2018-10-09 14:00:01 -07:00
/ *
2019-04-09 11:39:42 -07:00
* MinIO Cloud Storage , ( C ) 2018 MinIO , Inc .
2018-10-09 14:00:01 -07:00
*
* Licensed under the Apache License , Version 2.0 ( the "License" ) ;
* you may not use this file except in compliance with the License .
* You may obtain a copy of the License at
*
* http : //www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing , software
* distributed under the License is distributed on an "AS IS" BASIS ,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND , either express or implied .
* See the License for the specific language governing permissions and
* limitations under the License .
* /
package cmd
import (
"encoding/xml"
"net/http"
2019-07-02 22:34:32 -07:00
xhttp "github.com/minio/minio/cmd/http"
2018-10-09 14:00:01 -07:00
)
// writeSTSErrorRespone writes error headers
2019-02-14 17:54:33 -08:00
func writeSTSErrorResponse ( w http . ResponseWriter , err STSError ) {
2018-10-09 14:00:01 -07:00
// Generate error response.
2019-07-02 22:34:32 -07:00
stsErrorResponse := getSTSErrorResponse ( err , w . Header ( ) . Get ( xhttp . AmzRequestID ) )
2018-10-09 14:00:01 -07:00
encodedErrorResponse := encodeResponse ( stsErrorResponse )
2019-02-14 17:54:33 -08:00
writeResponse ( w , err . HTTPStatusCode , encodedErrorResponse , mimeXML )
2018-10-09 14:00:01 -07:00
}
// STSError structure
type STSError struct {
Code string
Description string
HTTPStatusCode int
}
// STSErrorResponse - error response format
type STSErrorResponse struct {
XMLName xml . Name ` xml:"https://sts.amazonaws.com/doc/2011-06-15/ ErrorResponse" json:"-" `
Error struct {
Type string ` xml:"Type" `
Code string ` xml:"Code" `
Message string ` xml:"Message" `
} ` xml:"Error" `
RequestID string ` xml:"RequestId" `
}
// STSErrorCode type of error status.
type STSErrorCode int
// Error codes, non exhaustive list - http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html
const (
ErrSTSNone STSErrorCode = iota
2019-02-27 17:46:55 -08:00
ErrSTSAccessDenied
2018-10-09 14:00:01 -07:00
ErrSTSMissingParameter
ErrSTSInvalidParameterValue
2019-01-04 13:48:12 -08:00
ErrSTSWebIdentityExpiredToken
2018-10-09 14:00:01 -07:00
ErrSTSClientGrantsExpiredToken
ErrSTSInvalidClientGrantsToken
ErrSTSMalformedPolicyDocument
ErrSTSNotInitialized
ErrSTSInternalError
)
2019-02-14 17:54:33 -08:00
type stsErrorCodeMap map [ STSErrorCode ] STSError
func ( e stsErrorCodeMap ) ToSTSErr ( errCode STSErrorCode ) STSError {
apiErr , ok := e [ errCode ]
if ! ok {
return e [ ErrSTSInternalError ]
}
return a piErr
}
2018-10-09 14:00:01 -07:00
// error code to STSError structure, these fields carry respective
// descriptions for all the error responses.
2019-02-14 17:54:33 -08:00
var stsErrCodes = stsErrorCodeMap {
2019-02-27 17:46:55 -08:00
ErrSTSAccessDenied : {
Code : "AccessDenied" ,
Description : "Generating temporary credentials not allowed for this request." ,
HTTPStatusCode : http . StatusForbidden ,
} ,
2018-10-09 14:00:01 -07:00
ErrSTSMissingParameter : {
Code : "MissingParameter" ,
Description : "A required parameter for the specified action is not supplied." ,
HTTPStatusCode : http . StatusBadRequest ,
} ,
ErrSTSInvalidParameterValue : {
Code : "InvalidParameterValue" ,
Description : "An invalid or out-of-range value was supplied for the input parameter." ,
HTTPStatusCode : http . StatusBadRequest ,
} ,
2019-01-04 13:48:12 -08:00
ErrSTSWebIdentityExpiredToken : {
Code : "ExpiredToken" ,
Description : "The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request." ,
HTTPStatusCode : http . StatusBadRequest ,
} ,
2018-10-09 14:00:01 -07:00
ErrSTSClientGrantsExpiredToken : {
Code : "ExpiredToken" ,
2019-01-04 13:48:12 -08:00
Description : "The client grants that was passed is expired or is not valid. Get a new client grants token from the identity provider and then retry the request." ,
2018-10-09 14:00:01 -07:00
HTTPStatusCode : http . StatusBadRequest ,
} ,
ErrSTSInvalidClientGrantsToken : {
Code : "InvalidClientGrantsToken" ,
2019-04-09 11:39:42 -07:00
Description : "The client grants token that was passed could not be validated by MinIO." ,
2018-10-09 14:00:01 -07:00
HTTPStatusCode : http . StatusBadRequest ,
} ,
ErrSTSMalformedPolicyDocument : {
Code : "MalformedPolicyDocument" ,
Description : "The request was rejected because the policy document was malformed." ,
HTTPStatusCode : http . StatusBadRequest ,
} ,
ErrSTSNotInitialized : {
Code : "STSNotInitialized" ,
Description : "STS API not initialized, please try again." ,
HTTPStatusCode : http . StatusServiceUnavailable ,
} ,
ErrSTSInternalError : {
Code : "InternalError" ,
Description : "We encountered an internal error generating credentials, please try again." ,
HTTPStatusCode : http . StatusInternalServerError ,
} ,
}
2019-02-14 17:54:33 -08:00
// getSTSErrorResponse gets in standard error and
2018-10-09 14:00:01 -07:00
// provides a encodable populated response values
2019-02-14 17:54:33 -08:00
func getSTSErrorResponse ( err STSError , requestID string ) STSErrorResponse {
2018-10-09 14:00:01 -07:00
errRsp := STSErrorResponse { }
errRsp . Error . Code = err . Code
errRsp . Error . Message = err . Description
2019-02-14 17:54:33 -08:00
errRsp . RequestID = requestID
2018-10-09 14:00:01 -07:00
return errRsp
}