KNOX-2396 - TokenResource Renew and Revoke Should Respond With Error Codes That Identify Specific Errors

[zeroflag]

What changes were proposed in this pull request?

TokeResource currently responds to failed requests to renew or revoke a token with an error message. Any client behavior based on the nature of the failure must currently depend on the error message content, which is not robust.

This patch extends the response with an error code, which is backward compatible with the existing responses.

How was this patch tested?

Created a token with API call:

$ curl -v -k -u admin:admin-password  https://localhost:8443/gateway/homepage/knoxtoken/api/v1/token

Tried renew/revoke/enable/disable endpoints:

$ curl -X PUT -d "<tokenId>" -vvv -k -u admin:admin-password https://localhost:8443/knoxtoken/api/v1/token/enable

{
  "setEnabledFlag": "false",
  "error": "Token is already enabled",
  "code": 70
}

$ curl -X PUT -d "<tokenId>" -vvv -k -u admin:admin-password https://localhost:8443/knoxtoken/api/v1/token/disable
{
  "setEnabledFlag": "false",
  "error": "Token is already disabled",
  "code": 60
}

$ curl -d "invalid" -vvv -k -u admin:admin-password https://localhost:8443/knoxtoken/api/v1/token/revoke
{
  "revoked": "false",
  "error": "Invalid serialized unsecured/JWS/JWE object: Missing part delimiters",
  "code": 40
}

curl -d "invalid" -vvv -k -u admin:admin-password https://localhost:8443/knoxtoken/api/v1/token/renew
{
  "renewed": "false",
  "error": "Invalid serialized unsecured/JWS/JWE object: Missing part delimiters",
  "code": 40
}

[zeroflag]

cc: @pzampino @smolnar82 @moresandeep @lmccay

[smolnar82]

LGTM

[pzampino]

LGTM
We should add these codes to the Knox user guide for them to be really useful.