Add more context aware error for policy parsing errors (#8726)

In existing functionality we simply return a generic error such as "MalformedPolicy" which indicates just a generic string "invalid resource" which is not very meaningful when there might be multiple types of errors during policy parsing. This PR ensures that we send these errors back to client to indicate the actual error, brings in two concrete types such as - iampolicy.Error - policy.Error Refer #8202
2025-11-09 13:39:46 -05:00 · 2020-01-03 11:28:52 -08:00
parent 84e55e2e6f
commit 6695fd6a61
23 changed files with 141 additions and 67 deletions
--- a/cmd/admin-handlers-users.go
+++ b/cmd/admin-handlers-users.go
@@ -484,7 +484,7 @@ func (a adminAPIHandlers) AddCannedPolicy(w http.ResponseWriter, r *http.Request

 	iamPolicy, err := iampolicy.ParseConfig(io.LimitReader(r.Body, r.ContentLength))
 	if err != nil {
-		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrMalformedPolicy), r.URL)
+		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
 		return
 	}

--- a/cmd/admin-handlers.go
+++ b/cmd/admin-handlers.go
@@ -979,6 +979,12 @@ func toAdminAPIErr(ctx context.Context, err error) APIError {

 	var apiErr APIError
 	switch e := err.(type) {
+	case iampolicy.Error:
+		apiErr = APIError{
+			Code:           "XMinioMalformedIAMPolicy",
+			Description:    e.Error(),
+			HTTPStatusCode: http.StatusBadRequest,
+		}
 	case config.Error:
 		apiErr = APIError{
 			Code:           "XMinioConfigError",
--- a/cmd/api-errors.go
+++ b/cmd/api-errors.go
@@ -34,6 +34,7 @@ import (
 	"github.com/minio/minio/pkg/auth"
 	"github.com/minio/minio/pkg/event"
 	"github.com/minio/minio/pkg/hash"
+	"github.com/minio/minio/pkg/policy"
 )

 // APIError structure
@@ -1772,6 +1773,12 @@ func toAPIError(ctx context.Context, err error) APIError {
 		// their internal error types. This code is only
 		// useful with gateway implementations.
 		switch e := err.(type) {
+		case policy.Error:
+			apiErr = APIError{
+				Code:           "MalformedPolicy",
+				Description:    e.Error(),
+				HTTPStatusCode: http.StatusBadRequest,
+			}
 		case crypto.Error:
 			apiErr = APIError{
 				Code:           "XKMSInternalError",
--- a/cmd/bucket-policy-handlers.go
+++ b/cmd/bucket-policy-handlers.go
@@ -77,7 +77,7 @@ func (api objectAPIHandlers) PutBucketPolicyHandler(w http.ResponseWriter, r *ht

 	bucketPolicy, err := policy.ParseConfig(io.LimitReader(r.Body, r.ContentLength), bucket)
 	if err != nil {
-		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrMalformedPolicy), r.URL, guessIsBrowserReq(r))
+		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL, guessIsBrowserReq(r))
 		return
 	}

--- a/cmd/web-handlers.go
+++ b/cmd/web-handlers.go
@@ -2106,11 +2106,7 @@ func toWebAPIError(ctx context.Context, err error) APIError {

 	// Log unexpected and unhandled errors.
 	logger.LogIf(ctx, err)
-	return APIError{
-		Code:           "InternalError",
-		HTTPStatusCode: http.StatusInternalServerError,
-		Description:    err.Error(),
-	}
+	return toAPIError(ctx, err)
 }

 // writeWebErrorResponse - set HTTP status code and write error description to the body.