s3tables: standardize access denied errors using ErrAccessDenied constant
This commit is contained in:
Chris Lu
@@ -26,6 +26,7 @@ const (
|
||||
|
||||
var (
|
||||
ErrVersionTokenMismatch = errors.New("version token mismatch")
|
||||
ErrAccessDenied = errors.New("access denied")
|
||||
)
|
||||
|
||||
type ResourceType string
|
||||
@@ -229,5 +230,5 @@ func (h *S3TablesHandler) generateTableARN(r *http.Request, bucketName, tableID
|
||||
|
||||
func isAuthError(err error) bool {
|
||||
var authErr *AuthError
|
||||
return errors.As(err, &authErr)
|
||||
return errors.As(err, &authErr) || errors.Is(err, ErrAccessDenied)
|
||||
}
|
||||
|
||||
@@ -58,7 +58,7 @@ func (h *S3TablesHandler) handleGetTableBucket(w http.ResponseWriter, r *http.Re
|
||||
// Check ownership
|
||||
if accountID := h.getAccountID(r); accountID != metadata.OwnerAccountID {
|
||||
h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to get table bucket details")
|
||||
return fmt.Errorf("access denied")
|
||||
return ErrAccessDenied
|
||||
}
|
||||
|
||||
resp := &GetTableBucketResponse{
|
||||
|
||||
@@ -68,7 +68,7 @@ func (h *S3TablesHandler) handleCreateNamespace(w http.ResponseWriter, r *http.R
|
||||
// Check ownership
|
||||
if accountID := h.getAccountID(r); accountID != bucketMetadata.OwnerAccountID {
|
||||
h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to create namespace in this bucket")
|
||||
return fmt.Errorf("access denied")
|
||||
return ErrAccessDenied
|
||||
}
|
||||
|
||||
namespacePath := getNamespacePath(bucketName, namespaceName)
|
||||
@@ -178,7 +178,7 @@ func (h *S3TablesHandler) handleGetNamespace(w http.ResponseWriter, r *http.Requ
|
||||
// Check ownership
|
||||
if accountID := h.getAccountID(r); accountID != metadata.OwnerAccountID {
|
||||
h.writeError(w, http.StatusNotFound, ErrCodeNoSuchNamespace, "namespace not found")
|
||||
return fmt.Errorf("access denied")
|
||||
return ErrAccessDenied
|
||||
}
|
||||
|
||||
resp := &GetNamespaceResponse{
|
||||
@@ -242,7 +242,7 @@ func (h *S3TablesHandler) handleListNamespaces(w http.ResponseWriter, r *http.Re
|
||||
accountID := h.getAccountID(r)
|
||||
if accountID != bucketMetadata.OwnerAccountID {
|
||||
h.writeError(w, http.StatusNotFound, ErrCodeNoSuchBucket, fmt.Sprintf("table bucket %s not found", bucketName))
|
||||
return fmt.Errorf("access denied")
|
||||
return ErrAccessDenied
|
||||
}
|
||||
|
||||
var namespaces []NamespaceSummary
|
||||
@@ -403,7 +403,7 @@ func (h *S3TablesHandler) handleDeleteNamespace(w http.ResponseWriter, r *http.R
|
||||
// Check ownership
|
||||
if accountID := h.getAccountID(r); accountID != metadata.OwnerAccountID {
|
||||
h.writeError(w, http.StatusNotFound, ErrCodeNoSuchNamespace, "namespace not found")
|
||||
return fmt.Errorf("access denied")
|
||||
return ErrAccessDenied
|
||||
}
|
||||
|
||||
// Check if namespace is empty
|
||||
|
||||
@@ -88,7 +88,7 @@ func (h *S3TablesHandler) handleCreateTable(w http.ResponseWriter, r *http.Reque
|
||||
// Check ownership
|
||||
if accountID := h.getAccountID(r); accountID != namespaceMetadata.OwnerAccountID {
|
||||
h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to create table in this namespace")
|
||||
return fmt.Errorf("access denied")
|
||||
return ErrAccessDenied
|
||||
}
|
||||
|
||||
tablePath := getTablePath(bucketName, namespaceName, tableName)
|
||||
@@ -241,7 +241,7 @@ func (h *S3TablesHandler) handleGetTable(w http.ResponseWriter, r *http.Request,
|
||||
// Check ownership
|
||||
if accountID := h.getAccountID(r); accountID != metadata.OwnerAccountID {
|
||||
h.writeError(w, http.StatusNotFound, ErrCodeNoSuchTable, fmt.Sprintf("table %s not found", tableName))
|
||||
return fmt.Errorf("access denied")
|
||||
return ErrAccessDenied
|
||||
}
|
||||
|
||||
tableARN := h.generateTableARN(r, bucketName, namespace+"/"+tableName)
|
||||
@@ -310,7 +310,7 @@ func (h *S3TablesHandler) handleListTables(w http.ResponseWriter, r *http.Reques
|
||||
}
|
||||
if accountID := h.getAccountID(r); accountID != nsMeta.OwnerAccountID {
|
||||
h.writeError(w, http.StatusNotFound, ErrCodeNoSuchNamespace, "namespace not found")
|
||||
return fmt.Errorf("access denied")
|
||||
return ErrAccessDenied
|
||||
}
|
||||
|
||||
tables, paginationToken, err = h.listTablesInNamespaceWithClient(r, client, bucketName, namespaceName, req.Prefix, req.ContinuationToken, maxTables)
|
||||
@@ -327,7 +327,7 @@ func (h *S3TablesHandler) handleListTables(w http.ResponseWriter, r *http.Reques
|
||||
}
|
||||
if accountID := h.getAccountID(r); accountID != bucketMeta.OwnerAccountID {
|
||||
h.writeError(w, http.StatusNotFound, ErrCodeNoSuchBucket, "bucket not found")
|
||||
return fmt.Errorf("access denied")
|
||||
return ErrAccessDenied
|
||||
}
|
||||
|
||||
tables, paginationToken, err = h.listTablesInAllNamespaces(r, client, bucketName, req.Prefix, req.ContinuationToken, maxTables)
|
||||
@@ -611,7 +611,7 @@ func (h *S3TablesHandler) handleDeleteTable(w http.ResponseWriter, r *http.Reque
|
||||
// Check ownership
|
||||
if accountID := h.getAccountID(r); accountID != metadata.OwnerAccountID {
|
||||
h.writeError(w, http.StatusNotFound, ErrCodeNoSuchTable, fmt.Sprintf("table %s not found", tableName))
|
||||
return fmt.Errorf("access denied")
|
||||
return ErrAccessDenied
|
||||
}
|
||||
|
||||
// Delete the table
|
||||
|
||||
Reference in New Issue
Block a user