rgw/sts: correct error code to 400 (from 403)

for expires sts credentials.

Fixes: https://tracker.ceph.com/issues/73441
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>

diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc
index 7d102224d872530520a9dd8b6722bf96dc4a2165..faf80be64bc149ca056cb8376602301d45d52abe 100644 (file)
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -145,6 +145,7 @@ rgw_http_errors rgw_http_s3_errors({
     { ERR_ACLS_NOT_SUPPORTED, {400, "AccessControlListNotSupported"}},
     { ERR_INVALID_BUCKET_ACL, {400, "InvalidBucketAclWithObjectOwnership"}},
     { ERR_NO_SUCH_OWNERSHIP_CONTROLS, {404, "OwnershipControlsNotFoundError"}},
+    { ERR_EXPIRED_TOKEN, {400, "ExpiredToken"}},
 });
 
 rgw_http_errors rgw_http_swift_errors({

diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index 87219399678dc95b428bf3f7930d802427f5c508..bf2ec99a73d17c2061d46c5473c080670fa10526 100644 (file)
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -369,7 +369,8 @@ inline constexpr const char* RGW_REST_STS_XMLNS =
 #define ERR_ACCOUNT_EXISTS 2403
 
 #define ERR_RESTORE_ALREADY_IN_PROGRESS 2500
-    
+#define ERR_EXPIRED_TOKEN 2501
+
 #ifndef UINT32_MAX
 #define UINT32_MAX (0xffffffffu)
 #endif

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 7aef4284ce9cae937b1f1882c90ca7f7bf88f2c4..250d9872aa67def30cfbd634c3e2f2d05a1d8ea4 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -7250,7 +7250,7 @@ rgw::auth::s3::STSEngine::authenticate(
         real_clock::time_point now = real_clock::now();
         if (now >= *exp) {
           ldpp_dout(dpp, 0) << "ERROR: Token expired" << dendl;
-          return result_t::reject(-EPERM);
+          return result_t::reject(-ERR_EXPIRED_TOKEN);
         }
       } else {
         ldpp_dout(dpp, 0) << "ERROR: Invalid expiration: " << expiration << dendl;