minio/pkg/madmin/utils.go

// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package madmin

import (
	"encoding/json"
	"io"
	"io/ioutil"
	"net"
	"net/http"
	"net/url"
	"strings"

	"github.com/minio/minio-go/v7/pkg/s3utils"
)

// AdminAPIVersion - admin api version used in the request.
const (
	AdminAPIVersion   = "v3"
	AdminAPIVersionV2 = "v2"
	adminAPIPrefix    = "/" + AdminAPIVersion
)

// jsonDecoder decode json to go type.
func jsonDecoder(body io.Reader, v interface{}) error {
	d := json.NewDecoder(body)
	return d.Decode(v)
}

// getEndpointURL - construct a new endpoint.
func getEndpointURL(endpoint string, secure bool) (*url.URL, error) {
	if strings.Contains(endpoint, ":") {
		host, _, err := net.SplitHostPort(endpoint)
		if err != nil {
			return nil, err
		}
		if !s3utils.IsValidIP(host) && !s3utils.IsValidDomain(host) {
			msg := "Endpoint: " + endpoint + " does not follow ip address or domain name standards."
			return nil, ErrInvalidArgument(msg)
		}
	} else {
		if !s3utils.IsValidIP(endpoint) && !s3utils.IsValidDomain(endpoint) {
			msg := "Endpoint: " + endpoint + " does not follow ip address or domain name standards."
			return nil, ErrInvalidArgument(msg)
		}
	}

	// If secure is false, use 'http' scheme.
	scheme := "https"
	if !secure {
		scheme = "http"
	}

	// Strip the obvious :443 and :80 from the endpoint
	// to avoid the signature mismatch error.
	if secure && strings.HasSuffix(endpoint, ":443") {
		endpoint = strings.TrimSuffix(endpoint, ":443")
	}
	if !secure && strings.HasSuffix(endpoint, ":80") {
		endpoint = strings.TrimSuffix(endpoint, ":80")
	}

	// Construct a secured endpoint URL.
	endpointURLStr := scheme + "://" + endpoint
	endpointURL, err := url.Parse(endpointURLStr)
	if err != nil {
		return nil, err
	}

	// Validate incoming endpoint URL.
	if err := isValidEndpointURL(endpointURL.String()); err != nil {
		return nil, err
	}
	return endpointURL, nil
}

// Verify if input endpoint URL is valid.
func isValidEndpointURL(endpointURL string) error {
	if endpointURL == "" {
		return ErrInvalidArgument("Endpoint url cannot be empty.")
	}
	url, err := url.Parse(endpointURL)
	if err != nil {
		return ErrInvalidArgument("Endpoint url cannot be parsed.")
	}
	if url.Path != "/" && url.Path != "" {
		return ErrInvalidArgument("Endpoint url cannot have fully qualified paths.")
	}
	return nil
}

// closeResponse close non nil response with any response Body.
// convenient wrapper to drain any remaining data on response body.
//
// Subsequently this allows golang http RoundTripper
// to re-use the same connection for future requests.
func closeResponse(resp *http.Response) {
	// Callers should close resp.Body when done reading from it.
	// If resp.Body is not closed, the Client's underlying RoundTripper
	// (typically Transport) may not be able to re-use a persistent TCP
	// connection to the server for a subsequent "keep-alive" request.
	if resp != nil && resp.Body != nil {
		// Drain any remaining Body and then close the connection.
		// Without this closing connection would disallow re-using
		// the same connection for future uses.
		//  - http://stackoverflow.com/a/17961593/4465767
		io.Copy(ioutil.Discard, resp.Body)
		resp.Body.Close()
	}
}
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-18 15:41:13 -04:00			`// Copyright (c) 2015-2021 MinIO, Inc.`
			`//`
			`// This file is part of MinIO Object Storage stack`
			`//`
			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// This program is distributed in the hope that it will be useful`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with this program. If not, see <http://www.gnu.org/licenses/>.`
Admin Lib: Implement Service API (#3426) Three APIs were added to control a minio server * NewAdminClient() * ServiceStop() * ServiceRestart() * ServiceStatus() 2016-12-20 17:45:17 -05:00
			`package madmin`

			`import (`
Move admin APIs to new path and add redesigned heal APIs (#5351) - Changes related to moving admin APIs - admin APIs now have an endpoint under /minio/admin - admin APIs are now versioned - a new API to server the version is added at "GET /minio/admin/version" and all API operations have the path prefix /minio/admin/v1/<operation> - new service stop API added - credentials change API is moved to /minio/admin/v1/config/credential - credentials change API and configuration get/set API now require TLS so that credentials are protected - all API requests now receive JSON - heal APIs are disabled as they will be changed substantially - Heal API changes Heal API is now provided at a single endpoint with the ability for a client to start a heal sequence on all the data in the server, a single bucket, or under a prefix within a bucket. When a heal sequence is started, the server returns a unique token that needs to be used for subsequent 'status' requests to fetch heal results. On each status request from the client, the server returns heal result records that it has accumulated since the previous status request. The server accumulates upto 1000 records and pauses healing further objects until the client requests for status. If the client does not request any further records for a long time, the server aborts the heal sequence automatically. A heal result record is returned for each entity healed on the server, such as system metadata, object metadata, buckets and objects, and has information about the before and after states on each disk. A client may request to force restart a heal sequence - this causes the running heal sequence to be aborted at the next safe spot and starts a new heal sequence. 2018-01-22 17:54:55 -05:00			`"encoding/json"`
Admin Lib: Implement Service API (#3426) Three APIs were added to control a minio server * NewAdminClient() * ServiceStop() * ServiceRestart() * ServiceStatus() 2016-12-20 17:45:17 -05:00			`"io"`
			`"io/ioutil"`
			`"net"`
			`"net/http"`
			`"net/url"`
			`"strings"`

Move dependency from minio-go v6 to v7 (#10042) 2020-07-14 12:38:05 -04:00			`"github.com/minio/minio-go/v7/pkg/s3utils"`
Admin Lib: Implement Service API (#3426) Three APIs were added to control a minio server * NewAdminClient() * ServiceStop() * ServiceRestart() * ServiceStatus() 2016-12-20 17:45:17 -05:00			`)`

fix: change policies API to return and take struct (#9181) This allows for order guarantees in returned values can be consumed safely by the caller to avoid any additional parsing and validation. Fixes #9171 2020-04-07 22:30:59 -04:00			`// AdminAPIVersion - admin api version used in the request.`
The prometheus metrics refractoring (#8003) The measures are consolidated to the following metrics - `disk_storage_used` : Disk space used by the disk. - `disk_storage_available`: Available disk space left on the disk. - `disk_storage_total`: Total disk space on the disk. - `disks_offline`: Total number of offline disks in current MinIO instance. - `disks_total`: Total number of disks in current MinIO instance. - `s3_requests_total`: Total number of s3 requests in current MinIO instance. - `s3_errors_total`: Total number of errors in s3 requests in current MinIO instance. - `s3_requests_current`: Total number of active s3 requests in current MinIO instance. - `internode_rx_bytes_total`: Total number of internode bytes received by current MinIO server instance. - `internode_tx_bytes_total`: Total number of bytes sent to the other nodes by current MinIO server instance. - `s3_rx_bytes_total`: Total number of s3 bytes received by current MinIO server instance. - `s3_tx_bytes_total`: Total number of s3 bytes sent by current MinIO server instance. - `minio_version_info`: Current MinIO version with commit-id. - `s3_ttfb_seconds_bucket`: Histogram that holds the latency information of the requests. And this PR also modifies the current StorageInfo queries - Decouples StorageInfo from ServerInfo . - StorageInfo is enhanced to give endpoint information. NOTE: ADMIN API VERSION IS BUMPED UP IN THIS PR Fixes #7873 2019-10-23 00:01:14 -04:00			`const (`
fix: change policies API to return and take struct (#9181) This allows for order guarantees in returned values can be consumed safely by the caller to avoid any additional parsing and validation. Fixes #9171 2020-04-07 22:30:59 -04:00			`AdminAPIVersion = "v3"`
			`AdminAPIVersionV2 = "v2"`
			`adminAPIPrefix = "/" + AdminAPIVersion`
The prometheus metrics refractoring (#8003) The measures are consolidated to the following metrics - `disk_storage_used` : Disk space used by the disk. - `disk_storage_available`: Available disk space left on the disk. - `disk_storage_total`: Total disk space on the disk. - `disks_offline`: Total number of offline disks in current MinIO instance. - `disks_total`: Total number of disks in current MinIO instance. - `s3_requests_total`: Total number of s3 requests in current MinIO instance. - `s3_errors_total`: Total number of errors in s3 requests in current MinIO instance. - `s3_requests_current`: Total number of active s3 requests in current MinIO instance. - `internode_rx_bytes_total`: Total number of internode bytes received by current MinIO server instance. - `internode_tx_bytes_total`: Total number of bytes sent to the other nodes by current MinIO server instance. - `s3_rx_bytes_total`: Total number of s3 bytes received by current MinIO server instance. - `s3_tx_bytes_total`: Total number of s3 bytes sent by current MinIO server instance. - `minio_version_info`: Current MinIO version with commit-id. - `s3_ttfb_seconds_bucket`: Histogram that holds the latency information of the requests. And this PR also modifies the current StorageInfo queries - Decouples StorageInfo from ServerInfo . - StorageInfo is enhanced to give endpoint information. NOTE: ADMIN API VERSION IS BUMPED UP IN THIS PR Fixes #7873 2019-10-23 00:01:14 -04:00			`)`

Move admin APIs to new path and add redesigned heal APIs (#5351) - Changes related to moving admin APIs - admin APIs now have an endpoint under /minio/admin - admin APIs are now versioned - a new API to server the version is added at "GET /minio/admin/version" and all API operations have the path prefix /minio/admin/v1/<operation> - new service stop API added - credentials change API is moved to /minio/admin/v1/config/credential - credentials change API and configuration get/set API now require TLS so that credentials are protected - all API requests now receive JSON - heal APIs are disabled as they will be changed substantially - Heal API changes Heal API is now provided at a single endpoint with the ability for a client to start a heal sequence on all the data in the server, a single bucket, or under a prefix within a bucket. When a heal sequence is started, the server returns a unique token that needs to be used for subsequent 'status' requests to fetch heal results. On each status request from the client, the server returns heal result records that it has accumulated since the previous status request. The server accumulates upto 1000 records and pauses healing further objects until the client requests for status. If the client does not request any further records for a long time, the server aborts the heal sequence automatically. A heal result record is returned for each entity healed on the server, such as system metadata, object metadata, buckets and objects, and has information about the before and after states on each disk. A client may request to force restart a heal sequence - this causes the running heal sequence to be aborted at the next safe spot and starts a new heal sequence. 2018-01-22 17:54:55 -05:00			`// jsonDecoder decode json to go type.`
			`func jsonDecoder(body io.Reader, v interface{}) error {`
			`d := json.NewDecoder(body)`
admin: Add service Set Credentials API (#3580) 2017-01-17 17:25:59 -05:00			`return d.Decode(v)`
			`}`

Admin Lib: Implement Service API (#3426) Three APIs were added to control a minio server * NewAdminClient() * ServiceStop() * ServiceRestart() * ServiceStatus() 2016-12-20 17:45:17 -05:00			`// getEndpointURL - construct a new endpoint.`
			`func getEndpointURL(endpoint string, secure bool) (*url.URL, error) {`
			`if strings.Contains(endpoint, ":") {`
			`host, _, err := net.SplitHostPort(endpoint)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if !s3utils.IsValidIP(host) && !s3utils.IsValidDomain(host) {`
			`msg := "Endpoint: " + endpoint + " does not follow ip address or domain name standards."`
			`return nil, ErrInvalidArgument(msg)`
			`}`
			`} else {`
			`if !s3utils.IsValidIP(endpoint) && !s3utils.IsValidDomain(endpoint) {`
			`msg := "Endpoint: " + endpoint + " does not follow ip address or domain name standards."`
			`return nil, ErrInvalidArgument(msg)`
			`}`
			`}`
madmin: Strip 80/443 from the endpoint when http/https (#9937) Users having endpoints with this format http://url:80 or http://url:443 will face signature mismatch error. The reason is that S3 spec ignores :80 or :443 port in the endpoint when calculating the signature, so this PR will just strip them. 2020-06-29 15:31:07 -04:00
Admin Lib: Implement Service API (#3426) Three APIs were added to control a minio server * NewAdminClient() * ServiceStop() * ServiceRestart() * ServiceStatus() 2016-12-20 17:45:17 -05:00			`// If secure is false, use 'http' scheme.`
			`scheme := "https"`
			`if !secure {`
			`scheme = "http"`
			`}`

madmin: Strip 80/443 from the endpoint when http/https (#9937) Users having endpoints with this format http://url:80 or http://url:443 will face signature mismatch error. The reason is that S3 spec ignores :80 or :443 port in the endpoint when calculating the signature, so this PR will just strip them. 2020-06-29 15:31:07 -04:00			`// Strip the obvious :443 and :80 from the endpoint`
			`// to avoid the signature mismatch error.`
			`if secure && strings.HasSuffix(endpoint, ":443") {`
			`endpoint = strings.TrimSuffix(endpoint, ":443")`
			`}`
			`if !secure && strings.HasSuffix(endpoint, ":80") {`
			`endpoint = strings.TrimSuffix(endpoint, ":80")`
			`}`

Admin Lib: Implement Service API (#3426) Three APIs were added to control a minio server * NewAdminClient() * ServiceStop() * ServiceRestart() * ServiceStatus() 2016-12-20 17:45:17 -05:00			`// Construct a secured endpoint URL.`
			`endpointURLStr := scheme + "://" + endpoint`
			`endpointURL, err := url.Parse(endpointURLStr)`
			`if err != nil {`
			`return nil, err`
			`}`

			`// Validate incoming endpoint URL.`
			`if err := isValidEndpointURL(endpointURL.String()); err != nil {`
			`return nil, err`
			`}`
			`return endpointURL, nil`
			`}`

			`// Verify if input endpoint URL is valid.`
			`func isValidEndpointURL(endpointURL string) error {`
			`if endpointURL == "" {`
			`return ErrInvalidArgument("Endpoint url cannot be empty.")`
			`}`
			`url, err := url.Parse(endpointURL)`
			`if err != nil {`
			`return ErrInvalidArgument("Endpoint url cannot be parsed.")`
			`}`
			`if url.Path != "/" && url.Path != "" {`
			`return ErrInvalidArgument("Endpoint url cannot have fully qualified paths.")`
			`}`
			`return nil`
			`}`

			`// closeResponse close non nil response with any response Body.`
			`// convenient wrapper to drain any remaining data on response body.`
			`//`
			`// Subsequently this allows golang http RoundTripper`
			`// to re-use the same connection for future requests.`
			`func closeResponse(resp *http.Response) {`
			`// Callers should close resp.Body when done reading from it.`
			`// If resp.Body is not closed, the Client's underlying RoundTripper`
			`// (typically Transport) may not be able to re-use a persistent TCP`
			`// connection to the server for a subsequent "keep-alive" request.`
			`if resp != nil && resp.Body != nil {`
			`// Drain any remaining Body and then close the connection.`
			`// Without this closing connection would disallow re-using`
			`// the same connection for future uses.`
			`// - http://stackoverflow.com/a/17961593/4465767`
			`io.Copy(ioutil.Discard, resp.Body)`
			`resp.Body.Close()`
			`}`
			`}`