dimas-b commented on code in PR #864:
URL: https://github.com/apache/polaris/pull/864#discussion_r1929129308
##########
service/common/src/main/java/org/apache/polaris/service/exception/IcebergExceptionMapper.java:
##########
@@ -144,4 +112,56 @@ public static boolean containsAnyAccessDeniedHint(String
message) {
public static Collection<String> getAccessDeniedHints() {
return ImmutableSet.copyOf(ACCESS_DENIED_HINTS);
}
+
+ static int mapExceptionToResponseCode(RuntimeException rex) {
+ // Cloud exceptions
+ if (rex instanceof S3Exception
+ || rex instanceof AzureException
+ || rex instanceof StorageException) {
+ if (doesAnyThrowableContainAccessDeniedHint(rex)) {
+ return Response.Status.FORBIDDEN.getStatusCode();
+ }
+
+ int httpCode =
+ switch (rex) {
+ case S3Exception s3e -> s3e.statusCode();
+ case HttpResponseException hre ->
hre.getResponse().getStatusCode();
+ case StorageException se -> se.getCode();
+ default -> -1;
+ };
+
+ if (300 <= httpCode && httpCode <= 499) {
+ return httpCode;
Review Comment:
The 403 -> 403 mapping LGTM, but we probably should not expose the
storage-side message to the client for security reasons. The client is
authorized to access the Polaris Server, but the client may gain information
about secrets between the server and storage that the client is not necessarily
authorized to know.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
