mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
fix: IAM not initialized then checkKeyValid() should return 503s (#12260)
currently GetUser() returns 403 when IAM is not initialized this can lead to applications crashing, instead return 503 so that the applications can retry and backoff. fixes #12078
This commit is contained in:
parent
39d681a04a
commit
8b52d70012
@ -73,6 +73,8 @@ func prepareAdminErasureTestBed(ctx context.Context) (*adminErasureTestBed, erro
|
||||
|
||||
initAllSubsystems(ctx, objLayer)
|
||||
|
||||
globalIAMSys.InitStore(objLayer)
|
||||
|
||||
// Setup admin mgmt REST API handlers.
|
||||
adminRouter := mux.NewRouter()
|
||||
registerAdminRouter(adminRouter, true, true)
|
||||
|
@ -357,6 +357,12 @@ func TestIsReqAuthenticated(t *testing.T) {
|
||||
t.Fatalf("unable initialize config file, %s", err)
|
||||
}
|
||||
|
||||
newAllSubsystems()
|
||||
|
||||
initAllSubsystems(context.Background(), objLayer)
|
||||
|
||||
globalIAMSys.InitStore(objLayer)
|
||||
|
||||
creds, err := auth.CreateCredentials("myuser", "mypassword")
|
||||
if err != nil {
|
||||
t.Fatalf("unable create credential, %s", err)
|
||||
@ -442,6 +448,12 @@ func TestValidateAdminSignature(t *testing.T) {
|
||||
t.Fatalf("unable initialize config file, %s", err)
|
||||
}
|
||||
|
||||
newAllSubsystems()
|
||||
|
||||
initAllSubsystems(context.Background(), objLayer)
|
||||
|
||||
globalIAMSys.InitStore(objLayer)
|
||||
|
||||
creds, err := auth.CreateCredentials("admin", "mypassword")
|
||||
if err != nil {
|
||||
t.Fatalf("unable create credential, %s", err)
|
||||
|
@ -121,6 +121,12 @@ func isValidRegion(reqRegion string, confRegion string) bool {
|
||||
// check if the access key is valid and recognized, additionally
|
||||
// also returns if the access key is owner/admin.
|
||||
func checkKeyValid(accessKey string) (auth.Credentials, bool, APIErrorCode) {
|
||||
if !globalIAMSys.Initialized() && !globalIsGateway {
|
||||
// Check if server has initialized, then only proceed
|
||||
// to check for IAM users otherwise its okay for clients
|
||||
// to retry with 503 errors when server is coming up.
|
||||
return auth.Credentials{}, false, ErrServerNotInitialized
|
||||
}
|
||||
var owner = true
|
||||
var cred = globalActiveCred
|
||||
if cred.AccessKey != accessKey {
|
||||
|
@ -352,6 +352,8 @@ func UnstartedTestServer(t TestErrHandler, instanceType string) TestServer {
|
||||
|
||||
initAllSubsystems(ctx, objLayer)
|
||||
|
||||
globalIAMSys.InitStore(objLayer)
|
||||
|
||||
return testServer
|
||||
}
|
||||
|
||||
@ -1571,6 +1573,8 @@ func newTestObjectLayer(ctx context.Context, endpointServerPools EndpointServerP
|
||||
|
||||
initAllSubsystems(ctx, z)
|
||||
|
||||
globalIAMSys.InitStore(z)
|
||||
|
||||
return z, nil
|
||||
}
|
||||
|
||||
@ -1617,6 +1621,8 @@ func initAPIHandlerTest(obj ObjectLayer, endpoints []string) (string, http.Handl
|
||||
|
||||
initAllSubsystems(context.Background(), obj)
|
||||
|
||||
globalIAMSys.InitStore(obj)
|
||||
|
||||
// get random bucket name.
|
||||
bucketName := getRandomBucketName()
|
||||
|
||||
@ -1909,6 +1915,8 @@ func ExecObjectLayerTest(t TestErrHandler, objTest objTestType) {
|
||||
|
||||
initAllSubsystems(ctx, objLayer)
|
||||
|
||||
globalIAMSys.InitStore(objLayer)
|
||||
|
||||
// Executing the object layer tests for single node setup.
|
||||
objTest(objLayer, FSTestStr, t)
|
||||
|
||||
@ -1928,6 +1936,8 @@ func ExecObjectLayerTest(t TestErrHandler, objTest objTestType) {
|
||||
|
||||
initAllSubsystems(ctx, objLayer)
|
||||
|
||||
globalIAMSys.InitStore(objLayer)
|
||||
|
||||
defer removeRoots(append(fsDirs, fsDir))
|
||||
// Executing the object layer tests for Erasure.
|
||||
objTest(objLayer, ErasureTestStr, t)
|
||||
|
Loading…
Reference in New Issue
Block a user