HDDS-14847. [STS] Expose ExpiredToken Error by fmorg-git · Pull Request #9935 · apache/ozone

fmorg-git · 2026-03-17T18:47:21Z

Please describe your PR in detail:

Currently, when an STS token expires and it is attempted to be used, an AccessDenied error occurs. When testing with AWS, it generates an ExpiredToken error code with the token in the body, so this ticket updates the implementation to have a similar response.
Separately, while debugging other issues, it was found that while iterating in BucketEndpoint, if an acl check gave PermissionDenied, a RuntimeException in OzoneBucket$KeyIterator.hasNext() which was not caught and bubbled up to the end user as an Internal Server Error http code 500. So a commit is made here to catch the RuntimeException and if it is of type OMException, then handle it the same way the code that handles expired token does.

What is the link to the Apache JIRA

manual test waiting for expiration, unit tests

fmorg-git marked this pull request as draft March 17, 2026 18:47

fmorg-git force-pushed the HDDS-14847 branch from af18930 to efe87cb Compare March 17, 2026 19:09

fmorg-git mentioned this pull request Mar 17, 2026

HDDS-14851. [STS] Better Handling for PayloadTooLarge and Small Perf Fix #9938

Open

Fabian Morgan added 3 commits April 1, 2026 11:11

expose expiredToken error

0d4cd7c

fix additional location for token expiration

fa6d824

handle latent internal 500 error generated via RuntimeException

0b7fd74

fmorg-git force-pushed the HDDS-14847 branch from 36ce571 to 0b7fd74 Compare April 1, 2026 18:11

fmorg-git marked this pull request as ready for review April 1, 2026 18:12