]> git.proxmox.com Git - ceph.git/blobdiff - ceph/src/rgw/rgw_kms.cc
projects / ceph.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
update ceph source to reef 18.2.1
[ceph.git] / ceph / src / rgw / rgw_kms.cc
diff --git a/ceph/src/rgw/rgw_kms.cc b/ceph/src/rgw/rgw_kms.cc
index eec5d80daab136f1b140afeecfa13ead2cdd6714..936580276680d7000ae7b5b7aaae1d3e8b2efe68 100644 (file)
--- a/ceph/src/rgw/rgw_kms.cc
+++ b/ceph/src/rgw/rgw_kms.cc
@@ -306,16 +306,17 @@ protected:
     }
 
     res = secret_req.process(null_yield);
-    if (res < 0) {
-      ldpp_dout(dpp, 0) << "ERROR: Request to Vault failed with error " << res << dendl;
-      return res;
-    }
 
+    // map 401 to EACCES instead of EPERM
     if (secret_req.get_http_status() ==
         RGWHTTPTransceiver::HTTP_STATUS_UNAUTHORIZED) {
       ldpp_dout(dpp, 0) << "ERROR: Vault request failed authorization" << dendl;
       return -EACCES;
     }
+    if (res < 0) {
+      ldpp_dout(dpp, 0) << "ERROR: Request to Vault failed with error " << res << dendl;
+      return res;
+    }
 
     ldpp_dout(dpp, 20) << "Request to Vault returned " << res << " and HTTP status "
       << secret_req.get_http_status() << dendl;
@@ -925,13 +926,14 @@ static int request_key_from_barbican(const DoutPrefixProvider *dpp,
   secret_req.append_header("X-Auth-Token", barbican_token);
 
   res = secret_req.process(null_yield);
-  if (res < 0) {
-    return res;
-  }
+  // map 401 to EACCES instead of EPERM
   if (secret_req.get_http_status() ==
       RGWHTTPTransceiver::HTTP_STATUS_UNAUTHORIZED) {
     return -EACCES;
   }
+  if (res < 0) {
+    return res;
+  }
 
   if (secret_req.get_http_status() >=200 &&
       secret_req.get_http_status() < 300 &&
Ceph