catch additioanl s3 exceptions

HDFGroup · May 30, 2024 · 13f8638 · 13f8638
1 parent d9cce84
commit 13f8638
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 7 deletions.
diff --git a/hsds/util/domainUtil.py b/hsds/util/domainUtil.py
@@ -268,7 +268,7 @@ def validateDomainKey(domain_key):
 
 
 def getDomainFromRequest(request, validate=True):
-    print(f"tmp - getDomainFromRequest: {request}, validate={validate}")
+    # print(f"getDomainFromRequest: {request}, validate={validate}")
     app = request.app
     domain = None
     bucket = None
@@ -279,7 +279,6 @@ def getDomainFromRequest(request, validate=True):
         domain = request.headers["X-Hdf-domain"]
     else:
         return None
-    print(f"tmp - domain: {domain}")
     if domain.startswith("hdf5:/"):
         # strip off the prefix to make following logic easier
         domain = domain[6:]

diff --git a/hsds/util/s3Client.py b/hsds/util/s3Client.py
@@ -28,6 +28,7 @@
 
 S3_URI = "s3://"
 
+S3_INVALID_ACCESS_CODES = ("AccessDenied", "InvalidAccessKeyId", "401", "403", 401, 403)
 
 class S3Client:
     """
@@ -318,7 +319,7 @@ async def get_object(self, key, bucket=None, offset=0, length=-1):
                     msg = f"s3_bucket: {bucket} not found"
                     log.info(msg)
                     raise HTTPNotFound()
-                elif response_code in ("AccessDenied", "401", "403", 401, 403):
+                elif response_code in S3_INVALID_ACCESS_CODES:
                     msg = f"access denied for s3_bucket: {bucket}"
                     log.info(msg)
                     raise HTTPForbidden()
@@ -378,6 +379,10 @@ async def put_object(self, key, data, bucket=None):
                     msg = f"s3_bucket: {bucket} not found"
                     log.warn(msg)
                     raise HTTPNotFound()
+                elif response_code in S3_INVALID_ACCESS_CODES:
+                    msg = f"access denied for s3_bucket: {bucket}"
+                    log.info(msg)
+                    raise HTTPForbidden()
                 else:
                     self._s3_stats_increment("error_count")
                     msg = f"Error putting s3 obj {key}: {ce}"

diff --git a/tests/integ/config.py b/tests/integ/config.py
@@ -16,8 +16,8 @@
     # or 'http+unix://%2Ftmp%2Fhs%2Fsn_1.sock' for socket
     "user_name": "test_user1",
     "user_password": "test",
-    "user2_name": "",
-    "user2_password": "",
+    "user2_name": "test_user2",
+    "user2_password": "test",
     "admin_username": "",
     "admin_password": "",
     "test_noauth": True,

diff --git a/tests/integ/group_test.py b/tests/integ/group_test.py
@@ -223,7 +223,7 @@ def testPost(self):
         # try POST with user who doesn't have create permission on this domain
         test_user2 = config.get("user2_name")  # some tests will be skipped if not set
         if not test_user2:
-            print("test_user2 not set")
+            print("user2_name not set")
             return
 
         headers = helper.getRequestHeaders(
@@ -511,7 +511,7 @@ def testDelete(self):
             rsp = self.session.delete(req, headers=headers)
             self.assertEqual(rsp.status_code, 403)  # forbidden
         else:
-            print("test_user2 not set")
+            print("user2_name not set")
 
         # try to do a DELETE with a different domain (should fail)
         another_domain = helper.getParentDomain(self.base_domain)