diff --git a/build.gradle b/build.gradle index fae98bc..019d43a 100644 --- a/build.gradle +++ b/build.gradle @@ -1,6 +1,6 @@ buildscript { ext { - osisVersion = '2.2.3' + osisVersion = '2.2.4' vaultclientVersion = '1.1.2' springBootVersion = '2.7.6' } diff --git a/osis-core/src/main/java/com/scality/osis/service/impl/ScalityOsisServiceImpl.java b/osis-core/src/main/java/com/scality/osis/service/impl/ScalityOsisServiceImpl.java index aed9fa8..6b5c713 100644 --- a/osis-core/src/main/java/com/scality/osis/service/impl/ScalityOsisServiceImpl.java +++ b/osis-core/src/main/java/com/scality/osis/service/impl/ScalityOsisServiceImpl.java @@ -1260,10 +1260,9 @@ public Credentials getCredentials(String accountID) { } catch (VaultServiceException e) { if (!StringUtils.isNullOrEmpty(e.getErrorCode()) && - NO_SUCH_ENTITY_ERR.equals(e.getErrorCode()) && - ROLE_DOES_NOT_EXIST_ERR.equals(e.getReason())) { - // If role does not exists, invoke setupAssumeRole - logger.error(ROLE_DOES_NOT_EXIST_ERR + ". Recreating the role"); + ACCESS_DENIED.equals(e.getErrorCode())) { + // if access denied, invoke setupAssumeRole + logger.error(e.getReason() + ". Recreating the role"); // Call get Account with Account ID to retrieve account name AccountData account = vaultAdmin.getAccount(ScalityModelConverter.toGetAccountRequestWithID(accountID)); asyncScalityOsisService.setupAssumeRole(accountID, account.getName()); diff --git a/osis-core/src/main/java/com/scality/osis/utils/ScalityConstants.java b/osis-core/src/main/java/com/scality/osis/utils/ScalityConstants.java index e536caf..630c8d1 100644 --- a/osis-core/src/main/java/com/scality/osis/utils/ScalityConstants.java +++ b/osis-core/src/main/java/com/scality/osis/utils/ScalityConstants.java @@ -56,9 +56,7 @@ private ScalityConstants() { public static final String IAM_PREFIX = "/"; - public static final String NO_SUCH_ENTITY_ERR = "NoSuchEntity"; - - public static final String ROLE_DOES_NOT_EXIST_ERR = "Role does not exist"; + public static final String ACCESS_DENIED = "AccessDenied"; public static final String NOT_AVAILABLE = "Not Available"; diff --git a/osis-core/src/test/java/com/scality/osis/service/impl/ScalityOsisServiceMiscTests.java b/osis-core/src/test/java/com/scality/osis/service/impl/ScalityOsisServiceMiscTests.java index 53984fe..30e5d00 100644 --- a/osis-core/src/test/java/com/scality/osis/service/impl/ScalityOsisServiceMiscTests.java +++ b/osis-core/src/test/java/com/scality/osis/service/impl/ScalityOsisServiceMiscTests.java @@ -339,7 +339,7 @@ void testGetCredentialsWithNoRole() { // Setup when(vaultAdminMock.getTempAccountCredentials(any(AssumeRoleRequest.class))) - .thenThrow(new VaultServiceException(HttpStatus.NOT_FOUND, "NoSuchEntity", "Role does not exist")) + .thenThrow(new VaultServiceException(HttpStatus.FORBIDDEN, "AccessDenied", "User: backbeat is not allowed to assume role")) .thenAnswer((Answer) invocation -> { final Credentials credentials = new Credentials(); credentials.setAccessKeyId(TEST_ACCESS_KEY);