refactor: Migrate VPC Peering API handlers to WithTx

[chet]

Description

Continues the WithTx migration, covering both BeginTx sites in vpcpeering.go (Create and Delete).

Both handlers trigger workflows and wait on we.Get, so they're also adopting our little timeoutResp pattern that has evolved over a few of these PRs.

Callouts are:

• Create and Delete both use WithTx + timeoutResp. Create's single vpcPeering output would fit WithTxResult shape-wise, but mixing that with the outer-scope timeoutResp closure isn't a great fit.
• Validation reads (site, VPCs, tenant accounts, tenant sites, existing peerings) were already outside the legacy tx and stay there.
• Errors switched to NewAPIError.

Signed-off-by: Chet Nichols III chetn@nvidia.com

Type of Change

• Feature - New feature or functionality (feat:)
• Fix - Bug fixes (fix:)
• Chore - Modification or removal of existing functionality (chore:)
• Refactor - Refactoring of existing functionality (refactor:)
• Docs - Changes in documentation or OpenAPI schema (docs:)
• CI - Changes in GitHub workflows. Requires additional scrutiny (ci:)
• Version - Issuing a new release version (version:)

Services Affected

• API - API models or endpoints updated
• Workflow - Workflow service updated
• DB - DB DAOs or migrations updated
• Site Manager - Site Manager updated
• Cert Manager - Cert Manager updated
• Site Agent - Site Agent updated
• Flow - Flow service updated
• Powershelf Manager - Powershelf Manager updated
• NVSwitch Manager - NVSwitch Manager updated

Related Issues (Optional)

Breaking Changes

• This PR contains breaking changes

Testing

• Unit tests added/updated
• Integration tests added/updated
• Manual testing performed
• No testing required (docs, internal refactor, etc.)

Additional Notes

[coderabbitai]

Summary by CodeRabbit

• Refactor
  • Improved transaction handling for VPC peering create and delete operations with simplified code structure.

Walkthrough

This PR refactors the VPC peering create and delete handlers to adopt a closure-based transaction pattern using cdb.WithTx, replacing explicit BeginTx/Commit logic. Workflow timeout termination is deferred to run after transaction completion, while best-effort post-transaction operations remain outside the closure. The database/sql import is removed as it is no longer required.

Changes

VPC Peering Handler Transaction Refactoring

Layer / File(s)	Summary
Import cleanup and transaction pattern transition api/pkg/api/handler/vpcpeering.go	The database/sql import is removed, as the closure-based cdb.WithTx pattern eliminates the need for manual transaction management.
CreateVpcPeeringHandler transaction closure pattern api/pkg/api/handler/vpcpeering.go	VPC peering and status-detail creation, initial status transition to Configuring, and workflow execution are now executed within a cdb.WithTx closure. Timeout termination is deferred via timeoutResp to execute after transaction unwinding. The best-effort status transition to Ready is performed outside the transaction using the vpcPeering captured from within the closure.
DeleteVpcPeeringHandler transaction closure pattern api/pkg/api/handler/vpcpeering.go	Status update to Deleting and Temporal workflow execution are moved into the cdb.WithTx closure. Timeout termination is deferred similarly, and the best-effort database deletion operation executes after the transaction closure completes.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the primary change: migrating VPC Peering API handlers from manual transaction management to the WithTx pattern.
Description check	✅ Passed	The description provides comprehensive context about the WithTx migration, transaction handling patterns, and architectural decisions made during refactoring.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔐 TruffleHog Secret Scan

✅ No secrets or credentials found!

Your code has been scanned for 700+ types of secrets and credentials. All clear! 🎉

🔗 View scan details

_{🕐 Last updated: 2026-05-21 20:35:22 UTC | Commit: 667237e}

[coderabbitai]

🧹 Nitpick comments (1)

api/pkg/api/handler/vpcpeering.go (1)

279-406: 🏗️ Heavy lift

Add regression coverage for the new WithTx/timeout contract.

These two paths now depend on subtle control flow: handler-scoped API errors returned from inside WithTx, real commit/rollback failures winning over timeoutResp, and best-effort post-commit work staying outside the transaction. Please pin those branches with focused handler tests before more handlers adopt the same pattern.

Also applies to: 872-959

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@api/pkg/api/handler/vpcpeering.go` around lines 279 - 406, Add focused
regression tests for the new cdb.WithTx + timeoutResp contract in the VPC
Peering handler: write tests that simulate (1) a workflow timeout inside the
WithTx closure causing timeoutResp to be set (use a fake Temporal client
returning a TimeoutError) and assert timeoutResp() is called only after the DB
transaction commit/rollback and that common.TerminateWorkflowOnTimeOut is
invoked; (2) a real DB commit/rollback failure (make cdb.WithTx return a
non-cutil.APIError) and assert that HandleTxError wins over timeoutResp; and (3)
handler-scoped API errors returned from inside the closure (returning
cutil.NewAPIError) and assert they surface unchanged and that post-commit
best-effort work (the timeoutResp invocation) is not executed pre-commit; apply
the same test patterns to the other handler region flagged (lines ~872-959). Use
the handler entry point that constructs vpcPeering, timeoutResp, cdb.WithTx,
common.TerminateWorkflowOnTimeOut, and common.HandleTxError to target the exact
control-flow.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@api/pkg/api/handler/vpcpeering.go`:
- Around line 279-406: Add focused regression tests for the new cdb.WithTx +
timeoutResp contract in the VPC Peering handler: write tests that simulate (1) a
workflow timeout inside the WithTx closure causing timeoutResp to be set (use a
fake Temporal client returning a TimeoutError) and assert timeoutResp() is
called only after the DB transaction commit/rollback and that
common.TerminateWorkflowOnTimeOut is invoked; (2) a real DB commit/rollback
failure (make cdb.WithTx return a non-cutil.APIError) and assert that
HandleTxError wins over timeoutResp; and (3) handler-scoped API errors returned
from inside the closure (returning cutil.NewAPIError) and assert they surface
unchanged and that post-commit best-effort work (the timeoutResp invocation) is
not executed pre-commit; apply the same test patterns to the other handler
region flagged (lines ~872-959). Use the handler entry point that constructs
vpcPeering, timeoutResp, cdb.WithTx, common.TerminateWorkflowOnTimeOut, and
common.HandleTxError to target the exact control-flow.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 1efb9df9-8c94-41ac-9cc1-c786e85ba57a

📥 Commits

Reviewing files that changed from the base of the PR and between f813f8d and 667237e.

📒 Files selected for processing (1)

• api/pkg/api/handler/vpcpeering.go

[github-actions]

🔍 Container Scan Summary

Service	Total	Critical	High	Medium	Low	Other
nico-flow	66	4	34	18	2	8
nico-nsm	82	2	28	43	9	0
nico-psm	67	4	35	18	2	8
nico-rest-api	100	6	53	30	3	8
nico-rest-cert-manager	65	4	34	18	1	8
nico-rest-db	66	4	34	18	2	8
nico-rest-site-agent	65	4	34	18	1	8
nico-rest-site-manager	65	4	34	18	1	8
nico-rest-workflow	67	4	35	18	2	8
TOTAL	643	36	321	199	23	64

Per-CVE detail lives in the per-service grype-* artifacts (JSON + SARIF). Severity counts only — no CVE IDs published here.