From dc052c987cacda40066ae7134cd187adb80c99b8 Mon Sep 17 00:00:00 2001 From: Pritha Srivastava Date: Thu, 9 Oct 2025 11:35:13 +0530 Subject: [PATCH] rgw/sts: correct error code to 400 (from 403) for expires sts credentials. Fixes: https://tracker.ceph.com/issues/73441 Resolves: rhbz#2402526 Signed-off-by: Pritha Srivastava --- src/rgw/rgw_common.cc | 1 + src/rgw/rgw_common.h | 3 ++- src/rgw/rgw_rest_s3.cc | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc index 728eb36db00..fa46beea26e 100644 --- a/src/rgw/rgw_common.cc +++ b/src/rgw/rgw_common.cc @@ -144,6 +144,7 @@ rgw_http_errors rgw_http_s3_errors({ { ECANCELED, {409, "ConcurrentModification"}}, { EDQUOT, {507, "InsufficientCapacity"}}, { ENOSPC, {507, "InsufficientCapacity"}}, + { ERR_EXPIRED_TOKEN, {400, "ExpiredToken"}}, }); rgw_http_errors rgw_http_swift_errors({ diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h index 0f7043a7bbe..3367a5739c1 100644 --- a/src/rgw/rgw_common.h +++ b/src/rgw/rgw_common.h @@ -362,7 +362,8 @@ inline constexpr const char* RGW_REST_STS_XMLNS = #define ERR_ACCOUNT_EXISTS 2403 #define ERR_RESTORE_ALREADY_IN_PROGRESS 2500 - +#define ERR_EXPIRED_TOKEN 2501 + #ifndef UINT32_MAX #define UINT32_MAX (0xffffffffu) #endif diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index a6ecb68c7a4..f129b3bbbd5 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -7136,7 +7136,7 @@ rgw::auth::s3::STSEngine::authenticate( real_clock::time_point now = real_clock::now(); if (now >= *exp) { ldpp_dout(dpp, 0) << "ERROR: Token expired" << dendl; - return result_t::reject(-EPERM); + return result_t::reject(-ERR_EXPIRED_TOKEN); } } else { ldpp_dout(dpp, 0) << "ERROR: Invalid expiration: " << expiration << dendl; -- 2.47.3