self-hosted/minio
self-hosted/minio
1
0
Fork 0
mirror of https://github.com/minio/minio synced 2024-10-14 11:52:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

kes: remove unnecessary error conversion (#14459)

Browse source 
This commit removes some duplicate code that
converts KES API errors.

This code was added since KES `0.18.0` changed
some exported API errors. However, the KES SDK
handles this error conversion itself.
Therefore, it is not necessary to duplicate this
behavior in MinIO.

See: 21555fa624/error.go (L94)

Signed-off-by: Andreas Auernhammer <hi@aead.dev>
This commit is contained in:
Andreas Auernhammer 2022-03-03 18:42:37 +01:00 committed by GitHub
parent 289fcbd08c
commit b48f719b8e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 3 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
cmd/admin-handler-utils.go
View file

@ -22,8 +22,7 @@ import (
"errors"
"net/http"
"github.com/minio/minio/internal/kms"
"github.com/minio/kes"
"github.com/minio/madmin-go"
"github.com/minio/minio/internal/auth"
"github.com/minio/minio/internal/config"
@ -145,7 +144,7 @@ func toAdminAPIErr(ctx context.Context, err error) APIError {
Description: "The policy cannot be removed, as it is in use",
HTTPStatusCode: http.StatusBadRequest,
}
case kms.KeyExists(err):
case errors.Is(err, kes.ErrKeyExists):
apiErr = APIError{
Code: "XMinioKMSKeyExists",
Description: err.Error(),

2
cmd/common-main.go
View file

@ -820,7 +820,7 @@ func handleCommonEnvVars() {
// This implicitly checks that we can communicate to KES. We don't treat
// a policy error as failure condition since MinIO may not have the permission
// to create keys - just to generate/decrypt data encryption keys.
if err = KMS.CreateKey(defaultKeyID); err != nil && !kms.KeyExists(err) && !errors.Is(err, kes.ErrNotAllowed) {
if err = KMS.CreateKey(defaultKeyID); err != nil && !errors.Is(err, kes.ErrKeyExists) && !errors.Is(err, kes.ErrNotAllowed) {
logger.Fatal(err, "Unable to initialize a connection to KES as specified by the shell environment")
}
GlobalKMS = KMS

8
internal/kms/kes.go
View file

@ -22,7 +22,6 @@ import (
"crypto/tls"
"crypto/x509"
"errors"
"net/http"
"time"
"github.com/minio/kes"
@ -141,10 +140,3 @@ func (c *kesClient) DecryptKey(keyID string, ciphertext []byte, ctx Context) ([]
}
return c.client.Decrypt(context.Background(), keyID, ciphertext, ctxBytes)
}
// KeyExists returns if key exists on KMS based on the provided error type
func KeyExists(err error) bool {
// legacyKeyExists will be used to maintain compatibility with KES versions older than v0.18.0
legacyKeyExists := kes.NewError(http.StatusBadRequest, "key does already exist")
return errors.Is(err, kes.ErrKeyExists) || errors.Is(err, legacyKeyExists)
}