MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-07 05:10:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

validate setBucketTarget properly as per BucketExists() call (#15860)

Browse Source
This commit is contained in:
Harshavardhana 2022-10-13 17:46:49 -07:00 committed by GitHub
parent 0e3c92c027
commit 59e33b3b21
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/bucket-replication.go
View File

@ -39,6 +39,7 @@ import (
"github.com/minio/minio-go/v7/pkg/encrypt" "github.com/minio/minio-go/v7/pkg/encrypt"
"github.com/minio/minio-go/v7/pkg/tags" "github.com/minio/minio-go/v7/pkg/tags"
"github.com/minio/minio/internal/bucket/bandwidth" "github.com/minio/minio/internal/bucket/bandwidth"
objectlock "github.com/minio/minio/internal/bucket/object/lock"
"github.com/minio/minio/internal/bucket/replication" "github.com/minio/minio/internal/bucket/replication"
"github.com/minio/minio/internal/config/storageclass" "github.com/minio/minio/internal/config/storageclass"
"github.com/minio/minio/internal/crypto" "github.com/minio/minio/internal/crypto"
@ -117,15 +118,22 @@ func validateReplicationDestination(ctx context.Context, bucket string, rCfg *re
return sameTarget, toAPIError(ctx, BucketRemoteTargetNotFound{Bucket: bucket}) return sameTarget, toAPIError(ctx, BucketRemoteTargetNotFound{Bucket: bucket})
} }
if checkRemote { // validate remote bucket if checkRemote { // validate remote bucket
if found, err := clnt.BucketExists(ctx, arn.Bucket); !found { found, err := clnt.BucketExists(ctx, arn.Bucket)
if err != nil {
return sameTarget, errorCodes.ToAPIErrWithErr(ErrRemoteDestinationNotFoundError, err) return sameTarget, errorCodes.ToAPIErrWithErr(ErrRemoteDestinationNotFoundError, err)
} }
if !found {
return sameTarget, errorCodes.ToAPIErrWithErr(ErrRemoteDestinationNotFoundError, BucketRemoteTargetNotFound{Bucket: arn.Bucket})
}
if ret, err := globalBucketObjectLockSys.Get(bucket); err == nil { if ret, err := globalBucketObjectLockSys.Get(bucket); err == nil {
if ret.LockEnabled { if ret.LockEnabled {
lock, _, _, _, err := clnt.GetObjectLockConfig(ctx, arn.Bucket) lock, _, _, _, err := clnt.GetObjectLockConfig(ctx, arn.Bucket)
if err != nil || lock != "Enabled" { if err != nil {
return sameTarget, errorCodes.ToAPIErrWithErr(ErrReplicationDestinationMissingLock, err) return sameTarget, errorCodes.ToAPIErrWithErr(ErrReplicationDestinationMissingLock, err)
} }
if lock != objectlock.Enabled {
return sameTarget, errorCodes.ToAPIErrWithErr(ErrReplicationDestinationMissingLock, nil)
}
} }
} }
} }

9
cmd/bucket-targets.go
View File

@ -30,7 +30,6 @@ import (
miniogo "github.com/minio/minio-go/v7" miniogo "github.com/minio/minio-go/v7"
"github.com/minio/minio-go/v7/pkg/credentials" "github.com/minio/minio-go/v7/pkg/credentials"
"github.com/minio/minio/internal/bucket/replication" "github.com/minio/minio/internal/bucket/replication"
"github.com/minio/minio/internal/bucket/versioning"
"github.com/minio/minio/internal/crypto" "github.com/minio/minio/internal/crypto"
"github.com/minio/minio/internal/kms" "github.com/minio/minio/internal/kms"
"github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/logger"
@ -220,12 +219,16 @@ func (sys *BucketTargetSys) SetTarget(ctx context.Context, bucket string, tgt *m
return BucketRemoteTargetNotFound{Bucket: tgt.TargetBucket} return BucketRemoteTargetNotFound{Bucket: tgt.TargetBucket}
} }
// validate if target credentials are ok // validate if target credentials are ok
if _, err = clnt.BucketExists(ctx, tgt.TargetBucket); err != nil { exists, err := clnt.BucketExists(ctx, tgt.TargetBucket)
if err != nil {
if minio.ToErrorResponse(err).Code == "NoSuchBucket" { if minio.ToErrorResponse(err).Code == "NoSuchBucket" {
return BucketRemoteTargetNotFound{Bucket: tgt.TargetBucket} return BucketRemoteTargetNotFound{Bucket: tgt.TargetBucket}
} }
return RemoteTargetConnectionErr{Bucket: tgt.TargetBucket, Err: err} return RemoteTargetConnectionErr{Bucket: tgt.TargetBucket, Err: err}
} }
if !exists {
return BucketRemoteTargetNotFound{Bucket: tgt.TargetBucket}
}
if tgt.Type == madmin.ReplicationService { if tgt.Type == madmin.ReplicationService {
if !globalBucketVersioningSys.Enabled(bucket) { if !globalBucketVersioningSys.Enabled(bucket) {
return BucketReplicationSourceNotVersioned{Bucket: bucket} return BucketReplicationSourceNotVersioned{Bucket: bucket}
@ -234,7 +237,7 @@ func (sys *BucketTargetSys) SetTarget(ctx context.Context, bucket string, tgt *m
if err != nil { if err != nil {
return RemoteTargetConnectionErr{Bucket: tgt.TargetBucket, Err: err} return RemoteTargetConnectionErr{Bucket: tgt.TargetBucket, Err: err}
} }
if vcfg.Status != string(versioning.Enabled) { if !vcfg.Enabled() {
return BucketRemoteTargetNotVersioned{Bucket: tgt.TargetBucket} return BucketRemoteTargetNotVersioned{Bucket: tgt.TargetBucket}
} }
} }

9
internal/bucket/object/lock/lock.go
View File

@ -36,6 +36,9 @@ import (
"github.com/minio/pkg/env" "github.com/minio/pkg/env"
) )
// Enabled indicates object locking is enabled
const Enabled = "Enabled"
// RetMode - object retention mode. // RetMode - object retention mode.
type RetMode string type RetMode string
@ -239,7 +242,7 @@ func (config *Config) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
return err return err
} }
if parsedConfig.ObjectLockEnabled != "Enabled" { if parsedConfig.ObjectLockEnabled != Enabled {
return fmt.Errorf("only 'Enabled' value is allowed to ObjectLockEnabled element") return fmt.Errorf("only 'Enabled' value is allowed to ObjectLockEnabled element")
} }
@ -250,7 +253,7 @@ func (config *Config) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
// ToRetention - convert to Retention type. // ToRetention - convert to Retention type.
func (config *Config) ToRetention() Retention { func (config *Config) ToRetention() Retention {
r := Retention{ r := Retention{
LockEnabled: config.ObjectLockEnabled == "Enabled", LockEnabled: config.ObjectLockEnabled == Enabled,
} }
if config.Rule != nil { if config.Rule != nil {
r.Mode = config.Rule.DefaultRetention.Mode r.Mode = config.Rule.DefaultRetention.Mode
@ -289,7 +292,7 @@ func ParseObjectLockConfig(reader io.Reader) (*Config, error) {
// NewObjectLockConfig returns a initialized lock.Config struct // NewObjectLockConfig returns a initialized lock.Config struct
func NewObjectLockConfig() *Config { func NewObjectLockConfig() *Config {
return &Config{ return &Config{
ObjectLockEnabled: "Enabled", ObjectLockEnabled: Enabled,
} }
} }