rgw: return InvalidAccessKeyId instead of AccessDenied

Fixes: #10334
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
(cherry picked from commit 56af795b1046a4c1bfba59e1fefde272bb0e5c1e)

diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index 2020191e1669a7c27826017a219d3213d292aaef..589b7dd995329c91d182e7885633bdd25113c511 100644 (file)
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -136,6 +136,7 @@ using ceph::crypto::MD5;
 #define ERR_LOCKED               2025
 #define ERR_QUOTA_EXCEEDED       2026
 #define ERR_SIGNATURE_NO_MATCH   2027
+#define ERR_INVALID_ACCESS_KEY   2028
 #define ERR_USER_SUSPENDED       2100
 #define ERR_INTERNAL_ERROR       2200
 

diff --git a/src/rgw/rgw_http_errors.h b/src/rgw/rgw_http_errors.h
index dc66956a51f519e3a8e350c7d17f6e0f7c4d9c18..7850807b6024b68f4ba6e0acc2f03692f477b399 100644 (file)
--- a/src/rgw/rgw_http_errors.h
+++ b/src/rgw/rgw_http_errors.h
@@ -38,6 +38,7 @@ const static struct rgw_http_errors RGW_HTTP_ERRORS[] = {
     { EACCES, 403, "AccessDenied" },
     { EPERM, 403, "AccessDenied" },
     { ERR_SIGNATURE_NO_MATCH, 403, "SignatureDoesNotMatch" },
+    { ERR_INVALID_ACCESS_KEY, 403, "InvalidAccessKeyId" },
     { ERR_USER_SUSPENDED, 403, "UserSuspended" },
     { ERR_REQUEST_TIME_SKEWED, 403, "RequestTimeTooSkewed" },
     { ERR_QUOTA_EXCEEDED, 403, "QuotaExceeded" },

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index aa8a5f9c7e81098c329c087c6b29ec015c80876a..7fafd5994f1554e8f5bd25a01c494d428c17f3e5 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -2176,7 +2176,7 @@ int RGW_Auth_S3::authorize(RGWRados *store, struct req_state *s)
     /* get the user info */
     if (rgw_get_user_info_by_access_key(store, auth_id, s->user) < 0) {
       dout(5) << "error reading user info, uid=" << auth_id << " can't authenticate" << dendl;
-      return -EPERM;
+      return -ERR_INVALID_ACCESS_KEY;
     }
 
     /* now verify signature */