fix: handle 403 and null files in kernels_output

[4kaws]

Summary

list_kernel_session_output and kernels_status return 403 or 401 in several known scenarios that previously surfaced as an opaque HTTPError with no actionable information. This specifically affects benchmark task notebooks in the following cases:

• 403 Forbidden — Notebooks created via Copy & Edit that are public: the notebook is accessible in the browser but the API denies access to its outputs regardless of visibility setting
• 401 Unauthorized — Private notebooks owned by another user, or your own private notebooks where the owner lacks API access to their own outputs

Changes

• Wraps list_kernel_session_output in a try/except HTTPError block; on 401 or 403 raises a ValueError with a clear message describing the known causes
• Wraps kernels_status in the same try/except HTTPError block with the same 401/403 handling
• Guards response.files against None to prevent a TypeError crash when the API returns an empty response

Repro

from kaggle.api.kaggle_api_extended import KaggleApi

api = KaggleApi()
api.authenticate()

# Triggers 401 via kernels_status — benchmark task notebook created via Copy & Edit:
api.kernels_status("gpreda/byzantine-empire-citizens")

# Triggers 403 via kernels_output — same notebook:
api.kernels_output("gpreda/byzantine-empire-citizens", path="/tmp")

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[4kaws]

I have signed the Google CLA. Could a maintainer please trigger a rescan if this PR will be accepted? Thank you!

[stevemessick]

/gcbrun

[stevemessick]

@4kaws Just curious, after doing a copy and edit on a notebook, did you commit it (and run)?

[4kaws]

@4kaws Just curious, after doing a copy and edit on a notebook, did you commit it (and run)?

yes, i did run it and also added it to a benchmark page

[stevemessick]

I cannot reproduce your issue with copy-edit notebooks, then failing to download their output. If it weren't that a large part of the error message in this PR is due to that problem, I probably would have approved it already. But I don't understand the problem. Do you have an example I can use to reproduce it?

[4kaws]

I cannot reproduce your issue with copy-edit notebooks, then failing to download their output. If it weren't that a large part of the error message in this PR is due to that problem, I probably would have approved it already. But I don't understand the problem. Do you have an example I can use to reproduce it?

Hi! The issue is still reproducible as of today. I should have mentioned that this happens only for benchmark task notebooks.

Here are concrete examples you can test with, all of these task notebooks are public but return Permission 'kernels.get' was denied:

from kaggle.api.kaggle_api_extended import KaggleApi
from kagglesdk import KaggleClient
from kagglesdk.kernels.types.kernels_api_service import ApiListKernelSessionOutputRequest

api = KaggleApi()
api.authenticate()

All of these are public notebooks created via Copy & Edit

kernels_status returns 401 (Unauthorized)

api.kernels_status("gpreda/byzantine-empire-citizens")  # 401
api.kernels_status("gpreda/fall-of-roman-empire")  # 401
api.kernels_status("anhoangvo/html-art-copy-art")  # 401
api.kernels_status("anhoangvo/html-art-v1-copy-art")  # 401

list_kernel_session_output returns 403 (Forbidden) on the same notebooks

client = KaggleClient(username="<your_username>", api_token="<your_api_key>")
for owner, slug in [
    ("gpreda", "byzantine-empire-citizens"),
    ("gpreda", "fall-of-roman-empire"),
    ("anhoangvo", "html-art-copy-art"),
    ("anhoangvo", "html-art-v1-copy-art"),
]:
    req = ApiListKernelSessionOutputRequest()
    req.user_name = owner
    req.kernel_slug = slug
    client.kernels.kernels_api_client.list_kernel_session_output(req)  # 403

You can verify they are public by visiting (2 examples):

https://www.kaggle.com/code/gpreda/byzantine-empire-citizens-name
https://www.kaggle.com/code/anhoangvo/html-v2-art-copy-art?scriptVersionId=289481272
The pattern is consistent: benchmark task notebooks created via "Copy & Edit" from an existing notebook inherit a broken permission state that blocks all API access regardless of their visibility settings. This surfaces in two ways:

kernels_status → 401 Unauthorized
list_kernel_session_output → 403 Permission 'kernels.get' was denied