self-hosted/minio
self-hosted/minio
1
0
Fork 0
mirror of https://github.com/minio/minio synced 2024-10-02 22:24:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Do not use a chain for S3 tiering to return better error messages (#18030)

Browse source 
When using a chain provider all providers do not return a valid
access and secret key, an anonymous request is sent, which makes it hard
for users to figure out what is going on

In the case of S3 tiering, when AWS IAM temporary account generation returns
an error, an anonymous login will be used because of the chain provider.
Avoid this and use the AWS IAM provider directly to get a good error
message.
This commit is contained in:
Anis Eleuch 2023-09-14 15:28:20 -07:00 committed by GitHub
parent 7a7068ee47
commit b0e1776d6d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
cmd/common-main.go
View file

@ -29,7 +29,6 @@ import (
"fmt"
"math/rand"
"net"
"net/http"
"net/url"
"os"
"path"
@ -54,7 +53,6 @@ import (
"github.com/minio/kes-go"
"github.com/minio/madmin-go/v3"
"github.com/minio/minio-go/v7"
"github.com/minio/minio-go/v7/pkg/credentials"
"github.com/minio/minio-go/v7/pkg/set"
"github.com/minio/minio/internal/auth"
"github.com/minio/minio/internal/color"
@ -71,10 +69,7 @@ import (
// serverDebugLog will enable debug printing
var serverDebugLog = env.Get("_MINIO_SERVER_DEBUG", config.EnableOff) == config.EnableOn
var (
shardDiskTimeDelta time.Duration
defaultAWSCredProvider []credentials.Provider
)
var shardDiskTimeDelta time.Duration
func init() {
if runtime.GOOS == "windows" {
@ -112,14 +107,6 @@ func init() {
gob.Register(madmin.XFSErrorConfigs{})
gob.Register(map[string]interface{}{})
defaultAWSCredProvider = []credentials.Provider{
&credentials.IAM{
Client: &http.Client{
Transport: NewHTTPTransport(),
},
},
}
var err error
shardDiskTimeDelta, err = time.ParseDuration(env.Get("_MINIO_SHARD_DISKTIME_DELTA", "1m"))
if err != nil {

6
cmd/warm-backend-s3.go
View file

@ -115,7 +115,11 @@ func newWarmBackendS3(conf madmin.TierS3, tier string) (*warmBackendS3, error) {
}
var creds *credentials.Credentials
if conf.AWSRole {
creds = credentials.NewChainCredentials(defaultAWSCredProvider)
creds = credentials.New(&credentials.IAM{
Client: &http.Client{
Transport: NewHTTPTransport(),
},
})
} else {
creds = credentials.NewStaticV4(conf.AccessKey, conf.SecretKey, "")
}

2
cmd/warm-backend.go
View file

@ -117,7 +117,7 @@ type tierPermErr struct {
}
func (te tierPermErr) Error() string {
return fmt.Sprintf("failed to perform %s %v", te.Op, te.Err)
return fmt.Sprintf("failed to perform %s: %v", te.Op, te.Err)
}
func errIsTierPermError(err error) bool {