Skip to content

Create/update bucket endpoints: swap HTTP 403/409 response codes when encountering errors with S3 credentials, reword "bucket credentials mismatch" error message#305

Merged
TimCsaky merged 2 commits intomasterfrom
bug/bucket-creds-conflict-error-responses
May 6, 2025
Merged

Create/update bucket endpoints: swap HTTP 403/409 response codes when encountering errors with S3 credentials, reword "bucket credentials mismatch" error message#305
TimCsaky merged 2 commits intomasterfrom
bug/bucket-creds-conflict-error-responses

Conversation

@norrisng-bc
Copy link
Contributor

@norrisng-bc norrisng-bc commented May 6, 2025

Description

Previously, when creating or updating a bucket:

  • A HTTP 409 is returned when the supplied S3 credentials can't be used to access a bucket.
  • A HTTP 403 is returned when the supplied credentials don't match what's in the COMS database when adding a bucket that already exists in there.

This PR:

  • Swaps the HTTP response codes for these 2 situations - i.e. return HTTP 403 for invalid S3 credentials, or HTTP 409 when the S3 credentials don't match.
  • Updates the error message for mismatching S3 credentials (i.e. the latter scenario) to be a bit more descriptive.

These changes better align with the associated HTTP response reason phrase; invalid credentials are better classified as forbidden (403), and mismatching S3 credentials as a conflict (409) with the COMS database.

SHOWCASE-3941

Types of changes

Bug fix (non-breaking change which fixes an issue)

Checklist

  • I have read the CONTRIBUTING doc
  • I have checked that unit tests pass locally with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

Further comments

bcgov/bcbox#235 exposes the actual COMS API error message to the user (this wasn't the case previously). Updating the error message inside COMS allows a more descriptive error to be shown to the user.

Supporting multiple sets of valid credentials on a bucket at any time will be non-trivial (i.e. credentials may have varying levels of access), so for now, only allow one set of them at any time.

norrisng-bc added 2 commits May 5, 2025 17:42
@norrisng-bc
PUT/PATCH bucket: user-friendlier error message for S3 creds mismatch
ec5db53
@norrisng-bc
PUT/PATCH bucket: swap 403/409 to better describe S3 credentials errors
07cb682 
Invalid S3 credentials are better described as "forbidden" (HTTP 403).
Likewise, a mismatch of S3 credentials between what's supplied in the client request and what COMS has in its database is better described as a "conflict" (HTTP 409).

Supporting multiple sets of valid credentials on a bucket at any time is non-trivial (credentials may have varying levels of access), so for now, only allow one set of them at any time.
@github-actions
Copy link

github-actions bot commented May 6, 2025

Coverage Report

Totals Coverage
Statements: 57.06% ( 3066 / 5373 )
Methods: 47.11% ( 334 / 709 )
Lines: 63.87% ( 1842 / 2884 )
Branches: 50% ( 890 / 1780 )

@TimCsaky TimCsaky merged commit 3c00955 into master May 6, 2025
13 checks passed
@norrisng-bc norrisng-bc deleted the bug/bucket-creds-conflict-error-responses branch June 23, 2025 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TimCsaky TimCsaky TimCsaky approved these changes

@jatindersingh93 jatindersingh93 Awaiting requested review from jatindersingh93 jatindersingh93 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@norrisng-bc @TimCsaky