From b5499a6a1f7836b95b64fe90e149d271be491b86 Mon Sep 17 00:00:00 2001 From: Onno Zweers Date: Fri, 5 Sep 2025 13:46:43 +0200 Subject: [PATCH 1/2] Catch 403 with (un)stage and explain possible causes Fixes #23 --- ada/ada | 56 +++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 45 insertions(+), 11 deletions(-) diff --git a/ada/ada b/ada/ada index b1339f7..9c6d5ff 100755 --- a/ada/ada +++ b/ada/ada @@ -1100,8 +1100,9 @@ pathtype () { # REGULAR = file # LINK = symbolic link # = something went wrong... no permission? + local path="$1" + encoded_path=$(urlencode "$path") local result - encoded_path=$(urlencode "$1") command='$debug && set -x curl "${curl_authorization[@]}" \ -H "accept: application/json" \ @@ -1491,16 +1492,49 @@ bulk_request() { target=${target%?}] data="{\"activity\": \"${activity}\", \"arguments\": ${arguments}, \"target\": ${target}, \"expand_directories\": \"${expand}\"}" $debug || echo "$target " - ( - $debug && set -x # If --debug is specified, show curl command - curl "${curl_authorization[@]}" \ - "${curl_options_common[@]}" \ - "${curl_options_post[@]}" \ - -X POST "$api/bulk-requests" \ - -d "${data}" \ - --dump-header - \ - | grep -e request-url -e Date | tee -a "${requests_log}" - ) + # Elsewhere, we do 'set -x' in a subshell, but here we need to catch the return headers. + $debug && set -x # If --debug is specified, show curl command + response=$(curl "${curl_authorization[@]}" \ + "${curl_options_common[@]}" \ + "${curl_options_post[@]}" \ + -X POST "$api/bulk-requests" \ + -d "${data}" \ + --write-out "\nHTTP_CODE_%{http_code}" \ + --dump-header - + ) + # Stop showing commands + $debug && set +x + # Process the result based on the HTTP return code + status=$(echo "$response" | grep '^HTTP_CODE_') # HTTP return code + $debug && echo 1>&2 "Returned HTTP status: $status" + # 403 could mean recursion is not allowed in dCache. Might become 422 in future. + # See also https://github.com/dCache/dcache/issues/7892 + case $status in + HTTP_CODE_403 | HTTP_CODE_422 ) + if $recursive ; then + echo -e 1>&2 "Operation failed. Possible causes:\n" \ + "* You may not have permission to access the directory\n" \ + "* Recursive staging may be prohibited.\n" \ + "\nTry the same command without --recursive. If that works," \ + "the dCache system does not allow you to stage recursively." \ + "If you need recursion, ask your dCache admins to set" \ + "'bulk.allowed-directory-expansion=ALL'." + else + echo -e 1>&2 "Operation failed. Possible causes:\n" \ + "* You may not have permission to access the directory\n" \ + "* Your authentication token may not permit staging." + fi + exit 1 + ;; + HTTP_CODE_2* ) + echo "$response" | grep -e request-url -e Date | tee -a "${requests_log}" + # ToDo: explain to user what to do with the request-url, see issue #86 + ;; + * ) + echo 1>&2 -e "ERROR: operation failed. See details below:\n\n$response" + exit 1 + ;; + esac $debug && echo "Information about bulk request is logged in $requests_log." { echo "activity: $activity" From d6a3fef04add5b19df12c3a7839d8d41a0f2be05 Mon Sep 17 00:00:00 2001 From: Onno Zweers Date: Fri, 5 Sep 2025 14:33:26 +0200 Subject: [PATCH 2/2] Catch also expand=TARGET and NONE (if 403) --- ada/ada | 43 ++++++++++++++++++++++++++++++------------- 1 file changed, 30 insertions(+), 13 deletions(-) diff --git a/ada/ada b/ada/ada index 9c6d5ff..92fdc28 100755 --- a/ada/ada +++ b/ada/ada @@ -1511,19 +1511,31 @@ bulk_request() { # See also https://github.com/dCache/dcache/issues/7892 case $status in HTTP_CODE_403 | HTTP_CODE_422 ) - if $recursive ; then - echo -e 1>&2 "Operation failed. Possible causes:\n" \ - "* You may not have permission to access the directory\n" \ - "* Recursive staging may be prohibited.\n" \ - "\nTry the same command without --recursive. If that works," \ - "the dCache system does not allow you to stage recursively." \ - "If you need recursion, ask your dCache admins to set" \ - "'bulk.allowed-directory-expansion=ALL'." - else - echo -e 1>&2 "Operation failed. Possible causes:\n" \ - "* You may not have permission to access the directory\n" \ - "* Your authentication token may not permit staging." - fi + case $expand in + ALL ) + echo -e 1>&2 "Operation failed. Possible causes:\n" \ + "* You may not have permission to access the directory\n" \ + "* Recursive staging may be prohibited.\n" \ + "\nTry the same command without --recursive. If that works," \ + "the dCache system does not allow you to stage recursively." \ + "If you need recursion, ask your dCache admins to set" \ + "'bulk.allowed-directory-expansion=ALL'." + ;; + TARGETS ) + echo -e 1>&2 "Operation failed. Possible causes:\n" \ + "* You may not have permission to access the directory\n" \ + "* Staging or unstaging a directory may be prohibited.\n" \ + "\nTry to stage a single file in the directory. If that works," \ + "the dCache system does not allow you to stage directories." \ + "If you need to stage directories, ask your dCache admins to set" \ + "'bulk.allowed-directory-expansion=TARGETS', or" \ + "'bulk.allowed-directory-expansion=ALL' in case you want" \ + "to stage recursively." + ;; + NONE ) + echo -e 1>&2 "Operation failed. You may not have permission to access the file(s)." + ;; + esac exit 1 ;; HTTP_CODE_2* ) @@ -1531,6 +1543,11 @@ bulk_request() { # ToDo: explain to user what to do with the request-url, see issue #86 ;; * ) + # Something else went wrong; could be + # 400 (bad request) + # 401 (unauthorized) + # 429 (too many requests) + # 500 (internal server error) echo 1>&2 -e "ERROR: operation failed. See details below:\n\n$response" exit 1 ;;