fix: translate tier add errors properly (#16191)

cmd/admin-handler-utils.go

@@ -210,24 +210,6 @@ func toAdminAPIErr(ctx context.Context, err error) APIError {
 				Description:    err.Error(),
 				HTTPStatusCode: http.StatusBadRequest,
 			}
-		case errors.Is(err, errTierBackendInUse):
-			apiErr = APIError{
-				Code:           "XMinioAdminTierBackendInUse",
-				Description:    err.Error(),
-				HTTPStatusCode: http.StatusBadRequest,
-			}
-		case errors.Is(err, errTierBackendNotEmpty):
-			apiErr = APIError{
-				Code:           "XMinioAdminTierBackendNotEmpty",
-				Description:    err.Error(),
-				HTTPStatusCode: http.StatusBadRequest,
-			}
-		case errors.Is(err, errTierInsufficientCreds):
-			apiErr = APIError{
-				Code:           "XMinioAdminTierInsufficientCreds",
-				Description:    err.Error(),
-				HTTPStatusCode: http.StatusBadRequest,
-			}
 		case errIsTierPermError(err):
 			apiErr = APIError{
 				Code:           "XMinioAdminTierInsufficientPermissions",

cmd/tier-handlers.go

@@ -100,6 +100,7 @@ func (api adminAPIHandlers) AddTierHandler(w http.ResponseWriter, r *http.Reques
 		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, errTierReservedName), r.URL)
 		return
 	}
+
 	// Refresh from the disk in case we had missed notifications about edits from peers.
 	if err := globalTierConfigMgr.Reload(ctx, objAPI); err != nil {
 		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)

cmd/tier.go

@@ -22,8 +22,8 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/binary"
-	"errors"
 	"fmt"
+	"net/http"
 	"path"
 	"strings"
 	"sync"
@@ -37,10 +37,29 @@ import (
 //go:generate msgp -file $GOFILE
 
 var (
-	errTierInsufficientCreds = errors.New("insufficient tier credentials supplied")
+	errTierMissingCredentials = AdminError{
-	errTierBackendInUse      = errors.New("remote tier backend already in use")
+		Code:       "XMinioAdminTierMissingCredentials",
-	errTierTypeUnsupported   = errors.New("unsupported tier type")
+		Message:    "Specified remote credentials are empty",
-	errTierBackendNotEmpty   = errors.New("remote tier not empty")
+		StatusCode: http.StatusForbidden,
+	}
+
+	errTierBackendInUse = AdminError{
+		Code:       "XMinioAdminTierBackendInUse",
+		Message:    "Specified remote tier is already in use",
+		StatusCode: http.StatusConflict,
+	}
+
+	errTierTypeUnsupported = AdminError{
+		Code:       "XMinioAdminTierTypeUnsupported",
+		Message:    "Specified tier type is unsupported",
+		StatusCode: http.StatusBadRequest,
+	}
+
+	errTierBackendNotEmpty = AdminError{
+		Code:       "XMinioAdminTierBackendNotEmpty",
+		Message:    "Specified remote backend is not empty",
+		StatusCode: http.StatusBadRequest,
+	}
 )
 
 const (
@@ -185,7 +204,7 @@ func (config *TierConfigMgr) Edit(ctx context.Context, tierName string, creds ma
 	switch tierType {
 	case madmin.S3:
 		if (creds.AccessKey == "" || creds.SecretKey == "") && !creds.AWSRole {
-			return errTierInsufficientCreds
+			return errTierMissingCredentials
 		}
 		switch {
 		case creds.AWSRole:
@@ -196,18 +215,18 @@ func (config *TierConfigMgr) Edit(ctx context.Context, tierName string, creds ma
 		}
 	case madmin.Azure:
 		if creds.SecretKey == "" {
-			return errTierInsufficientCreds
+			return errTierMissingCredentials
 		}
 		cfg.Azure.AccountKey = creds.SecretKey
 
 	case madmin.GCS:
 		if creds.CredsJSON == nil {
-			return errTierInsufficientCreds
+			return errTierMissingCredentials
 		}
 		cfg.GCS.Creds = base64.URLEncoding.EncodeToString(creds.CredsJSON)
 	case madmin.MinIO:
 		if creds.AccessKey == "" || creds.SecretKey == "" {
-			return errTierInsufficientCreds
+			return errTierMissingCredentials
 		}
 		cfg.MinIO.AccessKey = creds.AccessKey
 		cfg.MinIO.SecretKey = creds.SecretKey