From c2adbd758a2d94d6393dd2d62f5f3e546a2adfec Mon Sep 17 00:00:00 2001 From: Nikita Zinkevich Date: Mon, 30 Sep 2024 11:34:45 +0300 Subject: [PATCH] [#488] middleware/auth: Add frostfs-to-s3 error transformation Signed-off-by: Nikita Zinkevich --- api/handler/put_test.go | 2 +- api/middleware/auth.go | 5 ++--- api/router_test.go | 6 ++++++ 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/api/handler/put_test.go b/api/handler/put_test.go index 66dca114..52f6296d 100644 --- a/api/handler/put_test.go +++ b/api/handler/put_test.go @@ -492,7 +492,7 @@ func TestCreateBucketWithoutPermissions(t *testing.T) { hc.h.ape.(*apeMock).err = errors.New("no permissions") box, _ := createAccessBox(t) - createBucketAssertS3Error(hc, bktName, box, s3errors.ErrInternalError) + createBucketAssertS3Error(hc, bktName, box, apierr.ErrInternalError) _, err := hc.tp.ContainerID(bktName) require.Errorf(t, err, "container exists after failed creation, but shouldn't") diff --git a/api/middleware/auth.go b/api/middleware/auth.go index cbdceb22..202f28ca 100644 --- a/api/middleware/auth.go +++ b/api/middleware/auth.go @@ -10,7 +10,6 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl" apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors" "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox" - frosterr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors" "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object" @@ -57,8 +56,8 @@ func Auth(center Center, log *zap.Logger) Func { reqLogOrDefault(ctx, log).Debug(logs.CouldntReceiveAccessBoxForGateKeyRandomKeyWillBeUsed, zap.Error(err)) } else { reqLogOrDefault(ctx, log).Error(logs.FailedToPassAuthentication, zap.Error(err)) - err = frosterr.UnwrapErr(err) - if _, ok := err.(apierr.Error); !ok { + err = apierr.TransformToS3Error(err) + if err.(apierr.Error).ErrCode == apierr.ErrInternalError { err = apierr.GetAPIError(apierr.ErrAccessDenied) } if _, wrErr := WriteErrorResponse(w, GetReqInfo(r.Context()), err); wrErr != nil { diff --git a/api/router_test.go b/api/router_test.go index a2191094..18fe3369 100644 --- a/api/router_test.go +++ b/api/router_test.go @@ -862,6 +862,12 @@ func TestAuthenticate(t *testing.T) { chiRouter.cfg.Center.(*centerMock).err = frostfs.ErrGatewayTimeout createBucketErr(chiRouter, "", "bkt-3", nil, apierr.ErrGatewayTimeout) + + chiRouter.cfg.Center.(*centerMock).err = apierr.GetAPIError(apierr.ErrInternalError) + createBucketErr(chiRouter, "", "bkt-3", nil, apierr.ErrAccessDenied) + + chiRouter.cfg.Center.(*centerMock).err = apierr.GetAPIError(apierr.ErrBadRequest) + createBucketErr(chiRouter, "", "bkt-3", nil, apierr.ErrBadRequest) } func TestFrostFSIDValidation(t *testing.T) {