diff --git a/cmd/admin-bucket-handlers.go b/cmd/admin-bucket-handlers.go index 6ea1da35e..9139e47f8 100644 --- a/cmd/admin-bucket-handlers.go +++ b/cmd/admin-bucket-handlers.go @@ -107,10 +107,7 @@ func (a adminAPIHandlers) PutBucketQuotaConfigHandler(w http.ResponseWriter, r * } // Call site replication hook. - if err = globalSiteReplicationSys.BucketMetaHook(ctx, bucketMeta); err != nil { - writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL) - return - } + logger.LogIf(ctx, globalSiteReplicationSys.BucketMetaHook(ctx, bucketMeta)) // Write success response. writeSuccessResponseHeadersOnly(w) diff --git a/cmd/admin-handlers-users.go b/cmd/admin-handlers-users.go index 93d27d5c6..127d13445 100644 --- a/cmd/admin-handlers-users.go +++ b/cmd/admin-handlers-users.go @@ -67,17 +67,14 @@ func (a adminAPIHandlers) RemoveUser(w http.ResponseWriter, r *http.Request) { return } - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemIAMUser, IAMUser: &madmin.SRIAMUser{ AccessKey: accessKey, IsDeleteReq: true, }, UpdatedAt: UTCNow(), - }); err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } + })) } // ListBucketUsers - GET /minio/admin/v3/list-users?bucket={bucket} @@ -262,16 +259,13 @@ func (a adminAPIHandlers) UpdateGroupMembers(w http.ResponseWriter, r *http.Requ return } - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemGroupInfo, GroupInfo: &madmin.SRGroupInfo{ UpdateReq: updReq, }, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } + })) } // GetGroup - /minio/admin/v3/group?group=mygroup1 @@ -361,7 +355,7 @@ func (a adminAPIHandlers) SetGroupStatus(w http.ResponseWriter, r *http.Request) return } - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemGroupInfo, GroupInfo: &madmin.SRGroupInfo{ UpdateReq: madmin.GroupAddRemove{ @@ -371,10 +365,7 @@ func (a adminAPIHandlers) SetGroupStatus(w http.ResponseWriter, r *http.Request) }, }, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } + })) } // SetUserStatus - PUT /minio/admin/v3/set-user-status?accessKey=&status=[enabled|disabled] @@ -404,7 +395,7 @@ func (a adminAPIHandlers) SetUserStatus(w http.ResponseWriter, r *http.Request) return } - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemIAMUser, IAMUser: &madmin.SRIAMUser{ AccessKey: accessKey, @@ -414,10 +405,7 @@ func (a adminAPIHandlers) SetUserStatus(w http.ResponseWriter, r *http.Request) }, }, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } + })) } // AddUser - PUT /minio/admin/v3/add-user?accessKey= @@ -516,7 +504,7 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) { return } - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemIAMUser, IAMUser: &madmin.SRIAMUser{ AccessKey: accessKey, @@ -524,10 +512,7 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) { UserReq: &ureq, }, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } + })) } // TemporaryAccountInfo - GET /minio/admin/v3/temporary-account-info @@ -810,7 +795,7 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque // Call hook for cluster-replication if the service account is not for a // root user. if newCred.ParentUser != globalActiveCred.AccessKey { - err = globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemSvcAcc, SvcAccChange: &madmin.SRSvcAccChange{ Create: &madmin.SRSvcAccCreate{ @@ -825,11 +810,7 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque }, }, UpdatedAt: updatedAt, - }) - if err != nil { - logger.LogIf(ctx, err) - return - } + })) } } @@ -917,7 +898,7 @@ func (a adminAPIHandlers) UpdateServiceAccount(w http.ResponseWriter, r *http.Re // Call site replication hook - non-root user accounts are replicated. if svcAccount.ParentUser != globalActiveCred.AccessKey { - err = globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemSvcAcc, SvcAccChange: &madmin.SRSvcAccChange{ Update: &madmin.SRSvcAccUpdate{ @@ -929,11 +910,7 @@ func (a adminAPIHandlers) UpdateServiceAccount(w http.ResponseWriter, r *http.Re }, }, UpdatedAt: updatedAt, - }) - if err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } + })) } writeSuccessNoContent(w) @@ -1162,7 +1139,7 @@ func (a adminAPIHandlers) DeleteServiceAccount(w http.ResponseWriter, r *http.Re // Call site replication hook - non-root user accounts are replicated. if svcAccount.ParentUser != "" && svcAccount.ParentUser != globalActiveCred.AccessKey { - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemSvcAcc, SvcAccChange: &madmin.SRSvcAccChange{ Delete: &madmin.SRSvcAccDelete{ @@ -1170,10 +1147,7 @@ func (a adminAPIHandlers) DeleteServiceAccount(w http.ResponseWriter, r *http.Re }, }, UpdatedAt: UTCNow(), - }); err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } + })) } writeSuccessNoContent(w) @@ -1534,14 +1508,11 @@ func (a adminAPIHandlers) RemoveCannedPolicy(w http.ResponseWriter, r *http.Requ // Call cluster-replication policy creation hook to replicate policy deletion to // other minio clusters. - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemPolicy, Name: policyName, UpdatedAt: UTCNow(), - }); err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } + })) } // AddCannedPolicy - PUT /minio/admin/v3/add-canned-policy?name= @@ -1602,15 +1573,12 @@ func (a adminAPIHandlers) AddCannedPolicy(w http.ResponseWriter, r *http.Request // Call cluster-replication policy creation hook to replicate policy to // other minio clusters. - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemPolicy, Name: policyName, Policy: iamPolicyBytes, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } + })) } // SetPolicyForUserOrGroup - PUT /minio/admin/v3/set-policy?policy=xxx&user-or-group=?[&is-group] @@ -1669,7 +1637,7 @@ func (a adminAPIHandlers) SetPolicyForUserOrGroup(w http.ResponseWriter, r *http return } - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemPolicyMapping, PolicyMapping: &madmin.SRPolicyMapping{ UserOrGroup: entityName, @@ -1678,10 +1646,7 @@ func (a adminAPIHandlers) SetPolicyForUserOrGroup(w http.ResponseWriter, r *http Policy: policyName, }, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } + })) } // ListPolicyMappingEntities - GET /minio/admin/v3/idp/builtin/polciy-entities?policy=xxx&user=xxx&group=xxx @@ -1836,7 +1801,7 @@ func (a adminAPIHandlers) AttachPolicyBuiltin(w http.ResponseWriter, r *http.Req return } - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemPolicyMapping, PolicyMapping: &madmin.SRPolicyMapping{ UserOrGroup: userOrGroup, @@ -1845,10 +1810,7 @@ func (a adminAPIHandlers) AttachPolicyBuiltin(w http.ResponseWriter, r *http.Req Policy: strings.Join(policiesToAttach, ","), }, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } + })) writeResponse(w, http.StatusCreated, nil, mimeNone) } @@ -1969,7 +1931,7 @@ func (a adminAPIHandlers) DetachPolicyBuiltin(w http.ResponseWriter, r *http.Req return } - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemPolicyMapping, PolicyMapping: &madmin.SRPolicyMapping{ UserOrGroup: userOrGroup, @@ -1978,10 +1940,7 @@ func (a adminAPIHandlers) DetachPolicyBuiltin(w http.ResponseWriter, r *http.Req Policy: strings.Join(policiesToDetach, ","), }, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } + })) // Return successful JSON response writeSuccessNoContent(w) diff --git a/cmd/bucket-encryption-handlers.go b/cmd/bucket-encryption-handlers.go index 746f079db..c837d3208 100644 --- a/cmd/bucket-encryption-handlers.go +++ b/cmd/bucket-encryption-handlers.go @@ -114,15 +114,12 @@ func (api objectAPIHandlers) PutBucketEncryptionHandler(w http.ResponseWriter, r // We encode the xml bytes as base64 to ensure there are no encoding // errors. cfgStr := base64.StdEncoding.EncodeToString(configData) - if err = globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ + logger.LogIf(ctx, globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ Type: madmin.SRBucketMetaTypeSSEConfig, Bucket: bucket, SSEConfig: &cfgStr, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL) - return - } + })) writeSuccessResponseHeadersOnly(w) } @@ -204,16 +201,14 @@ func (api objectAPIHandlers) DeleteBucketEncryptionHandler(w http.ResponseWriter writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL) return } + // Call site replication hook. - // - if err = globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ + logger.LogIf(ctx, globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ Type: madmin.SRBucketMetaTypeSSEConfig, Bucket: bucket, SSEConfig: nil, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL) - return - } + })) + writeSuccessNoContent(w) } diff --git a/cmd/bucket-handlers.go b/cmd/bucket-handlers.go index c4ad33ed4..0f9ff4607 100644 --- a/cmd/bucket-handlers.go +++ b/cmd/bucket-handlers.go @@ -851,7 +851,7 @@ func (api objectAPIHandlers) PutBucketHandler(w http.ResponseWriter, r *http.Req globalNotificationSys.LoadBucketMetadata(GlobalContext, bucket) // Call site replication hook - globalSiteReplicationSys.MakeBucketHook(ctx, bucket, opts) + logger.LogIf(ctx, globalSiteReplicationSys.MakeBucketHook(ctx, bucket, opts)) // Make sure to add Location information here only for bucket if cp := pathClean(r.URL.Path); cp != "" { @@ -1352,11 +1352,9 @@ func (api objectAPIHandlers) DeleteBucketHandler(w http.ResponseWriter, r *http. globalNotificationSys.DeleteBucketMetadata(ctx, bucket) globalReplicationPool.deleteResyncMetadata(ctx, bucket) + // Call site replication hook. - if err := globalSiteReplicationSys.DeleteBucketHook(ctx, bucket, forceDelete); err != nil { - writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL) - return - } + logger.LogIf(ctx, globalSiteReplicationSys.DeleteBucketHook(ctx, bucket, forceDelete)) // Write success response. writeSuccessNoContent(w) @@ -1425,15 +1423,12 @@ func (api objectAPIHandlers) PutBucketObjectLockConfigHandler(w http.ResponseWri // We encode the xml bytes as base64 to ensure there are no encoding // errors. cfgStr := base64.StdEncoding.EncodeToString(configData) - if err = globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ + logger.LogIf(ctx, globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ Type: madmin.SRBucketMetaTypeObjectLockConfig, Bucket: bucket, ObjectLockConfig: &cfgStr, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL) - return - } + })) // Write success response. writeSuccessResponseHeadersOnly(w) @@ -1532,15 +1527,12 @@ func (api objectAPIHandlers) PutBucketTaggingHandler(w http.ResponseWriter, r *h // We encode the xml bytes as base64 to ensure there are no encoding // errors. cfgStr := base64.StdEncoding.EncodeToString(configData) - if err = globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ + logger.LogIf(ctx, globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ Type: madmin.SRBucketMetaTypeTags, Bucket: bucket, Tags: &cfgStr, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL) - return - } + })) // Write success response. writeSuccessResponseHeadersOnly(w) @@ -1611,14 +1603,11 @@ func (api objectAPIHandlers) DeleteBucketTaggingHandler(w http.ResponseWriter, r return } - if err := globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ + logger.LogIf(ctx, globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ Type: madmin.SRBucketMetaTypeTags, Bucket: bucket, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL) - return - } + })) // Write success response. writeSuccessResponseHeadersOnly(w) diff --git a/cmd/bucket-policy-handlers.go b/cmd/bucket-policy-handlers.go index 60c37c150..6350f1ef3 100644 --- a/cmd/bucket-policy-handlers.go +++ b/cmd/bucket-policy-handlers.go @@ -109,15 +109,12 @@ func (api objectAPIHandlers) PutBucketPolicyHandler(w http.ResponseWriter, r *ht } // Call site replication hook. - if err = globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ + logger.LogIf(ctx, globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ Type: madmin.SRBucketMetaTypePolicy, Bucket: bucket, Policy: bucketPolicyBytes, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL) - return - } + })) // Success. writeSuccessNoContent(w) @@ -156,14 +153,11 @@ func (api objectAPIHandlers) DeleteBucketPolicyHandler(w http.ResponseWriter, r } // Call site replication hook. - if err := globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ + logger.LogIf(ctx, globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ Type: madmin.SRBucketMetaTypePolicy, Bucket: bucket, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL) - return - } + })) // Success. writeSuccessNoContent(w) diff --git a/cmd/bucket-targets.go b/cmd/bucket-targets.go index 2a80b4a8d..fff2f5e1c 100644 --- a/cmd/bucket-targets.go +++ b/cmd/bucket-targets.go @@ -98,7 +98,7 @@ func (sys *BucketTargetSys) heartBeat(ctx context.Context) { select { case <-hcTimer.C: sys.hMutex.RLock() - var eps []madmin.ServerProperties + eps := make([]madmin.ServerProperties, 0, len(sys.hc)) for _, ep := range sys.hc { eps = append(eps, madmin.ServerProperties{Endpoint: ep.Endpoint, Scheme: ep.Scheme}) } @@ -106,16 +106,12 @@ func (sys *BucketTargetSys) heartBeat(ctx context.Context) { if len(eps) > 0 { cctx, cancel := context.WithTimeout(ctx, 30*time.Second) - m := map[string]epHealth{} + m := make(map[string]epHealth, len(eps)) for result := range sys.hcClient.Alive(cctx, madmin.AliveOpts{}, eps...) { - var online bool - if result.Error == nil { - online = result.Online - } m[result.Endpoint.Host] = epHealth{ Endpoint: result.Endpoint.Host, Scheme: result.Endpoint.Scheme, - Online: online, + Online: result.Online, } } cancel() diff --git a/cmd/bucket-versioning-handler.go b/cmd/bucket-versioning-handler.go index 8de738b32..35ee5d70c 100644 --- a/cmd/bucket-versioning-handler.go +++ b/cmd/bucket-versioning-handler.go @@ -108,15 +108,12 @@ func (api objectAPIHandlers) PutBucketVersioningHandler(w http.ResponseWriter, r // We encode the xml bytes as base64 to ensure there are no encoding // errors. cfgStr := base64.StdEncoding.EncodeToString(configData) - if err = globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ + logger.LogIf(ctx, globalSiteReplicationSys.BucketMetaHook(ctx, madmin.SRBucketMeta{ Type: madmin.SRBucketMetaTypeVersionConfig, Bucket: bucket, Versioning: &cfgStr, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL) - return - } + })) writeSuccessResponseHeadersOnly(w) } diff --git a/cmd/site-replication.go b/cmd/site-replication.go index a25b8afea..fb9c856d6 100644 --- a/cmd/site-replication.go +++ b/cmd/site-replication.go @@ -26,7 +26,6 @@ import ( "encoding/xml" "errors" "fmt" - "math/rand" "net/url" "reflect" "sort" @@ -3621,20 +3620,6 @@ func (c *SiteReplicationSys) PeerEditReq(ctx context.Context, arg madmin.PeerInf const siteHealTimeInterval = 10 * time.Second func (c *SiteReplicationSys) startHealRoutine(ctx context.Context, objAPI ObjectLayer) { - r := rand.New(rand.NewSource(time.Now().UnixNano())) - // Run the site replication healing in a loop - for { - c.healRoutine(ctx, objAPI) - duration := time.Duration(r.Float64() * float64(time.Minute)) - if duration < time.Second { - // Make sure to sleep atleast a second to avoid high CPU ticks. - duration = time.Second - } - time.Sleep(duration) - } -} - -func (c *SiteReplicationSys) healRoutine(ctx context.Context, objAPI ObjectLayer) { ctx, cancel := globalLeaderLock.GetLock(ctx) defer cancel() @@ -3812,7 +3797,7 @@ func (c *SiteReplicationSys) healTagMetadata(ctx context.Context, objAPI ObjectL } if dID == globalDeploymentID { if _, err := globalBucketMetadataSys.Update(ctx, bucket, bucketTaggingConfig, latestTaggingConfigBytes); err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing tagging metadata from peer site %s : %w", latestPeerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal tagging metadata from peer site %s : %w", latestPeerName, err)) } continue } @@ -3829,7 +3814,7 @@ func (c *SiteReplicationSys) healTagMetadata(ctx context.Context, objAPI ObjectL }) if err != nil { logger.LogIf(ctx, c.annotatePeerErr(peerName, replicateBucketMetadata, - fmt.Errorf("Error healing tagging metadata for peer %s from peer %s : %w", peerName, latestPeerName, err))) + fmt.Errorf("Unable to heal tagging metadata for peer %s from peer %s : %w", peerName, latestPeerName, err))) } } return nil @@ -3876,7 +3861,7 @@ func (c *SiteReplicationSys) healBucketPolicies(ctx context.Context, objAPI Obje } if dID == globalDeploymentID { if _, err := globalBucketMetadataSys.Update(ctx, bucket, bucketPolicyConfig, latestIAMPolicy); err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing bucket policy metadata from peer site %s : %w", latestPeerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal bucket policy metadata from peer site %s : %w", latestPeerName, err)) } continue } @@ -3893,7 +3878,7 @@ func (c *SiteReplicationSys) healBucketPolicies(ctx context.Context, objAPI Obje UpdatedAt: lastUpdate, }); err != nil { logger.LogIf(ctx, c.annotatePeerErr(peerName, replicateBucketMetadata, - fmt.Errorf("Error healing bucket policy metadata for peer %s from peer %s : %w", + fmt.Errorf("Unable to heal bucket policy metadata for peer %s from peer %s : %w", peerName, latestPeerName, err))) } } @@ -3951,7 +3936,7 @@ func (c *SiteReplicationSys) healBucketQuotaConfig(ctx context.Context, objAPI O } if dID == globalDeploymentID { if _, err := globalBucketMetadataSys.Update(ctx, bucket, bucketQuotaConfigFile, latestQuotaConfigBytes); err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing quota metadata from peer site %s : %w", latestPeerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal quota metadata from peer site %s : %w", latestPeerName, err)) } continue } @@ -3969,7 +3954,7 @@ func (c *SiteReplicationSys) healBucketQuotaConfig(ctx context.Context, objAPI O UpdatedAt: lastUpdate, }); err != nil { logger.LogIf(ctx, c.annotatePeerErr(peerName, replicateBucketMetadata, - fmt.Errorf("Error healing quota config metadata for peer %s from peer %s : %w", + fmt.Errorf("Unable to heal quota config metadata for peer %s from peer %s : %w", peerName, latestPeerName, err))) } } @@ -4026,7 +4011,7 @@ func (c *SiteReplicationSys) healVersioningMetadata(ctx context.Context, objAPI } if dID == globalDeploymentID { if _, err := globalBucketMetadataSys.Update(ctx, bucket, bucketVersioningConfig, latestVersioningConfigBytes); err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing versioning metadata from peer site %s : %w", latestPeerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal versioning metadata from peer site %s : %w", latestPeerName, err)) } continue } @@ -4044,7 +4029,7 @@ func (c *SiteReplicationSys) healVersioningMetadata(ctx context.Context, objAPI }) if err != nil { logger.LogIf(ctx, c.annotatePeerErr(peerName, replicateBucketMetadata, - fmt.Errorf("Error healing versioning config metadata for peer %s from peer %s : %w", + fmt.Errorf("Unable to heal versioning config metadata for peer %s from peer %s : %w", peerName, latestPeerName, err))) } } @@ -4101,7 +4086,7 @@ func (c *SiteReplicationSys) healSSEMetadata(ctx context.Context, objAPI ObjectL } if dID == globalDeploymentID { if _, err := globalBucketMetadataSys.Update(ctx, bucket, bucketSSEConfig, latestSSEConfigBytes); err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing sse metadata from peer site %s : %w", latestPeerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal sse metadata from peer site %s : %w", latestPeerName, err)) } continue } @@ -4119,7 +4104,7 @@ func (c *SiteReplicationSys) healSSEMetadata(ctx context.Context, objAPI ObjectL }) if err != nil { logger.LogIf(ctx, c.annotatePeerErr(peerName, replicateBucketMetadata, - fmt.Errorf("Error healing SSE config metadata for peer %s from peer %s : %w", + fmt.Errorf("Unable to heal SSE config metadata for peer %s from peer %s : %w", peerName, latestPeerName, err))) } } @@ -4176,7 +4161,7 @@ func (c *SiteReplicationSys) healOLockConfigMetadata(ctx context.Context, objAPI } if dID == globalDeploymentID { if _, err := globalBucketMetadataSys.Update(ctx, bucket, objectLockConfig, latestObjLockConfigBytes); err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing objectlock config metadata from peer site %s : %w", latestPeerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal objectlock config metadata from peer site %s : %w", latestPeerName, err)) } continue } @@ -4194,7 +4179,7 @@ func (c *SiteReplicationSys) healOLockConfigMetadata(ctx context.Context, objAPI }) if err != nil { logger.LogIf(ctx, c.annotatePeerErr(peerName, replicateBucketMetadata, - fmt.Errorf("Error healing object lock config metadata for peer %s from peer %s : %w", + fmt.Errorf("Unable to heal object lock config metadata for peer %s from peer %s : %w", peerName, latestPeerName, err))) } } @@ -4496,7 +4481,7 @@ func (c *SiteReplicationSys) healPolicies(ctx context.Context, objAPI ObjectLaye UpdatedAt: lastUpdate, }) if err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing IAM policy %s from peer site %s -> site %s : %w", policy, latestPeerName, peerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal IAM policy %s from peer site %s -> site %s : %w", policy, latestPeerName, peerName, err)) } } return nil @@ -4556,7 +4541,7 @@ func (c *SiteReplicationSys) healUserPolicies(ctx context.Context, objAPI Object UpdatedAt: lastUpdate, }) if err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing IAM user policy mapping for %s from peer site %s -> site %s : %w", user, latestPeerName, peerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal IAM user policy mapping for %s from peer site %s -> site %s : %w", user, latestPeerName, peerName, err)) } } return nil @@ -4618,7 +4603,7 @@ func (c *SiteReplicationSys) healGroupPolicies(ctx context.Context, objAPI Objec UpdatedAt: lastUpdate, }) if err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing IAM group policy mapping for %s from peer site %s -> site %s : %w", group, latestPeerName, peerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal IAM group policy mapping for %s from peer site %s -> site %s : %w", group, latestPeerName, peerName, err)) } } return nil @@ -4679,13 +4664,13 @@ func (c *SiteReplicationSys) healUsers(ctx context.Context, objAPI ObjectLayer, if creds.IsServiceAccount() { claims, err := globalIAMSys.GetClaimsForSvcAcc(ctx, creds.AccessKey) if err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing service account %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal service account %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err)) continue } _, policy, err := globalIAMSys.GetServiceAccount(ctx, creds.AccessKey) if err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing service account %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal service account %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err)) continue } @@ -4693,7 +4678,7 @@ func (c *SiteReplicationSys) healUsers(ctx context.Context, objAPI ObjectLayer, if policy != nil { policyJSON, err = json.Marshal(policy) if err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing service account %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal service account %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err)) continue } } @@ -4714,14 +4699,14 @@ func (c *SiteReplicationSys) healUsers(ctx context.Context, objAPI ObjectLayer, }, UpdatedAt: lastUpdate, }); err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing service account %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal service account %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err)) } continue } if creds.IsTemp() && !creds.IsExpired() { u, err := globalIAMSys.GetUserInfo(ctx, creds.ParentUser) if err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing temporary credentials %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal temporary credentials %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err)) continue } // Call hook for site replication. @@ -4736,7 +4721,7 @@ func (c *SiteReplicationSys) healUsers(ctx context.Context, objAPI ObjectLayer, }, UpdatedAt: lastUpdate, }); err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing temporary credentials %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal temporary credentials %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err)) } continue } @@ -4752,7 +4737,7 @@ func (c *SiteReplicationSys) healUsers(ctx context.Context, objAPI ObjectLayer, }, UpdatedAt: lastUpdate, }); err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing user %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal user %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err)) } } return nil @@ -4816,7 +4801,7 @@ func (c *SiteReplicationSys) healGroups(ctx context.Context, objAPI ObjectLayer, }, UpdatedAt: lastUpdate, }); err != nil { - logger.LogIf(ctx, fmt.Errorf("Error healing group %s from peer site %s -> site %s : %w", group, latestPeerName, peerName, err)) + logger.LogIf(ctx, fmt.Errorf("Unable to heal group %s from peer site %s -> site %s : %w", group, latestPeerName, peerName, err)) } } return nil diff --git a/cmd/sts-handlers.go b/cmd/sts-handlers.go index eec5521f6..fbda9f08a 100644 --- a/cmd/sts-handlers.go +++ b/cmd/sts-handlers.go @@ -282,7 +282,7 @@ func (sts *stsAPIHandlers) AssumeRole(w http.ResponseWriter, r *http.Request) { // Call hook for site replication. if cred.ParentUser != globalActiveCred.AccessKey { - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemSTSAcc, STSCredential: &madmin.SRSTSCredential{ AccessKey: cred.AccessKey, @@ -291,9 +291,7 @@ func (sts *stsAPIHandlers) AssumeRole(w http.ResponseWriter, r *http.Request) { ParentUser: cred.ParentUser, }, UpdatedAt: updatedAt, - }); err != nil { - logger.LogIf(ctx, err) - } + })) } assumeRoleResponse := &AssumeRoleResponse{ @@ -484,7 +482,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithSSO(w http.ResponseWriter, r *http.Requ } // Call hook for site replication. - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemSTSAcc, STSCredential: &madmin.SRSTSCredential{ AccessKey: cred.AccessKey, @@ -494,9 +492,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithSSO(w http.ResponseWriter, r *http.Requ ParentPolicyMapping: policyName, }, UpdatedAt: updatedAt, - }); err != nil { - logger.LogIf(ctx, err) - } + })) var encodedSuccessResponse []byte switch action { @@ -657,7 +653,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithLDAPIdentity(w http.ResponseWriter, r * } // Call hook for site replication. - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemSTSAcc, STSCredential: &madmin.SRSTSCredential{ AccessKey: cred.AccessKey, @@ -666,9 +662,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithLDAPIdentity(w http.ResponseWriter, r * ParentUser: cred.ParentUser, }, UpdatedAt: updatedAt, - }); err != nil { - logger.LogIf(ctx, err) - } + })) ldapIdentityResponse := &AssumeRoleWithLDAPResponse{ Result: LDAPIdentityResult{ @@ -820,7 +814,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithCertificate(w http.ResponseWriter, r *h } // Call hook for site replication. - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemSTSAcc, STSCredential: &madmin.SRSTSCredential{ AccessKey: tmpCredentials.AccessKey, @@ -830,9 +824,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithCertificate(w http.ResponseWriter, r *h ParentPolicyMapping: policyName, }, UpdatedAt: updatedAt, - }); err != nil { - logger.LogIf(ctx, err) - } + })) response := new(AssumeRoleWithCertificateResponse) response.Result.Credentials = tmpCredentials @@ -943,7 +935,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithCustomToken(w http.ResponseWriter, r *h } // Call hook for site replication. - if err := globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ + logger.LogIf(ctx, globalSiteReplicationSys.IAMChangeHook(ctx, madmin.SRIAMItem{ Type: madmin.SRIAMItemSTSAcc, STSCredential: &madmin.SRSTSCredential{ AccessKey: tmpCredentials.AccessKey, @@ -952,10 +944,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithCustomToken(w http.ResponseWriter, r *h ParentUser: tmpCredentials.ParentUser, }, UpdatedAt: updatedAt, - }); err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } + })) response := new(AssumeRoleWithCustomTokenResponse) response.Result.Credentials = tmpCredentials diff --git a/internal/rest/client.go b/internal/rest/client.go index 4967d3f59..5f3b58eab 100644 --- a/internal/rest/client.go +++ b/internal/rest/client.go @@ -262,12 +262,6 @@ func (c *Client) Call(ctx context.Context, method string, values url.Values, bod return nil, &NetworkError{err} } - final := resp.Trailer.Get("FinalStatus") - if final != "" && final != "Success" { - defer xhttp.DrainBody(resp.Body) - return nil, errors.New(final) - } - if resp.StatusCode != http.StatusOK { // If server returns 412 pre-condition failed, it would // mean that authentication succeeded, but another