

appengine/gaeauth/server/oauth.go

 // Copyright 2015 The LUCI Authors. All rights reserved.
 // Use of this source code is governed under the Apache License, Version 2.0
 // that can be found in the LICENSE file.
 
 package server
 
 import (
         "fmt"
         "net/http"
         "strings"
         "time"
 
         "golang.org/x/net/context"
 
         "github.com/luci/gae/service/info"
         "github.com/luci/gae/service/urlfetch"
         "github.com/luci/gae/service/user"
 
         "github.com/luci/luci-go/common/data/caching/proccache"
         "github.com/luci/luci-go/common/errors"
         "github.com/luci/luci-go/common/gcloud/googleoauth"
         "github.com/luci/luci-go/common/logging"
+        "github.com/luci/luci-go/common/retry"
         "github.com/luci/luci-go/server/auth"
         "github.com/luci/luci-go/server/auth/identity"
 )
 
 // EmailScope is a scope used to identifies user's email. Present in most tokens
 // by default. Can be used as a base scope for authentication.
 const EmailScope = "https://www.googleapis.com/auth/userinfo.email"
 
 // OAuth2Method implements auth.Method on top of GAE OAuth2 API. It doesn't
 // implement auth.UsersAPI.
@@ skipping 38 matching lines @@
                 if idErr != nil {
                         return nil, idErr
                 }
                 return &auth.User{
                         Identity:  id,
                         Superuser: u.Admin,
                         Email:     u.Email,
                         ClientID:  u.ClientID,
                 }, nil
         }
-        return nil, errors.WrapTransient(err)
+        return nil, retry.Tag.Apply(err)
 }
 
 type tokenCheckCache string
 
 // authenticateDevServer is called on dev server. It is using OAuth2 tokeninfo
 // endpoint via URL fetch. It is slow as hell, but good enough for local manual
 // testing.
 func (m *OAuth2Method) authenticateDevServer(c context.Context, header string, scopes []string) (*auth.User, error) {
         chunks := strings.SplitN(header, " ", 2)
         if len(chunks) != 2 || (chunks[0] != "OAuth" && chunks[0] != "Bearer") {
@@ skipping 10 matching lines @@
         logging.Infof(c, "oauth: Querying tokeninfo endpoint")
         tokenInfo, err := googleoauth.GetTokenInfo(c, googleoauth.TokenInfoParams{
                 AccessToken: accessToken,
                 Client:      &http.Client{Transport: urlfetch.Get(c)},
                 Endpoint:    m.tokenInfoEndpoint,
         })
         if err != nil {
                 if err == googleoauth.ErrBadToken {
                         return nil, err
                 }
-                return nil, errors.WrapTransient(fmt.Errorf("oauth: transient error when validating token - %s", err))
+                return nil, errors.Annotate(err).Reason("oauth: transient error when validating token").
+                        Tag(retry.Tag).Err()
         }
 
         // Verify the token contains a validated email.
         switch {
         case tokenInfo.Email == "":
                 return nil, fmt.Errorf("oauth: token is not associated with an email")
         case !tokenInfo.EmailVerified:
                 return nil, fmt.Errorf("oauth: email %s is not verified", tokenInfo.Email)
         }
         if tokenInfo.ExpiresIn <= 0 {
@@ skipping 17 matching lines @@
                 return nil, err
         }
         u := &auth.User{
                 Identity: id,
                 Email:    tokenInfo.Email,
                 ClientID: tokenInfo.Aud,
         }
         proccache.Put(c, tokenCheckCache(accessToken), u, time.Duration(tokenInfo.ExpiresIn)*time.Second)
         return u, nil
 }