[#1563] tree: Wrap only ChainRouterError erros with ObjectAccessDenied
All checks were successful
DCO action / DCO (pull_request) Successful in 4m52s
Vulncheck / Vulncheck (pull_request) Successful in 5m10s
Tests and linters / gopls check (pull_request) Successful in 6m14s
Tests and linters / Run gofumpt (pull_request) Successful in 7m17s
Tests and linters / Tests (pull_request) Successful in 7m43s
Build / Build Components (pull_request) Successful in 9m18s
Pre-commit hooks / Pre-commit (pull_request) Successful in 9m31s
Tests and linters / Staticcheck (pull_request) Successful in 9m32s
Tests and linters / Tests with -race (pull_request) Successful in 9m53s
Tests and linters / Lint (pull_request) Successful in 10m31s

* Such wrapping helps to differentiate logical check errors and server internal
  errors.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
This commit is contained in:
Airat Arifullin 2024-12-16 14:17:37 +03:00
parent 5af9077049
commit cb63ea028c

View file

@ -9,6 +9,7 @@ import (
"fmt" "fmt"
core "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container" core "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container"
checkercore "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/common/ape"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/refs" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/refs"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status" apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
@ -64,12 +65,16 @@ func (s *Service) verifyClient(ctx context.Context, req message, cid cidSDK.ID,
} }
if err = s.checkAPE(ctx, bt, cnr, cid, op, role, pubKey); err != nil { if err = s.checkAPE(ctx, bt, cnr, cid, op, role, pubKey); err != nil {
return apeErr(err) return processAPECheckErr(err)
} }
return nil return nil
} }
func apeErr(err error) error { func processAPECheckErr(err error) error {
var chRouterErr *checkercore.ChainRouterError
if !errors.As(err, &chRouterErr) {
return err
}
errAccessDenied := &apistatus.ObjectAccessDenied{} errAccessDenied := &apistatus.ObjectAccessDenied{}
errAccessDenied.WriteReason(err.Error()) errAccessDenied.WriteReason(err.Error())
return errAccessDenied return errAccessDenied