Skip to content

rgw/sts: correct error code to 400 (from 403)#65847

Open
pritha-srivastava wants to merge 2 commits intoceph:mainfrom
pritha-srivastava:wip-rgw-sts-expired-creds
Open

rgw/sts: correct error code to 400 (from 403)#65847
pritha-srivastava wants to merge 2 commits intoceph:mainfrom
pritha-srivastava:wip-rgw-sts-expired-creds

Conversation

@pritha-srivastava
Copy link
Contributor

@pritha-srivastava pritha-srivastava commented Oct 9, 2025

for expires sts credentials.

Contribution Guidelines

  • To sign and title your commits, please refer to Submitting Patches to Ceph.

  • If you are submitting a fix for a stable branch (e.g. "quincy"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.

  • When filling out the below checklist, you may click boxes directly in the GitHub web UI. When entering or editing the entire PR message in the GitHub web UI editor, you may also select a checklist item by adding an x between the brackets: [x]. Spaces and capitalization matter when checking off items this way.

Checklist

  • Tracker (select at least one)
    • References tracker ticket
    • Very recent bug; references commit where it was introduced
    • New feature (ticket optional)
    • Doc update (no ticket needed)
    • Code cleanup (no ticket needed)
  • Component impact
    • Affects Dashboard, opened tracker ticket
    • Affects Orchestrator, opened tracker ticket
    • No impact that needs to be tracked
  • Documentation (select at least one)
    • Updates relevant documentation
    • No doc update is appropriate
  • Tests (select at least one)
Show available Jenkins commands

You must only issue one Jenkins command per-comment. Jenkins does not understand
comments with more than one command.

@pritha-srivastava pritha-srivastava requested a review from a team as a code owner October 9, 2025 06:10
@github-actions github-actions bot added the rgw label Oct 9, 2025
@pritha-srivastava pritha-srivastava force-pushed the wip-rgw-sts-expired-creds branch from 588c735 to 8b8ce94 Compare October 9, 2025 06:17
@pritha-srivastava
Copy link
Contributor Author

jenkins test windows

Copy link
Contributor

@cbodley cbodley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i was hoping that EPERM would already do the right thing, but i see that only swift maps it to '401 Unauthorized' while s3 maps it to 403. i wonder if any other uses of EPERM in rgw_rest_s3.cc should map to 401 too?

the mappings in rgw_common.cc:

rgw_http_errors rgw_http_s3_errors({
...
    { EACCES, {403, "AccessDenied" }},
    { EPERM, {403, "AccessDenied" }},
...
rgw_http_errors rgw_http_swift_errors({
    { EACCES, {403, "AccessDenied" }},
    { EPERM, {401, "AccessDenied" }},

@cbodley
Copy link
Contributor

cbodley commented Oct 9, 2025

needs to be tested against ceph/s3-tests#700 for qa

@ivancich
Copy link
Member

@pritha-srivastava, It doesn't appear as though the testing was updated to reflect these changes. In @anrao19 's QE run with this PR we're getting this error:

2025-10-17T17:32:52.085 INFO:teuthology.orchestra.run.smithi162.stdout:>       assert s3bucket_error == 'AccessDenied'
2025-10-17T17:32:52.085 INFO:teuthology.orchestra.run.smithi162.stdout:E       AssertionError: assert 'UnauthorizedRequest' == 'AccessDenied'
2025-10-17T17:32:52.085 INFO:teuthology.orchestra.run.smithi162.stdout:E
2025-10-17T17:32:52.085 INFO:teuthology.orchestra.run.smithi162.stdout:E         - AccessDenied
2025-10-17T17:32:52.085 INFO:teuthology.orchestra.run.smithi162.stdout:E         + UnauthorizedRequest

I'm removing the needs-qa label so this can be addressed.

Teuthology log: https://qa-proxy.ceph.com/teuthology/anuchaithra-2025-10-17_14:08:09-rgw-wip-anrao5-testing-2025-10-16-2222-distro-default-smithi/8558359/teuthology.log

QE tracker: https://tracker.ceph.com/issues/73576

@pritha-srivastava
Copy link
Contributor Author

@ivancich : I am still waiting to figure out what the correct error code should be here, so this can be left out from the qe jobs as of now. I will test it later when I am sure of the error code.

@cbodley
Copy link
Contributor

cbodley commented Nov 12, 2025

https://jenkins.ceph.com/job/ceph-pull-requests-arm64/83245/

The following tests FAILED:
31 - run-rbd-unit-tests-1.sh (Failed)

commented again in https://tracker.ceph.com/issues/46875

@cbodley
Copy link
Contributor

cbodley commented Nov 12, 2025

jenkins test make check arm64

@github-actions github-actions bot added the tests label Nov 13, 2025
@pritha-srivastava pritha-srivastava force-pushed the wip-rgw-sts-expired-creds branch 2 times, most recently from 7a8361c to 18c624a Compare November 14, 2025 04:54
@pritha-srivastava pritha-srivastava changed the title rgw/sts: correct error code to 401 (from 403) rgw/sts: correct error code to 400 (from 403) Nov 14, 2025
@pritha-srivastava pritha-srivastava force-pushed the wip-rgw-sts-expired-creds branch from 18c624a to aadf20b Compare November 26, 2025 05:41
for expires sts credentials.

Fixes: https://tracker.ceph.com/issues/73441

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
@pritha-srivastava pritha-srivastava force-pushed the wip-rgw-sts-expired-creds branch from aadf20b to 8d0ae97 Compare December 8, 2025 09:25
@github-actions
Copy link

github-actions bot commented Feb 6, 2026

This pull request has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs for another 30 days.
If you are a maintainer or core committer, please follow-up on this pull request to identify what steps should be taken by the author to move this proposed change forward.
If you are the author of this pull request, thank you for your proposed contribution. If you believe this change is still appropriate, please ensure that any feedback has been addressed and ask for a code review.

@github-actions github-actions bot added the stale label Feb 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants