From 0a284a1a10a4cb61e6c52e0929632ed24188db89 Mon Sep 17 00:00:00 2001
From: Aditya Manthramurthy <donatello@users.noreply.github.com>
Date: Mon, 23 Oct 2023 21:16:40 -0700
Subject: [PATCH] fix: SR: Add more info when IAM config differs (#18302)

Provide details on what IAM info mismatched when the validation fails
---
 cmd/api-errors.go          |   6 +
 cmd/apierrorcode_string.go | 221 +++++++++++++++++++------------------
 cmd/site-replication.go    |  23 ++--
 3 files changed, 131 insertions(+), 119 deletions(-)

diff --git a/cmd/api-errors.go b/cmd/api-errors.go
index 7fadcb6b7..6b77fe136 100644
--- a/cmd/api-errors.go
+++ b/cmd/api-errors.go
@@ -310,6 +310,7 @@ const (
 	ErrSiteReplicationBucketMetaError
 	ErrSiteReplicationIAMError
 	ErrSiteReplicationConfigMissing
+	ErrSiteReplicationIAMConfigMismatch
 
 	// Pool rebalance errors
 	ErrAdminRebalanceAlreadyStarted
@@ -1512,6 +1513,11 @@ var errorCodes = errorCodeMap{
 		Description:    "Site not found in site replication configuration",
 		HTTPStatusCode: http.StatusBadRequest,
 	},
+	ErrSiteReplicationIAMConfigMismatch: {
+		Code:           "XMinioSiteReplicationIAMConfigMismatch",
+		Description:    "IAM configuration mismatch between sites",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
 	ErrAdminRebalanceAlreadyStarted: {
 		Code:           "XMinioAdminRebalanceAlreadyStarted",
 		Description:    "Pool rebalance is already started",
diff --git a/cmd/apierrorcode_string.go b/cmd/apierrorcode_string.go
index 0a07f146a..581566a97 100644
--- a/cmd/apierrorcode_string.go
+++ b/cmd/apierrorcode_string.go
@@ -219,119 +219,120 @@ func _() {
 	_ = x[ErrSiteReplicationBucketMetaError-208]
 	_ = x[ErrSiteReplicationIAMError-209]
 	_ = x[ErrSiteReplicationConfigMissing-210]
-	_ = x[ErrAdminRebalanceAlreadyStarted-211]
-	_ = x[ErrAdminRebalanceNotStarted-212]
-	_ = x[ErrAdminBucketQuotaExceeded-213]
-	_ = x[ErrAdminNoSuchQuotaConfiguration-214]
-	_ = x[ErrHealNotImplemented-215]
-	_ = x[ErrHealNoSuchProcess-216]
-	_ = x[ErrHealInvalidClientToken-217]
-	_ = x[ErrHealMissingBucket-218]
-	_ = x[ErrHealAlreadyRunning-219]
-	_ = x[ErrHealOverlappingPaths-220]
-	_ = x[ErrIncorrectContinuationToken-221]
-	_ = x[ErrEmptyRequestBody-222]
-	_ = x[ErrUnsupportedFunction-223]
-	_ = x[ErrInvalidExpressionType-224]
-	_ = x[ErrBusy-225]
-	_ = x[ErrUnauthorizedAccess-226]
-	_ = x[ErrExpressionTooLong-227]
-	_ = x[ErrIllegalSQLFunctionArgument-228]
-	_ = x[ErrInvalidKeyPath-229]
-	_ = x[ErrInvalidCompressionFormat-230]
-	_ = x[ErrInvalidFileHeaderInfo-231]
-	_ = x[ErrInvalidJSONType-232]
-	_ = x[ErrInvalidQuoteFields-233]
-	_ = x[ErrInvalidRequestParameter-234]
-	_ = x[ErrInvalidDataType-235]
-	_ = x[ErrInvalidTextEncoding-236]
-	_ = x[ErrInvalidDataSource-237]
-	_ = x[ErrInvalidTableAlias-238]
-	_ = x[ErrMissingRequiredParameter-239]
-	_ = x[ErrObjectSerializationConflict-240]
-	_ = x[ErrUnsupportedSQLOperation-241]
-	_ = x[ErrUnsupportedSQLStructure-242]
-	_ = x[ErrUnsupportedSyntax-243]
-	_ = x[ErrUnsupportedRangeHeader-244]
-	_ = x[ErrLexerInvalidChar-245]
-	_ = x[ErrLexerInvalidOperator-246]
-	_ = x[ErrLexerInvalidLiteral-247]
-	_ = x[ErrLexerInvalidIONLiteral-248]
-	_ = x[ErrParseExpectedDatePart-249]
-	_ = x[ErrParseExpectedKeyword-250]
-	_ = x[ErrParseExpectedTokenType-251]
-	_ = x[ErrParseExpected2TokenTypes-252]
-	_ = x[ErrParseExpectedNumber-253]
-	_ = x[ErrParseExpectedRightParenBuiltinFunctionCall-254]
-	_ = x[ErrParseExpectedTypeName-255]
-	_ = x[ErrParseExpectedWhenClause-256]
-	_ = x[ErrParseUnsupportedToken-257]
-	_ = x[ErrParseUnsupportedLiteralsGroupBy-258]
-	_ = x[ErrParseExpectedMember-259]
-	_ = x[ErrParseUnsupportedSelect-260]
-	_ = x[ErrParseUnsupportedCase-261]
-	_ = x[ErrParseUnsupportedCaseClause-262]
-	_ = x[ErrParseUnsupportedAlias-263]
-	_ = x[ErrParseUnsupportedSyntax-264]
-	_ = x[ErrParseUnknownOperator-265]
-	_ = x[ErrParseMissingIdentAfterAt-266]
-	_ = x[ErrParseUnexpectedOperator-267]
-	_ = x[ErrParseUnexpectedTerm-268]
-	_ = x[ErrParseUnexpectedToken-269]
-	_ = x[ErrParseUnexpectedKeyword-270]
-	_ = x[ErrParseExpectedExpression-271]
-	_ = x[ErrParseExpectedLeftParenAfterCast-272]
-	_ = x[ErrParseExpectedLeftParenValueConstructor-273]
-	_ = x[ErrParseExpectedLeftParenBuiltinFunctionCall-274]
-	_ = x[ErrParseExpectedArgumentDelimiter-275]
-	_ = x[ErrParseCastArity-276]
-	_ = x[ErrParseInvalidTypeParam-277]
-	_ = x[ErrParseEmptySelect-278]
-	_ = x[ErrParseSelectMissingFrom-279]
-	_ = x[ErrParseExpectedIdentForGroupName-280]
-	_ = x[ErrParseExpectedIdentForAlias-281]
-	_ = x[ErrParseUnsupportedCallWithStar-282]
-	_ = x[ErrParseNonUnaryAgregateFunctionCall-283]
-	_ = x[ErrParseMalformedJoin-284]
-	_ = x[ErrParseExpectedIdentForAt-285]
-	_ = x[ErrParseAsteriskIsNotAloneInSelectList-286]
-	_ = x[ErrParseCannotMixSqbAndWildcardInSelectList-287]
-	_ = x[ErrParseInvalidContextForWildcardInSelectList-288]
-	_ = x[ErrIncorrectSQLFunctionArgumentType-289]
-	_ = x[ErrValueParseFailure-290]
-	_ = x[ErrEvaluatorInvalidArguments-291]
-	_ = x[ErrIntegerOverflow-292]
-	_ = x[ErrLikeInvalidInputs-293]
-	_ = x[ErrCastFailed-294]
-	_ = x[ErrInvalidCast-295]
-	_ = x[ErrEvaluatorInvalidTimestampFormatPattern-296]
-	_ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbolForParsing-297]
-	_ = x[ErrEvaluatorTimestampFormatPatternDuplicateFields-298]
-	_ = x[ErrEvaluatorTimestampFormatPatternHourClockAmPmMismatch-299]
-	_ = x[ErrEvaluatorUnterminatedTimestampFormatPatternToken-300]
-	_ = x[ErrEvaluatorInvalidTimestampFormatPatternToken-301]
-	_ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbol-302]
-	_ = x[ErrEvaluatorBindingDoesNotExist-303]
-	_ = x[ErrMissingHeaders-304]
-	_ = x[ErrInvalidColumnIndex-305]
-	_ = x[ErrAdminConfigNotificationTargetsFailed-306]
-	_ = x[ErrAdminProfilerNotEnabled-307]
-	_ = x[ErrInvalidDecompressedSize-308]
-	_ = x[ErrAddUserInvalidArgument-309]
-	_ = x[ErrAdminResourceInvalidArgument-310]
-	_ = x[ErrAdminAccountNotEligible-311]
-	_ = x[ErrAccountNotEligible-312]
-	_ = x[ErrAdminServiceAccountNotFound-313]
-	_ = x[ErrPostPolicyConditionInvalidFormat-314]
-	_ = x[ErrInvalidChecksum-315]
-	_ = x[ErrLambdaARNInvalid-316]
-	_ = x[ErrLambdaARNNotFound-317]
-	_ = x[apiErrCodeEnd-318]
+	_ = x[ErrSiteReplicationIAMConfigMismatch-211]
+	_ = x[ErrAdminRebalanceAlreadyStarted-212]
+	_ = x[ErrAdminRebalanceNotStarted-213]
+	_ = x[ErrAdminBucketQuotaExceeded-214]
+	_ = x[ErrAdminNoSuchQuotaConfiguration-215]
+	_ = x[ErrHealNotImplemented-216]
+	_ = x[ErrHealNoSuchProcess-217]
+	_ = x[ErrHealInvalidClientToken-218]
+	_ = x[ErrHealMissingBucket-219]
+	_ = x[ErrHealAlreadyRunning-220]
+	_ = x[ErrHealOverlappingPaths-221]
+	_ = x[ErrIncorrectContinuationToken-222]
+	_ = x[ErrEmptyRequestBody-223]
+	_ = x[ErrUnsupportedFunction-224]
+	_ = x[ErrInvalidExpressionType-225]
+	_ = x[ErrBusy-226]
+	_ = x[ErrUnauthorizedAccess-227]
+	_ = x[ErrExpressionTooLong-228]
+	_ = x[ErrIllegalSQLFunctionArgument-229]
+	_ = x[ErrInvalidKeyPath-230]
+	_ = x[ErrInvalidCompressionFormat-231]
+	_ = x[ErrInvalidFileHeaderInfo-232]
+	_ = x[ErrInvalidJSONType-233]
+	_ = x[ErrInvalidQuoteFields-234]
+	_ = x[ErrInvalidRequestParameter-235]
+	_ = x[ErrInvalidDataType-236]
+	_ = x[ErrInvalidTextEncoding-237]
+	_ = x[ErrInvalidDataSource-238]
+	_ = x[ErrInvalidTableAlias-239]
+	_ = x[ErrMissingRequiredParameter-240]
+	_ = x[ErrObjectSerializationConflict-241]
+	_ = x[ErrUnsupportedSQLOperation-242]
+	_ = x[ErrUnsupportedSQLStructure-243]
+	_ = x[ErrUnsupportedSyntax-244]
+	_ = x[ErrUnsupportedRangeHeader-245]
+	_ = x[ErrLexerInvalidChar-246]
+	_ = x[ErrLexerInvalidOperator-247]
+	_ = x[ErrLexerInvalidLiteral-248]
+	_ = x[ErrLexerInvalidIONLiteral-249]
+	_ = x[ErrParseExpectedDatePart-250]
+	_ = x[ErrParseExpectedKeyword-251]
+	_ = x[ErrParseExpectedTokenType-252]
+	_ = x[ErrParseExpected2TokenTypes-253]
+	_ = x[ErrParseExpectedNumber-254]
+	_ = x[ErrParseExpectedRightParenBuiltinFunctionCall-255]
+	_ = x[ErrParseExpectedTypeName-256]
+	_ = x[ErrParseExpectedWhenClause-257]
+	_ = x[ErrParseUnsupportedToken-258]
+	_ = x[ErrParseUnsupportedLiteralsGroupBy-259]
+	_ = x[ErrParseExpectedMember-260]
+	_ = x[ErrParseUnsupportedSelect-261]
+	_ = x[ErrParseUnsupportedCase-262]
+	_ = x[ErrParseUnsupportedCaseClause-263]
+	_ = x[ErrParseUnsupportedAlias-264]
+	_ = x[ErrParseUnsupportedSyntax-265]
+	_ = x[ErrParseUnknownOperator-266]
+	_ = x[ErrParseMissingIdentAfterAt-267]
+	_ = x[ErrParseUnexpectedOperator-268]
+	_ = x[ErrParseUnexpectedTerm-269]
+	_ = x[ErrParseUnexpectedToken-270]
+	_ = x[ErrParseUnexpectedKeyword-271]
+	_ = x[ErrParseExpectedExpression-272]
+	_ = x[ErrParseExpectedLeftParenAfterCast-273]
+	_ = x[ErrParseExpectedLeftParenValueConstructor-274]
+	_ = x[ErrParseExpectedLeftParenBuiltinFunctionCall-275]
+	_ = x[ErrParseExpectedArgumentDelimiter-276]
+	_ = x[ErrParseCastArity-277]
+	_ = x[ErrParseInvalidTypeParam-278]
+	_ = x[ErrParseEmptySelect-279]
+	_ = x[ErrParseSelectMissingFrom-280]
+	_ = x[ErrParseExpectedIdentForGroupName-281]
+	_ = x[ErrParseExpectedIdentForAlias-282]
+	_ = x[ErrParseUnsupportedCallWithStar-283]
+	_ = x[ErrParseNonUnaryAgregateFunctionCall-284]
+	_ = x[ErrParseMalformedJoin-285]
+	_ = x[ErrParseExpectedIdentForAt-286]
+	_ = x[ErrParseAsteriskIsNotAloneInSelectList-287]
+	_ = x[ErrParseCannotMixSqbAndWildcardInSelectList-288]
+	_ = x[ErrParseInvalidContextForWildcardInSelectList-289]
+	_ = x[ErrIncorrectSQLFunctionArgumentType-290]
+	_ = x[ErrValueParseFailure-291]
+	_ = x[ErrEvaluatorInvalidArguments-292]
+	_ = x[ErrIntegerOverflow-293]
+	_ = x[ErrLikeInvalidInputs-294]
+	_ = x[ErrCastFailed-295]
+	_ = x[ErrInvalidCast-296]
+	_ = x[ErrEvaluatorInvalidTimestampFormatPattern-297]
+	_ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbolForParsing-298]
+	_ = x[ErrEvaluatorTimestampFormatPatternDuplicateFields-299]
+	_ = x[ErrEvaluatorTimestampFormatPatternHourClockAmPmMismatch-300]
+	_ = x[ErrEvaluatorUnterminatedTimestampFormatPatternToken-301]
+	_ = x[ErrEvaluatorInvalidTimestampFormatPatternToken-302]
+	_ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbol-303]
+	_ = x[ErrEvaluatorBindingDoesNotExist-304]
+	_ = x[ErrMissingHeaders-305]
+	_ = x[ErrInvalidColumnIndex-306]
+	_ = x[ErrAdminConfigNotificationTargetsFailed-307]
+	_ = x[ErrAdminProfilerNotEnabled-308]
+	_ = x[ErrInvalidDecompressedSize-309]
+	_ = x[ErrAddUserInvalidArgument-310]
+	_ = x[ErrAdminResourceInvalidArgument-311]
+	_ = x[ErrAdminAccountNotEligible-312]
+	_ = x[ErrAccountNotEligible-313]
+	_ = x[ErrAdminServiceAccountNotFound-314]
+	_ = x[ErrPostPolicyConditionInvalidFormat-315]
+	_ = x[ErrInvalidChecksum-316]
+	_ = x[ErrLambdaARNInvalid-317]
+	_ = x[ErrLambdaARNNotFound-318]
+	_ = x[apiErrCodeEnd-319]
 }
 
-const _APIErrorCode_name = "NoneAccessDeniedBadDigestEntityTooSmallEntityTooLargePolicyTooLargeIncompleteBodyInternalErrorInvalidAccessKeyIDAccessKeyDisabledInvalidArgumentInvalidBucketNameInvalidDigestInvalidRangeInvalidRangePartNumberInvalidCopyPartRangeInvalidCopyPartRangeSourceInvalidMaxKeysInvalidEncodingMethodInvalidMaxUploadsInvalidMaxPartsInvalidPartNumberMarkerInvalidPartNumberInvalidRequestBodyInvalidCopySourceInvalidMetadataDirectiveInvalidCopyDestInvalidPolicyDocumentInvalidObjectStateMalformedXMLMissingContentLengthMissingContentMD5MissingRequestBodyErrorMissingSecurityHeaderNoSuchBucketNoSuchBucketPolicyNoSuchBucketLifecycleNoSuchLifecycleConfigurationInvalidLifecycleWithObjectLockNoSuchBucketSSEConfigNoSuchCORSConfigurationNoSuchWebsiteConfigurationReplicationConfigurationNotFoundErrorRemoteDestinationNotFoundErrorReplicationDestinationMissingLockRemoteTargetNotFoundErrorReplicationRemoteConnectionErrorReplicationBandwidthLimitErrorBucketRemoteIdenticalToSourceBucketRemoteAlreadyExistsBucketRemoteLabelInUseBucketRemoteArnTypeInvalidBucketRemoteArnInvalidBucketRemoteRemoveDisallowedRemoteTargetNotVersionedErrorReplicationSourceNotVersionedErrorReplicationNeedsVersioningErrorReplicationBucketNeedsVersioningErrorReplicationDenyEditErrorRemoteTargetDenyAddErrorReplicationNoExistingObjectsReplicationValidationErrorReplicationPermissionCheckErrorObjectRestoreAlreadyInProgressNoSuchKeyNoSuchUploadInvalidVersionIDNoSuchVersionNotImplementedPreconditionFailedRequestTimeTooSkewedSignatureDoesNotMatchMethodNotAllowedInvalidPartInvalidPartOrderMissingPartAuthorizationHeaderMalformedMalformedPOSTRequestPOSTFileRequiredSignatureVersionNotSupportedBucketNotEmptyAllAccessDisabledPolicyInvalidVersionMissingFieldsMissingCredTagCredMalformedInvalidRegionInvalidServiceS3InvalidServiceSTSInvalidRequestVersionMissingSignTagMissingSignHeadersTagMalformedDateMalformedPresignedDateMalformedCredentialDateMalformedExpiresNegativeExpiresAuthHeaderEmptyExpiredPresignRequestRequestNotReadyYetUnsignedHeadersMissingDateHeaderInvalidQuerySignatureAlgoInvalidQueryParamsBucketAlreadyOwnedByYouInvalidDurationBucketAlreadyExistsMetadataTooLargeUnsupportedMetadataUnsupportedHostHeaderMaximumExpiresSlowDownReadSlowDownWriteMaxVersionsExceededInvalidPrefixMarkerBadRequestKeyTooLongErrorInvalidBucketObjectLockConfigurationObjectLockConfigurationNotFoundObjectLockConfigurationNotAllowedNoSuchObjectLockConfigurationObjectLockedInvalidRetentionDatePastObjectLockRetainDateUnknownWORMModeDirectiveBucketTaggingNotFoundObjectLockInvalidHeadersInvalidTagDirectivePolicyAlreadyAttachedPolicyNotAttachedExcessDataInvalidEncryptionMethodInvalidEncryptionKeyIDInsecureSSECustomerRequestSSEMultipartEncryptedSSEEncryptedObjectInvalidEncryptionParametersInvalidEncryptionParametersSSECInvalidSSECustomerAlgorithmInvalidSSECustomerKeyMissingSSECustomerKeyMissingSSECustomerKeyMD5SSECustomerKeyMD5MismatchInvalidSSECustomerParametersIncompatibleEncryptionMethodKMSNotConfiguredKMSKeyNotFoundExceptionKMSDefaultKeyAlreadyConfiguredNoAccessKeyInvalidTokenEventNotificationARNNotificationRegionNotificationOverlappingFilterNotificationFilterNameInvalidFilterNamePrefixFilterNameSuffixFilterValueInvalidOverlappingConfigsUnsupportedNotificationContentSHA256MismatchContentChecksumMismatchStorageFullRequestBodyParseObjectExistsAsDirectoryInvalidObjectNameInvalidObjectNamePrefixSlashInvalidResourceNameInvalidLifecycleQueryParameterServerNotInitializedRequestTimedoutClientDisconnectedTooManyRequestsInvalidRequestTransitionStorageClassNotFoundErrorInvalidStorageClassBackendDownMalformedJSONAdminNoSuchUserAdminNoSuchUserLDAPWarnAdminNoSuchGroupAdminGroupNotEmptyAdminGroupDisabledAdminNoSuchJobAdminNoSuchPolicyAdminPolicyChangeAlreadyAppliedAdminInvalidArgumentAdminInvalidAccessKeyAdminInvalidSecretKeyAdminConfigNoQuorumAdminConfigTooLargeAdminConfigBadJSONAdminNoSuchConfigTargetAdminConfigEnvOverriddenAdminConfigDuplicateKeysAdminConfigInvalidIDPTypeAdminConfigLDAPNonDefaultConfigNameAdminConfigLDAPValidationAdminConfigIDPCfgNameAlreadyExistsAdminConfigIDPCfgNameDoesNotExistAdminCredentialsMismatchInsecureClientRequestObjectTamperedSiteReplicationInvalidRequestSiteReplicationPeerRespSiteReplicationBackendIssueSiteReplicationServiceAccountErrorSiteReplicationBucketConfigErrorSiteReplicationBucketMetaErrorSiteReplicationIAMErrorSiteReplicationConfigMissingAdminRebalanceAlreadyStartedAdminRebalanceNotStartedAdminBucketQuotaExceededAdminNoSuchQuotaConfigurationHealNotImplementedHealNoSuchProcessHealInvalidClientTokenHealMissingBucketHealAlreadyRunningHealOverlappingPathsIncorrectContinuationTokenEmptyRequestBodyUnsupportedFunctionInvalidExpressionTypeBusyUnauthorizedAccessExpressionTooLongIllegalSQLFunctionArgumentInvalidKeyPathInvalidCompressionFormatInvalidFileHeaderInfoInvalidJSONTypeInvalidQuoteFieldsInvalidRequestParameterInvalidDataTypeInvalidTextEncodingInvalidDataSourceInvalidTableAliasMissingRequiredParameterObjectSerializationConflictUnsupportedSQLOperationUnsupportedSQLStructureUnsupportedSyntaxUnsupportedRangeHeaderLexerInvalidCharLexerInvalidOperatorLexerInvalidLiteralLexerInvalidIONLiteralParseExpectedDatePartParseExpectedKeywordParseExpectedTokenTypeParseExpected2TokenTypesParseExpectedNumberParseExpectedRightParenBuiltinFunctionCallParseExpectedTypeNameParseExpectedWhenClauseParseUnsupportedTokenParseUnsupportedLiteralsGroupByParseExpectedMemberParseUnsupportedSelectParseUnsupportedCaseParseUnsupportedCaseClauseParseUnsupportedAliasParseUnsupportedSyntaxParseUnknownOperatorParseMissingIdentAfterAtParseUnexpectedOperatorParseUnexpectedTermParseUnexpectedTokenParseUnexpectedKeywordParseExpectedExpressionParseExpectedLeftParenAfterCastParseExpectedLeftParenValueConstructorParseExpectedLeftParenBuiltinFunctionCallParseExpectedArgumentDelimiterParseCastArityParseInvalidTypeParamParseEmptySelectParseSelectMissingFromParseExpectedIdentForGroupNameParseExpectedIdentForAliasParseUnsupportedCallWithStarParseNonUnaryAgregateFunctionCallParseMalformedJoinParseExpectedIdentForAtParseAsteriskIsNotAloneInSelectListParseCannotMixSqbAndWildcardInSelectListParseInvalidContextForWildcardInSelectListIncorrectSQLFunctionArgumentTypeValueParseFailureEvaluatorInvalidArgumentsIntegerOverflowLikeInvalidInputsCastFailedInvalidCastEvaluatorInvalidTimestampFormatPatternEvaluatorInvalidTimestampFormatPatternSymbolForParsingEvaluatorTimestampFormatPatternDuplicateFieldsEvaluatorTimestampFormatPatternHourClockAmPmMismatchEvaluatorUnterminatedTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternSymbolEvaluatorBindingDoesNotExistMissingHeadersInvalidColumnIndexAdminConfigNotificationTargetsFailedAdminProfilerNotEnabledInvalidDecompressedSizeAddUserInvalidArgumentAdminResourceInvalidArgumentAdminAccountNotEligibleAccountNotEligibleAdminServiceAccountNotFoundPostPolicyConditionInvalidFormatInvalidChecksumLambdaARNInvalidLambdaARNNotFoundapiErrCodeEnd"
+const _APIErrorCode_name = "NoneAccessDeniedBadDigestEntityTooSmallEntityTooLargePolicyTooLargeIncompleteBodyInternalErrorInvalidAccessKeyIDAccessKeyDisabledInvalidArgumentInvalidBucketNameInvalidDigestInvalidRangeInvalidRangePartNumberInvalidCopyPartRangeInvalidCopyPartRangeSourceInvalidMaxKeysInvalidEncodingMethodInvalidMaxUploadsInvalidMaxPartsInvalidPartNumberMarkerInvalidPartNumberInvalidRequestBodyInvalidCopySourceInvalidMetadataDirectiveInvalidCopyDestInvalidPolicyDocumentInvalidObjectStateMalformedXMLMissingContentLengthMissingContentMD5MissingRequestBodyErrorMissingSecurityHeaderNoSuchBucketNoSuchBucketPolicyNoSuchBucketLifecycleNoSuchLifecycleConfigurationInvalidLifecycleWithObjectLockNoSuchBucketSSEConfigNoSuchCORSConfigurationNoSuchWebsiteConfigurationReplicationConfigurationNotFoundErrorRemoteDestinationNotFoundErrorReplicationDestinationMissingLockRemoteTargetNotFoundErrorReplicationRemoteConnectionErrorReplicationBandwidthLimitErrorBucketRemoteIdenticalToSourceBucketRemoteAlreadyExistsBucketRemoteLabelInUseBucketRemoteArnTypeInvalidBucketRemoteArnInvalidBucketRemoteRemoveDisallowedRemoteTargetNotVersionedErrorReplicationSourceNotVersionedErrorReplicationNeedsVersioningErrorReplicationBucketNeedsVersioningErrorReplicationDenyEditErrorRemoteTargetDenyAddErrorReplicationNoExistingObjectsReplicationValidationErrorReplicationPermissionCheckErrorObjectRestoreAlreadyInProgressNoSuchKeyNoSuchUploadInvalidVersionIDNoSuchVersionNotImplementedPreconditionFailedRequestTimeTooSkewedSignatureDoesNotMatchMethodNotAllowedInvalidPartInvalidPartOrderMissingPartAuthorizationHeaderMalformedMalformedPOSTRequestPOSTFileRequiredSignatureVersionNotSupportedBucketNotEmptyAllAccessDisabledPolicyInvalidVersionMissingFieldsMissingCredTagCredMalformedInvalidRegionInvalidServiceS3InvalidServiceSTSInvalidRequestVersionMissingSignTagMissingSignHeadersTagMalformedDateMalformedPresignedDateMalformedCredentialDateMalformedExpiresNegativeExpiresAuthHeaderEmptyExpiredPresignRequestRequestNotReadyYetUnsignedHeadersMissingDateHeaderInvalidQuerySignatureAlgoInvalidQueryParamsBucketAlreadyOwnedByYouInvalidDurationBucketAlreadyExistsMetadataTooLargeUnsupportedMetadataUnsupportedHostHeaderMaximumExpiresSlowDownReadSlowDownWriteMaxVersionsExceededInvalidPrefixMarkerBadRequestKeyTooLongErrorInvalidBucketObjectLockConfigurationObjectLockConfigurationNotFoundObjectLockConfigurationNotAllowedNoSuchObjectLockConfigurationObjectLockedInvalidRetentionDatePastObjectLockRetainDateUnknownWORMModeDirectiveBucketTaggingNotFoundObjectLockInvalidHeadersInvalidTagDirectivePolicyAlreadyAttachedPolicyNotAttachedExcessDataInvalidEncryptionMethodInvalidEncryptionKeyIDInsecureSSECustomerRequestSSEMultipartEncryptedSSEEncryptedObjectInvalidEncryptionParametersInvalidEncryptionParametersSSECInvalidSSECustomerAlgorithmInvalidSSECustomerKeyMissingSSECustomerKeyMissingSSECustomerKeyMD5SSECustomerKeyMD5MismatchInvalidSSECustomerParametersIncompatibleEncryptionMethodKMSNotConfiguredKMSKeyNotFoundExceptionKMSDefaultKeyAlreadyConfiguredNoAccessKeyInvalidTokenEventNotificationARNNotificationRegionNotificationOverlappingFilterNotificationFilterNameInvalidFilterNamePrefixFilterNameSuffixFilterValueInvalidOverlappingConfigsUnsupportedNotificationContentSHA256MismatchContentChecksumMismatchStorageFullRequestBodyParseObjectExistsAsDirectoryInvalidObjectNameInvalidObjectNamePrefixSlashInvalidResourceNameInvalidLifecycleQueryParameterServerNotInitializedRequestTimedoutClientDisconnectedTooManyRequestsInvalidRequestTransitionStorageClassNotFoundErrorInvalidStorageClassBackendDownMalformedJSONAdminNoSuchUserAdminNoSuchUserLDAPWarnAdminNoSuchGroupAdminGroupNotEmptyAdminGroupDisabledAdminNoSuchJobAdminNoSuchPolicyAdminPolicyChangeAlreadyAppliedAdminInvalidArgumentAdminInvalidAccessKeyAdminInvalidSecretKeyAdminConfigNoQuorumAdminConfigTooLargeAdminConfigBadJSONAdminNoSuchConfigTargetAdminConfigEnvOverriddenAdminConfigDuplicateKeysAdminConfigInvalidIDPTypeAdminConfigLDAPNonDefaultConfigNameAdminConfigLDAPValidationAdminConfigIDPCfgNameAlreadyExistsAdminConfigIDPCfgNameDoesNotExistAdminCredentialsMismatchInsecureClientRequestObjectTamperedSiteReplicationInvalidRequestSiteReplicationPeerRespSiteReplicationBackendIssueSiteReplicationServiceAccountErrorSiteReplicationBucketConfigErrorSiteReplicationBucketMetaErrorSiteReplicationIAMErrorSiteReplicationConfigMissingSiteReplicationIAMConfigMismatchAdminRebalanceAlreadyStartedAdminRebalanceNotStartedAdminBucketQuotaExceededAdminNoSuchQuotaConfigurationHealNotImplementedHealNoSuchProcessHealInvalidClientTokenHealMissingBucketHealAlreadyRunningHealOverlappingPathsIncorrectContinuationTokenEmptyRequestBodyUnsupportedFunctionInvalidExpressionTypeBusyUnauthorizedAccessExpressionTooLongIllegalSQLFunctionArgumentInvalidKeyPathInvalidCompressionFormatInvalidFileHeaderInfoInvalidJSONTypeInvalidQuoteFieldsInvalidRequestParameterInvalidDataTypeInvalidTextEncodingInvalidDataSourceInvalidTableAliasMissingRequiredParameterObjectSerializationConflictUnsupportedSQLOperationUnsupportedSQLStructureUnsupportedSyntaxUnsupportedRangeHeaderLexerInvalidCharLexerInvalidOperatorLexerInvalidLiteralLexerInvalidIONLiteralParseExpectedDatePartParseExpectedKeywordParseExpectedTokenTypeParseExpected2TokenTypesParseExpectedNumberParseExpectedRightParenBuiltinFunctionCallParseExpectedTypeNameParseExpectedWhenClauseParseUnsupportedTokenParseUnsupportedLiteralsGroupByParseExpectedMemberParseUnsupportedSelectParseUnsupportedCaseParseUnsupportedCaseClauseParseUnsupportedAliasParseUnsupportedSyntaxParseUnknownOperatorParseMissingIdentAfterAtParseUnexpectedOperatorParseUnexpectedTermParseUnexpectedTokenParseUnexpectedKeywordParseExpectedExpressionParseExpectedLeftParenAfterCastParseExpectedLeftParenValueConstructorParseExpectedLeftParenBuiltinFunctionCallParseExpectedArgumentDelimiterParseCastArityParseInvalidTypeParamParseEmptySelectParseSelectMissingFromParseExpectedIdentForGroupNameParseExpectedIdentForAliasParseUnsupportedCallWithStarParseNonUnaryAgregateFunctionCallParseMalformedJoinParseExpectedIdentForAtParseAsteriskIsNotAloneInSelectListParseCannotMixSqbAndWildcardInSelectListParseInvalidContextForWildcardInSelectListIncorrectSQLFunctionArgumentTypeValueParseFailureEvaluatorInvalidArgumentsIntegerOverflowLikeInvalidInputsCastFailedInvalidCastEvaluatorInvalidTimestampFormatPatternEvaluatorInvalidTimestampFormatPatternSymbolForParsingEvaluatorTimestampFormatPatternDuplicateFieldsEvaluatorTimestampFormatPatternHourClockAmPmMismatchEvaluatorUnterminatedTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternSymbolEvaluatorBindingDoesNotExistMissingHeadersInvalidColumnIndexAdminConfigNotificationTargetsFailedAdminProfilerNotEnabledInvalidDecompressedSizeAddUserInvalidArgumentAdminResourceInvalidArgumentAdminAccountNotEligibleAccountNotEligibleAdminServiceAccountNotFoundPostPolicyConditionInvalidFormatInvalidChecksumLambdaARNInvalidLambdaARNNotFoundapiErrCodeEnd"
 
-var _APIErrorCode_index = [...]uint16{0, 4, 16, 25, 39, 53, 67, 81, 94, 112, 129, 144, 161, 174, 186, 208, 228, 254, 268, 289, 306, 321, 344, 361, 379, 396, 420, 435, 456, 474, 486, 506, 523, 546, 567, 579, 597, 618, 646, 676, 697, 720, 746, 783, 813, 846, 871, 903, 933, 962, 987, 1009, 1035, 1057, 1085, 1114, 1148, 1179, 1216, 1240, 1264, 1292, 1318, 1349, 1379, 1388, 1400, 1416, 1429, 1443, 1461, 1481, 1502, 1518, 1529, 1545, 1556, 1584, 1604, 1620, 1648, 1662, 1679, 1699, 1712, 1726, 1739, 1752, 1768, 1785, 1806, 1820, 1841, 1854, 1876, 1899, 1915, 1930, 1945, 1966, 1984, 1999, 2016, 2041, 2059, 2082, 2097, 2116, 2132, 2151, 2172, 2186, 2198, 2211, 2230, 2249, 2259, 2274, 2310, 2341, 2374, 2403, 2415, 2435, 2459, 2483, 2504, 2528, 2547, 2568, 2585, 2595, 2618, 2640, 2666, 2687, 2705, 2732, 2763, 2790, 2811, 2832, 2856, 2881, 2909, 2937, 2953, 2976, 3006, 3017, 3029, 3046, 3061, 3079, 3108, 3125, 3141, 3157, 3175, 3193, 3216, 3237, 3260, 3271, 3287, 3310, 3327, 3355, 3374, 3404, 3424, 3439, 3457, 3472, 3486, 3521, 3540, 3551, 3564, 3579, 3602, 3618, 3636, 3654, 3668, 3685, 3716, 3736, 3757, 3778, 3797, 3816, 3834, 3857, 3881, 3905, 3930, 3965, 3990, 4024, 4057, 4081, 4102, 4116, 4145, 4168, 4195, 4229, 4261, 4291, 4314, 4342, 4370, 4394, 4418, 4447, 4465, 4482, 4504, 4521, 4539, 4559, 4585, 4601, 4620, 4641, 4645, 4663, 4680, 4706, 4720, 4744, 4765, 4780, 4798, 4821, 4836, 4855, 4872, 4889, 4913, 4940, 4963, 4986, 5003, 5025, 5041, 5061, 5080, 5102, 5123, 5143, 5165, 5189, 5208, 5250, 5271, 5294, 5315, 5346, 5365, 5387, 5407, 5433, 5454, 5476, 5496, 5520, 5543, 5562, 5582, 5604, 5627, 5658, 5696, 5737, 5767, 5781, 5802, 5818, 5840, 5870, 5896, 5924, 5957, 5975, 5998, 6033, 6073, 6115, 6147, 6164, 6189, 6204, 6221, 6231, 6242, 6280, 6334, 6380, 6432, 6480, 6523, 6567, 6595, 6609, 6627, 6663, 6686, 6709, 6731, 6759, 6782, 6800, 6827, 6859, 6874, 6890, 6907, 6920}
+var _APIErrorCode_index = [...]uint16{0, 4, 16, 25, 39, 53, 67, 81, 94, 112, 129, 144, 161, 174, 186, 208, 228, 254, 268, 289, 306, 321, 344, 361, 379, 396, 420, 435, 456, 474, 486, 506, 523, 546, 567, 579, 597, 618, 646, 676, 697, 720, 746, 783, 813, 846, 871, 903, 933, 962, 987, 1009, 1035, 1057, 1085, 1114, 1148, 1179, 1216, 1240, 1264, 1292, 1318, 1349, 1379, 1388, 1400, 1416, 1429, 1443, 1461, 1481, 1502, 1518, 1529, 1545, 1556, 1584, 1604, 1620, 1648, 1662, 1679, 1699, 1712, 1726, 1739, 1752, 1768, 1785, 1806, 1820, 1841, 1854, 1876, 1899, 1915, 1930, 1945, 1966, 1984, 1999, 2016, 2041, 2059, 2082, 2097, 2116, 2132, 2151, 2172, 2186, 2198, 2211, 2230, 2249, 2259, 2274, 2310, 2341, 2374, 2403, 2415, 2435, 2459, 2483, 2504, 2528, 2547, 2568, 2585, 2595, 2618, 2640, 2666, 2687, 2705, 2732, 2763, 2790, 2811, 2832, 2856, 2881, 2909, 2937, 2953, 2976, 3006, 3017, 3029, 3046, 3061, 3079, 3108, 3125, 3141, 3157, 3175, 3193, 3216, 3237, 3260, 3271, 3287, 3310, 3327, 3355, 3374, 3404, 3424, 3439, 3457, 3472, 3486, 3521, 3540, 3551, 3564, 3579, 3602, 3618, 3636, 3654, 3668, 3685, 3716, 3736, 3757, 3778, 3797, 3816, 3834, 3857, 3881, 3905, 3930, 3965, 3990, 4024, 4057, 4081, 4102, 4116, 4145, 4168, 4195, 4229, 4261, 4291, 4314, 4342, 4374, 4402, 4426, 4450, 4479, 4497, 4514, 4536, 4553, 4571, 4591, 4617, 4633, 4652, 4673, 4677, 4695, 4712, 4738, 4752, 4776, 4797, 4812, 4830, 4853, 4868, 4887, 4904, 4921, 4945, 4972, 4995, 5018, 5035, 5057, 5073, 5093, 5112, 5134, 5155, 5175, 5197, 5221, 5240, 5282, 5303, 5326, 5347, 5378, 5397, 5419, 5439, 5465, 5486, 5508, 5528, 5552, 5575, 5594, 5614, 5636, 5659, 5690, 5728, 5769, 5799, 5813, 5834, 5850, 5872, 5902, 5928, 5956, 5989, 6007, 6030, 6065, 6105, 6147, 6179, 6196, 6221, 6236, 6253, 6263, 6274, 6312, 6366, 6412, 6464, 6512, 6555, 6599, 6627, 6641, 6659, 6695, 6718, 6741, 6763, 6791, 6814, 6832, 6859, 6891, 6906, 6922, 6939, 6952}
 
 func (i APIErrorCode) String() string {
 	if i < 0 || i >= APIErrorCode(len(_APIErrorCode_index)-1) {
diff --git a/cmd/site-replication.go b/cmd/site-replication.go
index ca16128db..2b4ad771d 100644
--- a/cmd/site-replication.go
+++ b/cmd/site-replication.go
@@ -154,6 +154,13 @@ func errSRConfigMissingError(err error) SRError {
 	}
 }
 
+func errSRIAMConfigMismatch(peer1, peer2 string, s1, s2 madmin.IDPSettings) SRError {
+	return SRError{
+		Cause: fmt.Errorf("IAM/IDP settings mismatch between %s and %s: %#v vs %#v", peer1, peer2, s1, s2),
+		Code:  ErrSiteReplicationIAMConfigMismatch,
+	}
+}
+
 var errSRObjectLayerNotReady = SRError{
 	Cause: fmt.Errorf("object layer not ready"),
 	Code:  ErrServerNotInitialized,
@@ -424,13 +431,10 @@ func (c *SiteReplicationSys) AddPeerClusters(ctx context.Context, psites []madmi
 	}
 
 	// validate that all clusters are using the same IDP settings.
-	pass, err := c.validateIDPSettings(ctx, sites)
+	err = c.validateIDPSettings(ctx, sites)
 	if err != nil {
 		return madmin.ReplicateAddStatus{}, err
 	}
-	if !pass {
-		return madmin.ReplicateAddStatus{}, errSRInvalidRequest(errors.New("all cluster sites must have the same IAM/IDP settings"))
-	}
 
 	// For this `add` API, either all clusters must be empty or the local
 	// cluster must be the only one having some buckets.
@@ -619,7 +623,7 @@ func (c *SiteReplicationSys) GetIDPSettings(ctx context.Context) madmin.IDPSetti
 	return s
 }
 
-func (c *SiteReplicationSys) validateIDPSettings(ctx context.Context, peers []PeerSiteInfo) (bool, error) {
+func (c *SiteReplicationSys) validateIDPSettings(ctx context.Context, peers []PeerSiteInfo) error {
 	s := make([]madmin.IDPSettings, 0, len(peers))
 	for _, v := range peers {
 		if v.self {
@@ -629,22 +633,23 @@ func (c *SiteReplicationSys) validateIDPSettings(ctx context.Context, peers []Pe
 
 		admClient, err := getAdminClient(v.Endpoint, v.AccessKey, v.SecretKey)
 		if err != nil {
-			return false, errSRPeerResp(fmt.Errorf("unable to create admin client for %s: %w", v.Name, err))
+			return errSRPeerResp(fmt.Errorf("unable to create admin client for %s: %w", v.Name, err))
 		}
 
 		is, err := admClient.SRPeerGetIDPSettings(ctx)
 		if err != nil {
-			return false, errSRPeerResp(fmt.Errorf("unable to fetch IDP settings from %s: %v", v.Name, err))
+			return errSRPeerResp(fmt.Errorf("unable to fetch IDP settings from %s: %v", v.Name, err))
 		}
 		s = append(s, is)
 	}
 
 	for i := 1; i < len(s); i++ {
 		if !reflect.DeepEqual(s[i], s[0]) {
-			return false, nil
+			return errSRIAMConfigMismatch(peers[0].Name, peers[i].Name, s[0], s[i])
 		}
 	}
-	return true, nil
+
+	return nil
 }
 
 // Netperf for site-replication net perf