From f4f7d853ba040c2ac6b3b2e398ba27f7e355edb8 Mon Sep 17 00:00:00 2001
From: Daniel Maksymilian Syrnicki <info@danielmaksymilian.com>
Date: Sat, 18 Apr 2026 14:06:09 +0200
Subject: [PATCH] chore(smoke): surface PVE response body on API failure

api() was swallowing Proxmox's error body because callers pipe its
output to /dev/null. With a bare "curl: (22) 403" in the log we can't
tell which permission is missing. Now we capture the response body,
print it to stderr on failure, and only emit it to stdout on success.

No behaviour change on the happy path.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 scripts/smoke-vm.sh | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/scripts/smoke-vm.sh b/scripts/smoke-vm.sh
index 5166b89..b449a29 100755
--- a/scripts/smoke-vm.sh
+++ b/scripts/smoke-vm.sh
@@ -43,9 +43,22 @@ SHORT_SHA="${SHA:0:12}"
 API="https://${PVE_TEST_HOST}:8006/api2/json"
 
 api() {
-  curl --silent --show-error --fail-with-body -k \
+  # Wrapper so that on non-2xx we print the PVE response body to stderr
+  # before bubbling the failure — otherwise `--fail-with-body` output
+  # gets swallowed by callers that pipe to /dev/null, and you're left
+  # staring at "curl: (22)" with no idea which permission is missing.
+  local body rc
+  body=$(curl --silent --show-error --fail-with-body -k \
     --header "Authorization: PVEAPIToken=${PVE_TEST_TOKEN}" \
-    "$@"
+    "$@" 2>&1)
+  rc=$?
+  if [[ $rc -ne 0 ]]; then
+    echo "!! PVE API call failed (rc=$rc)" >&2
+    echo "!! request: $*" >&2
+    [[ -n "$body" ]] && echo "!! response: $body" >&2
+    return $rc
+  fi
+  printf '%s' "$body"
 }
 
 # PVE returns {"data": <payload>}; grab .data into a python expression.