[misc] Separate shared code dependencies (#4288)

* Separate shared code dependencies

* Fix import

* Test respective shared code

* Update openapi ref

* Fix test

* Fix test path

shared/management/client/client_test.go

@@ -52,7 +52,7 @@ func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
 	log.SetLevel(level)
 
 	config := &types.Config{}
-	_, err := util.ReadJson("../server/testdata/management.json", config)
+	_, err := util.ReadJson("../../../management/server/testdata/management.json", config)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -62,7 +62,7 @@ func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
 		t.Fatal(err)
 	}
 	s := grpc.NewServer()
-	store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../server/testdata/store.sql", t.TempDir())
+	store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../../management/server/testdata/store.sql", t.TempDir())
 	if err != nil {
 		t.Fatal(err)
 	}

shared/management/client/rest/accounts.go

@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 
-	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/api"
 )
 
 // AccountsAPI APIs for accounts, do not use directly

shared/management/client/rest/accounts_test.go

@@ -14,8 +14,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/netbirdio/netbird/shared/management/client/rest"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/util"
 )
 
 var (

shared/management/client/rest/client.go

@@ -8,7 +8,7 @@ import (
 	"io"
 	"net/http"
 
-	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/shared/management/http/util"
 )
 
 // Client Management service HTTP REST API Client

shared/management/client/rest/client_test.go

@@ -26,7 +26,7 @@ func ptr[T any, PT *T](x T) PT {
 
 func withBlackBoxServer(t *testing.T, callback func(*rest.Client)) {
 	t.Helper()
-	handler, _, _ := testing_tools.BuildApiBlackBoxWithDBState(t, "../../server/testdata/store.sql", nil, false)
+	handler, _, _ := testing_tools.BuildApiBlackBoxWithDBState(t, "../../../../management/server/testdata/store.sql", nil, false)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 	c := rest.New(server.URL, "nbp_apTmlmUXHSC4PKmHwtIZNaGr8eqcVI2gMURp")

shared/management/client/rest/dns.go

@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 
-	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/api"
 )
 
 // DNSAPI APIs for DNS Management, do not use directly

shared/management/client/rest/dns_test.go

@@ -14,8 +14,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/netbirdio/netbird/shared/management/client/rest"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/util"
 )
 
 var (

shared/management/client/rest/events.go

@@ -3,7 +3,7 @@ package rest
 import (
 	"context"
 
-	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/api"
 )
 
 // EventsAPI APIs for Events, do not use directly

shared/management/client/rest/events_test.go

@@ -13,8 +13,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/netbirdio/netbird/shared/management/client/rest"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/util"
 )
 
 var (

shared/management/client/rest/geo.go

@@ -3,7 +3,7 @@ package rest
 import (
 	"context"
 
-	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/api"
 )
 
 // GeoLocationAPI APIs for Geo-Location, do not use directly

shared/management/client/rest/geo_test.go

@@ -13,8 +13,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/netbirdio/netbird/shared/management/client/rest"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/util"
 )
 
 var (

shared/management/client/rest/groups.go

@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 
-	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/api"
 )
 
 // GroupsAPI APIs for Groups, do not use directly

shared/management/client/rest/groups_test.go

@@ -14,8 +14,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/netbirdio/netbird/shared/management/client/rest"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/util"
 )
 
 var (

shared/management/client/rest/impersonation_test.go

@@ -13,7 +13,7 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/netbirdio/netbird/shared/management/client/rest"
-	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/api"
 )
 
 var (

shared/management/client/rest/networks.go

@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 
-	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/api"
 )
 
 // NetworksAPI APIs for Networks, do not use directly

shared/management/client/rest/networks_test.go

@@ -14,8 +14,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/netbirdio/netbird/shared/management/client/rest"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/util"
 )
 
 var (

shared/management/client/rest/peers.go

@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 
-	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/api"
 )
 
 // PeersAPI APIs for peers, do not use directly

shared/management/client/rest/peers_test.go

@@ -14,8 +14,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/netbirdio/netbird/shared/management/client/rest"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/util"
 )
 
 var (

shared/management/client/rest/policies.go

@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 
-	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/api"
 )
 
 // PoliciesAPI APIs for Policies, do not use directly

shared/management/client/rest/policies_test.go

@@ -14,8 +14,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/netbirdio/netbird/shared/management/client/rest"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/util"
 )
 
 var (

shared/management/client/rest/posturechecks.go

@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 
-	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/api"
 )
 
 // PostureChecksAPI APIs for PostureChecks, do not use directly

shared/management/client/rest/posturechecks_test.go

@@ -14,8 +14,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/netbirdio/netbird/shared/management/client/rest"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/util"
 )
 
 var (

shared/management/client/rest/routes.go

@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 
-	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/api"
 )
 
 // RoutesAPI APIs for Routes, do not use directly

shared/management/client/rest/routes_test.go

@@ -14,8 +14,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/netbirdio/netbird/shared/management/client/rest"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/util"
 )
 
 var (

shared/management/client/rest/setupkeys.go

@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 
-	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/api"
 )
 
 // SetupKeysAPI APIs for Setup keys, do not use directly

shared/management/client/rest/setupkeys_test.go

@@ -14,8 +14,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/netbirdio/netbird/shared/management/client/rest"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/util"
 )
 
 var (

shared/management/client/rest/tokens.go

@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 
-	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/api"
 )
 
 // TokensAPI APIs for PATs, do not use directly

shared/management/client/rest/tokens_test.go

@@ -15,8 +15,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/netbirdio/netbird/shared/management/client/rest"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/util"
 )
 
 var (

shared/management/client/rest/users.go

@@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 
-	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/api"
 )
 
 // UsersAPI APIs for users, do not use directly

shared/management/client/rest/users_test.go

@@ -15,8 +15,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/netbirdio/netbird/shared/management/client/rest"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/util"
 )
 
 var (

shared/management/domain/go.sum

@@ -1 +0,0 @@
-golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=

shared/management/http/api/cfg.yaml

@@ -0,0 +1,7 @@
+package: api
+generate:
+  models: true
+  embedded-spec: false
+output: types.gen.go
+compatibility:
+  always-prefix-enum-values: true

shared/management/http/api/generate.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+set -e
+
+if ! which realpath > /dev/null 2>&1
+then
+  echo realpath is not installed
+  echo run: brew install coreutils
+  exit 1
+fi
+
+old_pwd=$(pwd)
+script_path=$(dirname $(realpath "$0"))
+cd "$script_path"
+go install github.com/deepmap/oapi-codegen/cmd/oapi-codegen@4a1477f6a8ba6ca8115cc23bb2fb67f0b9fca18e
+oapi-codegen --config cfg.yaml openapi.yml
+cd "$old_pwd"

shared/management/http/util/util.go

@@ -0,0 +1,118 @@
+package util
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+
+	"github.com/netbirdio/netbird/shared/management/status"
+)
+
+// EmptyObject is an empty struct used to return empty JSON object
+type EmptyObject struct {
+}
+
+type ErrorResponse struct {
+	Message string `json:"message"`
+	Code    int    `json:"code"`
+}
+
+// WriteJSONObject simply writes object to the HTTP response in JSON format
+func WriteJSONObject(ctx context.Context, w http.ResponseWriter, obj interface{}) {
+	w.Header().Set("Content-Type", "application/json; charset=UTF-8")
+	w.WriteHeader(http.StatusOK)
+	err := json.NewEncoder(w).Encode(obj)
+	if err != nil {
+		WriteError(ctx, err, w)
+		return
+	}
+}
+
+// Duration is used strictly for JSON requests/responses due to duration marshalling issues
+type Duration struct {
+	time.Duration
+}
+
+// MarshalJSON marshals the duration
+func (d Duration) MarshalJSON() ([]byte, error) {
+	return json.Marshal(d.String())
+}
+
+// UnmarshalJSON unmarshals the duration
+func (d *Duration) UnmarshalJSON(b []byte) error {
+	var v interface{}
+	if err := json.Unmarshal(b, &v); err != nil {
+		return err
+	}
+	switch value := v.(type) {
+	case float64:
+		d.Duration = time.Duration(value)
+		return nil
+	case string:
+		var err error
+		d.Duration, err = time.ParseDuration(value)
+		if err != nil {
+			return err
+		}
+		return nil
+	default:
+		return errors.New("invalid duration")
+	}
+}
+
+// WriteErrorResponse prepares and writes an error response i nJSON
+func WriteErrorResponse(errMsg string, httpStatus int, w http.ResponseWriter) {
+	w.Header().Set("Content-Type", "application/json; charset=UTF-8")
+	w.WriteHeader(httpStatus)
+	err := json.NewEncoder(w).Encode(&ErrorResponse{
+		Message: errMsg,
+		Code:    httpStatus,
+	})
+	if err != nil {
+		http.Error(w, "failed handling request", http.StatusInternalServerError)
+	}
+}
+
+// WriteError converts an error to an JSON error response.
+// If it is known internal error of type server.Error then it sets the messages from the error, a generic message otherwise
+func WriteError(ctx context.Context, err error, w http.ResponseWriter) {
+	log.WithContext(ctx).Errorf("got a handler error: %s", err.Error())
+	errStatus, ok := status.FromError(err)
+	httpStatus := http.StatusInternalServerError
+	msg := "internal server error"
+	if ok {
+		switch errStatus.Type() {
+		case status.UserAlreadyExists:
+			httpStatus = http.StatusConflict
+		case status.AlreadyExists:
+			httpStatus = http.StatusConflict
+		case status.PreconditionFailed:
+			httpStatus = http.StatusPreconditionFailed
+		case status.PermissionDenied:
+			httpStatus = http.StatusForbidden
+		case status.NotFound:
+			httpStatus = http.StatusNotFound
+		case status.Internal:
+			httpStatus = http.StatusInternalServerError
+		case status.InvalidArgument:
+			httpStatus = http.StatusUnprocessableEntity
+		case status.Unauthorized:
+			httpStatus = http.StatusUnauthorized
+		case status.BadRequest:
+			httpStatus = http.StatusBadRequest
+		default:
+		}
+		msg = strings.ToLower(err.Error())
+	} else {
+		unhandledMSG := fmt.Sprintf("got unhandled error code, error: %s", err.Error())
+		log.WithContext(ctx).Error(unhandledMSG)
+	}
+
+	WriteErrorResponse(msg, httpStatus, w)
+}

shared/management/operations/operation.go

@@ -0,0 +1,4 @@
+package operations
+
+// Operation represents a permission operation type
+type Operation string

shared/management/status/error.go

@@ -0,0 +1,243 @@
+package status
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/netbirdio/netbird/shared/management/operations"
+)
+
+const (
+	// UserAlreadyExists indicates that user already exists
+	UserAlreadyExists Type = 1
+
+	// PreconditionFailed indicates that some pre-condition for the operation hasn't been fulfilled
+	PreconditionFailed Type = 2
+
+	// PermissionDenied indicates that user has no permissions to view data
+	PermissionDenied Type = 3
+
+	// NotFound indicates that the object wasn't found in the system (or under a given Account)
+	NotFound Type = 4
+
+	// Internal indicates some generic internal error
+	Internal Type = 5
+
+	// InvalidArgument indicates some generic invalid argument error
+	InvalidArgument Type = 6
+
+	// AlreadyExists indicates a generic error when an object already exists in the system
+	AlreadyExists Type = 7
+
+	// Unauthorized indicates that user is not authorized
+	Unauthorized Type = 8
+
+	// BadRequest indicates that user is not authorized
+	BadRequest Type = 9
+
+	// Unauthenticated indicates that user is not authenticated due to absence of valid credentials
+	Unauthenticated Type = 10
+)
+
+// Type is a type of the Error
+type Type int32
+
+var ErrExtraSettingsNotFound = fmt.Errorf("extra settings not found")
+
+// Error is an internal error
+type Error struct {
+	ErrorType Type
+	Message   string
+}
+
+// Type returns the Type of the error
+func (e *Error) Type() Type {
+	return e.ErrorType
+}
+
+// Error is an error string
+func (e *Error) Error() string {
+	return e.Message
+}
+
+// Errorf returns Error(ErrorType, fmt.Sprintf(format, a...)).
+func Errorf(errorType Type, format string, a ...interface{}) error {
+	return &Error{
+		ErrorType: errorType,
+		Message:   fmt.Sprintf(format, a...),
+	}
+}
+
+// FromError returns Error, true if the provided error is of type of Error. nil, false otherwise
+func FromError(err error) (s *Error, ok bool) {
+	if err == nil {
+		return nil, true
+	}
+	var e *Error
+	if errors.As(err, &e) {
+		return e, true
+	}
+	return nil, false
+}
+
+// NewPeerNotFoundError creates a new Error with NotFound type for a missing peer
+func NewPeerNotFoundError(peerKey string) error {
+	return Errorf(NotFound, "peer not found: %s", peerKey)
+}
+
+// NewAccountNotFoundError creates a new Error with NotFound type for a missing account
+func NewAccountNotFoundError(accountKey string) error {
+	return Errorf(NotFound, "account not found: %s", accountKey)
+}
+
+// NewAccountOnboardingNotFoundError creates a new Error with NotFound type for a missing account onboarding
+func NewAccountOnboardingNotFoundError(accountKey string) error {
+	return Errorf(NotFound, "account onboarding not found: %s", accountKey)
+}
+
+// NewPeerNotPartOfAccountError creates a new Error with PermissionDenied type for a peer not being part of an account
+func NewPeerNotPartOfAccountError() error {
+	return Errorf(PermissionDenied, "peer is not part of this account")
+}
+
+// NewUserNotFoundError creates a new Error with NotFound type for a missing user
+func NewUserNotFoundError(userKey string) error {
+	return Errorf(NotFound, "user: %s not found", userKey)
+}
+
+// NewUserBlockedError creates a new Error with PermissionDenied type for a blocked user
+func NewUserBlockedError() error {
+	return Errorf(PermissionDenied, "user is blocked")
+}
+
+// NewPeerNotRegisteredError creates a new Error with Unauthenticated type unregistered peer
+func NewPeerNotRegisteredError() error {
+	return Errorf(Unauthenticated, "peer is not registered")
+}
+
+// NewPeerLoginMismatchError creates a new Error with Unauthenticated type for a peer that is already registered for another user
+func NewPeerLoginMismatchError() error {
+	return Errorf(Unauthenticated, "peer is already registered by a different User or a Setup Key")
+}
+
+// NewPeerLoginExpiredError creates a new Error with PermissionDenied type for an expired peer
+func NewPeerLoginExpiredError() error {
+	return Errorf(PermissionDenied, "peer login has expired, please log in once more")
+}
+
+// NewSetupKeyNotFoundError creates a new Error with NotFound type for a missing setup key
+func NewSetupKeyNotFoundError(setupKeyID string) error {
+	return Errorf(NotFound, "setup key: %s not found", setupKeyID)
+}
+
+func NewGetAccountFromStoreError(err error) error {
+	return Errorf(Internal, "issue getting account from store: %s", err)
+}
+
+// NewUserNotPartOfAccountError creates a new Error with PermissionDenied type for a user not being part of an account
+func NewUserNotPartOfAccountError() error {
+	return Errorf(PermissionDenied, "user is not part of this account")
+}
+
+// NewGetUserFromStoreError creates a new Error with Internal type for an issue getting user from store
+func NewGetUserFromStoreError() error {
+	return Errorf(Internal, "issue getting user from store")
+}
+
+// NewAdminPermissionError creates a new Error with PermissionDenied type for actions requiring admin role.
+func NewAdminPermissionError() error {
+	return Errorf(PermissionDenied, "admin role required to perform this action")
+}
+
+// NewInvalidKeyIDError creates a new Error with InvalidArgument type for an issue getting a setup key
+func NewInvalidKeyIDError() error {
+	return Errorf(InvalidArgument, "invalid key ID")
+}
+
+// NewGetAccountError creates a new Error with Internal type for an issue getting account
+func NewGetAccountError(err error) error {
+	return Errorf(Internal, "error getting account: %s", err)
+}
+
+// NewGroupNotFoundError creates a new Error with NotFound type for a missing group
+func NewGroupNotFoundError(groupID string) error {
+	return Errorf(NotFound, "group: %s not found", groupID)
+}
+
+// NewPostureChecksNotFoundError creates a new Error with NotFound type for a missing posture checks
+func NewPostureChecksNotFoundError(postureChecksID string) error {
+	return Errorf(NotFound, "posture checks: %s not found", postureChecksID)
+}
+
+// NewPolicyNotFoundError creates a new Error with NotFound type for a missing policy
+func NewPolicyNotFoundError(policyID string) error {
+	return Errorf(NotFound, "policy: %s not found", policyID)
+}
+
+// NewNameServerGroupNotFoundError creates a new Error with NotFound type for a missing name server group
+func NewNameServerGroupNotFoundError(nsGroupID string) error {
+	return Errorf(NotFound, "nameserver group: %s not found", nsGroupID)
+}
+
+// NewNetworkNotFoundError creates a new Error with NotFound type for a missing network.
+func NewNetworkNotFoundError(networkID string) error {
+	return Errorf(NotFound, "network: %s not found", networkID)
+}
+
+// NewNetworkRouterNotFoundError creates a new Error with NotFound type for a missing network router.
+func NewNetworkRouterNotFoundError(routerID string) error {
+	return Errorf(NotFound, "network router: %s not found", routerID)
+}
+
+// NewNetworkResourceNotFoundError creates a new Error with NotFound type for a missing network resource.
+func NewNetworkResourceNotFoundError(resourceID string) error {
+	return Errorf(NotFound, "network resource: %s not found", resourceID)
+}
+
+// NewPermissionDeniedError creates a new Error with PermissionDenied type for a permission denied error.
+func NewPermissionDeniedError() error {
+	return Errorf(PermissionDenied, "permission denied")
+}
+
+func NewPermissionValidationError(err error) error {
+	return Errorf(PermissionDenied, "failed to validate user permissions: %s", err)
+}
+
+func NewResourceNotPartOfNetworkError(resourceID, networkID string) error {
+	return Errorf(BadRequest, "resource %s is not part of the network %s", resourceID, networkID)
+}
+
+func NewRouterNotPartOfNetworkError(routerID, networkID string) error {
+	return Errorf(BadRequest, "router %s is not part of the network %s", routerID, networkID)
+}
+
+// NewServiceUserRoleInvalidError creates a new Error with InvalidArgument type for creating a service user with owner role
+func NewServiceUserRoleInvalidError() error {
+	return Errorf(InvalidArgument, "can't create a service user with owner role")
+}
+
+// NewOwnerDeletePermissionError creates a new Error with PermissionDenied type for attempting
+// to delete a user with the owner role.
+func NewOwnerDeletePermissionError() error {
+	return Errorf(PermissionDenied, "can't delete a user with the owner role")
+}
+
+func NewPATNotFoundError(patID string) error {
+	return Errorf(NotFound, "PAT: %s not found", patID)
+}
+
+func NewExtraSettingsNotFoundError() error {
+	return ErrExtraSettingsNotFound
+}
+
+func NewUserRoleNotFoundError(role string) error {
+	return Errorf(NotFound, "user role: %s not found", role)
+}
+
+func NewOperationNotFoundError(operation operations.Operation) error {
+	return Errorf(NotFound, "operation: %s not found", operation)
+}
+
+func NewRouteNotFoundError(routeID string) error {
+	return Errorf(NotFound, "route: %s not found", routeID)
+}