From 92800c31a22181e4683fe02de5c252bb60a0d290 Mon Sep 17 00:00:00 2001
From: Chris Lu <chris.lu@gmail.com>
Date: Tue, 27 Jan 2026 07:45:24 -0800
Subject: [PATCH] adjust logs and errors

---
 weed/s3api/auth_credentials.go  |  2 +-
 weed/s3api/s3api_server_grpc.go | 47 +++++++++++++++++++--------------
 2 files changed, 28 insertions(+), 21 deletions(-)

diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go
index 3e10396f1..679606ca0 100644
--- a/weed/s3api/auth_credentials.go
+++ b/weed/s3api/auth_credentials.go
@@ -1384,7 +1384,7 @@ func (iam *IdentityAccessManagement) GetCredentialManager() *credential.Credenti
 
 // LoadS3ApiConfigurationFromCredentialManager loads configuration using the credential manager
 func (iam *IdentityAccessManagement) LoadS3ApiConfigurationFromCredentialManager() error {
-	glog.V(0).Infof("IAM: reloading configuration from credential manager")
+	glog.V(1).Infof("IAM: reloading configuration from credential manager")
 	glog.V(1).Infof("Loading S3 API configuration from credential manager")
 
 	s3ApiConfiguration, err := iam.credentialManager.LoadConfiguration(context.Background())
diff --git a/weed/s3api/s3api_server_grpc.go b/weed/s3api/s3api_server_grpc.go
index c8b55f5f1..1bd48b307 100644
--- a/weed/s3api/s3api_server_grpc.go
+++ b/weed/s3api/s3api_server_grpc.go
@@ -3,10 +3,10 @@ package s3api
 import (
 	"context"
 
-	"fmt"
-
 	"github.com/seaweedfs/seaweedfs/weed/glog"
 	"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 )
 
 // SeaweedS3IamCacheServer Implementation
@@ -15,20 +15,20 @@ import (
 
 func (s3a *S3ApiServer) PutIdentity(ctx context.Context, req *iam_pb.PutIdentityRequest) (*iam_pb.PutIdentityResponse, error) {
 	if req.Identity == nil {
-		return nil, fmt.Errorf("identity is required")
+		return nil, status.Errorf(codes.InvalidArgument, "identity is required")
 	}
 	// Direct in-memory cache update
 	glog.V(1).Infof("IAM: received identity update for %s", req.Identity.Name)
 	if err := s3a.iam.UpsertIdentity(req.Identity); err != nil {
 		glog.Errorf("failed to update identity cache for %s: %v", req.Identity.Name, err)
-		return nil, err
+		return nil, status.Errorf(codes.Internal, "failed to update identity cache: %v", err)
 	}
 	return &iam_pb.PutIdentityResponse{}, nil
 }
 
 func (s3a *S3ApiServer) RemoveIdentity(ctx context.Context, req *iam_pb.RemoveIdentityRequest) (*iam_pb.RemoveIdentityResponse, error) {
 	if req.Username == "" {
-		return nil, fmt.Errorf("username is required")
+		return nil, status.Errorf(codes.InvalidArgument, "username is required")
 	}
 	// Direct in-memory cache update
 	glog.V(1).Infof("IAM: received identity removal for %s", req.Username)
@@ -38,42 +38,49 @@ func (s3a *S3ApiServer) RemoveIdentity(ctx context.Context, req *iam_pb.RemoveId
 
 func (s3a *S3ApiServer) PutPolicy(ctx context.Context, req *iam_pb.PutPolicyRequest) (*iam_pb.PutPolicyResponse, error) {
 	if req.Name == "" {
-		return nil, fmt.Errorf("policy name is required")
+		return nil, status.Errorf(codes.InvalidArgument, "policy name is required")
+	}
+	if req.Content == "" {
+		return nil, status.Errorf(codes.InvalidArgument, "policy content is required")
 	}
 
 	// Update IAM policy cache
 	glog.V(1).Infof("IAM: received policy update for %s", req.Name)
-	if s3a.iam != nil {
-		if err := s3a.iam.PutPolicy(req.Name, req.Content); err != nil {
-			glog.Errorf("failed to update policy cache for %s: %v", req.Name, err)
-			return nil, err
-		}
+	if s3a.iam == nil {
+		return nil, status.Errorf(codes.Internal, "IAM not initialized")
+	}
+
+	if err := s3a.iam.PutPolicy(req.Name, req.Content); err != nil {
+		glog.Errorf("failed to update policy cache for %s: %v", req.Name, err)
+		return nil, status.Errorf(codes.Internal, "failed to update policy cache: %v", err)
 	}
 	return &iam_pb.PutPolicyResponse{}, nil
 }
 
 func (s3a *S3ApiServer) DeletePolicy(ctx context.Context, req *iam_pb.DeletePolicyRequest) (*iam_pb.DeletePolicyResponse, error) {
 	if req.Name == "" {
-		return nil, fmt.Errorf("policy name is required")
+		return nil, status.Errorf(codes.InvalidArgument, "policy name is required")
 	}
 
 	// Delete from IAM policy cache
 	glog.V(1).Infof("IAM: received policy removal for %s", req.Name)
-	if s3a.iam != nil {
-		if err := s3a.iam.DeletePolicy(req.Name); err != nil {
-			glog.Errorf("failed to delete policy cache for %s: %v", req.Name, err)
-			return nil, err
-		}
+	if s3a.iam == nil {
+		return nil, status.Errorf(codes.Internal, "IAM not initialized")
+	}
+
+	if err := s3a.iam.DeletePolicy(req.Name); err != nil {
+		glog.Errorf("failed to delete policy cache for %s: %v", req.Name, err)
+		return nil, status.Errorf(codes.Internal, "failed to delete policy cache: %v", err)
 	}
 	return &iam_pb.DeletePolicyResponse{}, nil
 }
 
 func (s3a *S3ApiServer) GetPolicy(ctx context.Context, req *iam_pb.GetPolicyRequest) (*iam_pb.GetPolicyResponse, error) {
 	if req.Name == "" {
-		return nil, fmt.Errorf("policy name is required")
+		return nil, status.Errorf(codes.InvalidArgument, "policy name is required")
 	}
 	if s3a.iam == nil {
-		return &iam_pb.GetPolicyResponse{}, nil
+		return nil, status.Errorf(codes.Internal, "IAM not initialized")
 	}
 	policy, err := s3a.iam.GetPolicy(req.Name)
 	if err != nil {
@@ -88,7 +95,7 @@ func (s3a *S3ApiServer) GetPolicy(ctx context.Context, req *iam_pb.GetPolicyRequ
 func (s3a *S3ApiServer) ListPolicies(ctx context.Context, req *iam_pb.ListPoliciesRequest) (*iam_pb.ListPoliciesResponse, error) {
 	resp := &iam_pb.ListPoliciesResponse{}
 	if s3a.iam == nil {
-		return resp, nil
+		return nil, status.Errorf(codes.Internal, "IAM not initialized")
 	}
 	policies := s3a.iam.ListPolicies()
 	for _, policy := range policies {