From 93af4a4864f82beef0d68f2211c42a35c32e0ddd Mon Sep 17 00:00:00 2001 From: Poorna Date: Thu, 17 Feb 2022 11:36:14 -0800 Subject: [PATCH] Handle non existent kms key correctly (#14329) - in PutBucketEncryption API - admin APIs for `mc admin KMS key [create|info]` - PutObject API when invalid KMS key is specified --- cmd/api-errors.go | 9 + cmd/apierrorcode_string.go | 309 +++++++++++++++--------------- cmd/bucket-encryption-handlers.go | 16 ++ cmd/encryption-v1.go | 5 + 4 files changed, 185 insertions(+), 154 deletions(-) diff --git a/cmd/api-errors.go b/cmd/api-errors.go index eaa2b2c45..ed702c8c9 100644 --- a/cmd/api-errors.go +++ b/cmd/api-errors.go @@ -212,6 +212,7 @@ const ( ErrInvalidSSECustomerParameters ErrIncompatibleEncryptionMethod ErrKMSNotConfigured + ErrKMSKeyNotFoundException ErrNoAccessKey ErrInvalidToken @@ -1127,6 +1128,11 @@ var errorCodes = errorCodeMap{ Description: "Server side encryption specified but KMS is not configured", HTTPStatusCode: http.StatusNotImplemented, }, + ErrKMSKeyNotFoundException: { + Code: "KMS.NotFoundException", + Description: "Invalid keyId", + HTTPStatusCode: http.StatusBadRequest, + }, ErrNoAccessKey: { Code: "AccessDenied", Description: "No AWSAccessKey was presented", @@ -1912,6 +1918,9 @@ func toAPIErrorCode(ctx context.Context, err error) (apiErr APIErrorCode) { apiErr = ErrIncompatibleEncryptionMethod case errKMSNotConfigured: apiErr = ErrKMSNotConfigured + case errKMSKeyNotFound: + apiErr = ErrKMSKeyNotFoundException + case context.Canceled, context.DeadlineExceeded: apiErr = ErrOperationTimedOut case errDiskNotFound: diff --git a/cmd/apierrorcode_string.go b/cmd/apierrorcode_string.go index a99493a83..c1ce07510 100644 --- a/cmd/apierrorcode_string.go +++ b/cmd/apierrorcode_string.go @@ -142,163 +142,164 @@ func _() { _ = x[ErrInvalidSSECustomerParameters-131] _ = x[ErrIncompatibleEncryptionMethod-132] _ = x[ErrKMSNotConfigured-133] - _ = x[ErrNoAccessKey-134] - _ = x[ErrInvalidToken-135] - _ = x[ErrEventNotification-136] - _ = x[ErrARNNotification-137] - _ = x[ErrRegionNotification-138] - _ = x[ErrOverlappingFilterNotification-139] - _ = x[ErrFilterNameInvalid-140] - _ = x[ErrFilterNamePrefix-141] - _ = x[ErrFilterNameSuffix-142] - _ = x[ErrFilterValueInvalid-143] - _ = x[ErrOverlappingConfigs-144] - _ = x[ErrUnsupportedNotification-145] - _ = x[ErrContentSHA256Mismatch-146] - _ = x[ErrReadQuorum-147] - _ = x[ErrWriteQuorum-148] - _ = x[ErrStorageFull-149] - _ = x[ErrRequestBodyParse-150] - _ = x[ErrObjectExistsAsDirectory-151] - _ = x[ErrInvalidObjectName-152] - _ = x[ErrInvalidObjectNamePrefixSlash-153] - _ = x[ErrInvalidResourceName-154] - _ = x[ErrServerNotInitialized-155] - _ = x[ErrOperationTimedOut-156] - _ = x[ErrClientDisconnected-157] - _ = x[ErrOperationMaxedOut-158] - _ = x[ErrInvalidRequest-159] - _ = x[ErrTransitionStorageClassNotFoundError-160] - _ = x[ErrInvalidStorageClass-161] - _ = x[ErrBackendDown-162] - _ = x[ErrMalformedJSON-163] - _ = x[ErrAdminNoSuchUser-164] - _ = x[ErrAdminNoSuchGroup-165] - _ = x[ErrAdminGroupNotEmpty-166] - _ = x[ErrAdminNoSuchPolicy-167] - _ = x[ErrAdminInvalidArgument-168] - _ = x[ErrAdminInvalidAccessKey-169] - _ = x[ErrAdminInvalidSecretKey-170] - _ = x[ErrAdminConfigNoQuorum-171] - _ = x[ErrAdminConfigTooLarge-172] - _ = x[ErrAdminConfigBadJSON-173] - _ = x[ErrAdminConfigDuplicateKeys-174] - _ = x[ErrAdminCredentialsMismatch-175] - _ = x[ErrInsecureClientRequest-176] - _ = x[ErrObjectTampered-177] - _ = x[ErrSiteReplicationInvalidRequest-178] - _ = x[ErrSiteReplicationPeerResp-179] - _ = x[ErrSiteReplicationBackendIssue-180] - _ = x[ErrSiteReplicationServiceAccountError-181] - _ = x[ErrSiteReplicationBucketConfigError-182] - _ = x[ErrSiteReplicationBucketMetaError-183] - _ = x[ErrSiteReplicationIAMError-184] - _ = x[ErrAdminBucketQuotaExceeded-185] - _ = x[ErrAdminNoSuchQuotaConfiguration-186] - _ = x[ErrHealNotImplemented-187] - _ = x[ErrHealNoSuchProcess-188] - _ = x[ErrHealInvalidClientToken-189] - _ = x[ErrHealMissingBucket-190] - _ = x[ErrHealAlreadyRunning-191] - _ = x[ErrHealOverlappingPaths-192] - _ = x[ErrIncorrectContinuationToken-193] - _ = x[ErrEmptyRequestBody-194] - _ = x[ErrUnsupportedFunction-195] - _ = x[ErrInvalidExpressionType-196] - _ = x[ErrBusy-197] - _ = x[ErrUnauthorizedAccess-198] - _ = x[ErrExpressionTooLong-199] - _ = x[ErrIllegalSQLFunctionArgument-200] - _ = x[ErrInvalidKeyPath-201] - _ = x[ErrInvalidCompressionFormat-202] - _ = x[ErrInvalidFileHeaderInfo-203] - _ = x[ErrInvalidJSONType-204] - _ = x[ErrInvalidQuoteFields-205] - _ = x[ErrInvalidRequestParameter-206] - _ = x[ErrInvalidDataType-207] - _ = x[ErrInvalidTextEncoding-208] - _ = x[ErrInvalidDataSource-209] - _ = x[ErrInvalidTableAlias-210] - _ = x[ErrMissingRequiredParameter-211] - _ = x[ErrObjectSerializationConflict-212] - _ = x[ErrUnsupportedSQLOperation-213] - _ = x[ErrUnsupportedSQLStructure-214] - _ = x[ErrUnsupportedSyntax-215] - _ = x[ErrUnsupportedRangeHeader-216] - _ = x[ErrLexerInvalidChar-217] - _ = x[ErrLexerInvalidOperator-218] - _ = x[ErrLexerInvalidLiteral-219] - _ = x[ErrLexerInvalidIONLiteral-220] - _ = x[ErrParseExpectedDatePart-221] - _ = x[ErrParseExpectedKeyword-222] - _ = x[ErrParseExpectedTokenType-223] - _ = x[ErrParseExpected2TokenTypes-224] - _ = x[ErrParseExpectedNumber-225] - _ = x[ErrParseExpectedRightParenBuiltinFunctionCall-226] - _ = x[ErrParseExpectedTypeName-227] - _ = x[ErrParseExpectedWhenClause-228] - _ = x[ErrParseUnsupportedToken-229] - _ = x[ErrParseUnsupportedLiteralsGroupBy-230] - _ = x[ErrParseExpectedMember-231] - _ = x[ErrParseUnsupportedSelect-232] - _ = x[ErrParseUnsupportedCase-233] - _ = x[ErrParseUnsupportedCaseClause-234] - _ = x[ErrParseUnsupportedAlias-235] - _ = x[ErrParseUnsupportedSyntax-236] - _ = x[ErrParseUnknownOperator-237] - _ = x[ErrParseMissingIdentAfterAt-238] - _ = x[ErrParseUnexpectedOperator-239] - _ = x[ErrParseUnexpectedTerm-240] - _ = x[ErrParseUnexpectedToken-241] - _ = x[ErrParseUnexpectedKeyword-242] - _ = x[ErrParseExpectedExpression-243] - _ = x[ErrParseExpectedLeftParenAfterCast-244] - _ = x[ErrParseExpectedLeftParenValueConstructor-245] - _ = x[ErrParseExpectedLeftParenBuiltinFunctionCall-246] - _ = x[ErrParseExpectedArgumentDelimiter-247] - _ = x[ErrParseCastArity-248] - _ = x[ErrParseInvalidTypeParam-249] - _ = x[ErrParseEmptySelect-250] - _ = x[ErrParseSelectMissingFrom-251] - _ = x[ErrParseExpectedIdentForGroupName-252] - _ = x[ErrParseExpectedIdentForAlias-253] - _ = x[ErrParseUnsupportedCallWithStar-254] - _ = x[ErrParseNonUnaryAgregateFunctionCall-255] - _ = x[ErrParseMalformedJoin-256] - _ = x[ErrParseExpectedIdentForAt-257] - _ = x[ErrParseAsteriskIsNotAloneInSelectList-258] - _ = x[ErrParseCannotMixSqbAndWildcardInSelectList-259] - _ = x[ErrParseInvalidContextForWildcardInSelectList-260] - _ = x[ErrIncorrectSQLFunctionArgumentType-261] - _ = x[ErrValueParseFailure-262] - _ = x[ErrEvaluatorInvalidArguments-263] - _ = x[ErrIntegerOverflow-264] - _ = x[ErrLikeInvalidInputs-265] - _ = x[ErrCastFailed-266] - _ = x[ErrInvalidCast-267] - _ = x[ErrEvaluatorInvalidTimestampFormatPattern-268] - _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbolForParsing-269] - _ = x[ErrEvaluatorTimestampFormatPatternDuplicateFields-270] - _ = x[ErrEvaluatorTimestampFormatPatternHourClockAmPmMismatch-271] - _ = x[ErrEvaluatorUnterminatedTimestampFormatPatternToken-272] - _ = x[ErrEvaluatorInvalidTimestampFormatPatternToken-273] - _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbol-274] - _ = x[ErrEvaluatorBindingDoesNotExist-275] - _ = x[ErrMissingHeaders-276] - _ = x[ErrInvalidColumnIndex-277] - _ = x[ErrAdminConfigNotificationTargetsFailed-278] - _ = x[ErrAdminProfilerNotEnabled-279] - _ = x[ErrInvalidDecompressedSize-280] - _ = x[ErrAddUserInvalidArgument-281] - _ = x[ErrAdminAccountNotEligible-282] - _ = x[ErrAccountNotEligible-283] - _ = x[ErrAdminServiceAccountNotFound-284] - _ = x[ErrPostPolicyConditionInvalidFormat-285] + _ = x[ErrKMSKeyNotFoundException-134] + _ = x[ErrNoAccessKey-135] + _ = x[ErrInvalidToken-136] + _ = x[ErrEventNotification-137] + _ = x[ErrARNNotification-138] + _ = x[ErrRegionNotification-139] + _ = x[ErrOverlappingFilterNotification-140] + _ = x[ErrFilterNameInvalid-141] + _ = x[ErrFilterNamePrefix-142] + _ = x[ErrFilterNameSuffix-143] + _ = x[ErrFilterValueInvalid-144] + _ = x[ErrOverlappingConfigs-145] + _ = x[ErrUnsupportedNotification-146] + _ = x[ErrContentSHA256Mismatch-147] + _ = x[ErrReadQuorum-148] + _ = x[ErrWriteQuorum-149] + _ = x[ErrStorageFull-150] + _ = x[ErrRequestBodyParse-151] + _ = x[ErrObjectExistsAsDirectory-152] + _ = x[ErrInvalidObjectName-153] + _ = x[ErrInvalidObjectNamePrefixSlash-154] + _ = x[ErrInvalidResourceName-155] + _ = x[ErrServerNotInitialized-156] + _ = x[ErrOperationTimedOut-157] + _ = x[ErrClientDisconnected-158] + _ = x[ErrOperationMaxedOut-159] + _ = x[ErrInvalidRequest-160] + _ = x[ErrTransitionStorageClassNotFoundError-161] + _ = x[ErrInvalidStorageClass-162] + _ = x[ErrBackendDown-163] + _ = x[ErrMalformedJSON-164] + _ = x[ErrAdminNoSuchUser-165] + _ = x[ErrAdminNoSuchGroup-166] + _ = x[ErrAdminGroupNotEmpty-167] + _ = x[ErrAdminNoSuchPolicy-168] + _ = x[ErrAdminInvalidArgument-169] + _ = x[ErrAdminInvalidAccessKey-170] + _ = x[ErrAdminInvalidSecretKey-171] + _ = x[ErrAdminConfigNoQuorum-172] + _ = x[ErrAdminConfigTooLarge-173] + _ = x[ErrAdminConfigBadJSON-174] + _ = x[ErrAdminConfigDuplicateKeys-175] + _ = x[ErrAdminCredentialsMismatch-176] + _ = x[ErrInsecureClientRequest-177] + _ = x[ErrObjectTampered-178] + _ = x[ErrSiteReplicationInvalidRequest-179] + _ = x[ErrSiteReplicationPeerResp-180] + _ = x[ErrSiteReplicationBackendIssue-181] + _ = x[ErrSiteReplicationServiceAccountError-182] + _ = x[ErrSiteReplicationBucketConfigError-183] + _ = x[ErrSiteReplicationBucketMetaError-184] + _ = x[ErrSiteReplicationIAMError-185] + _ = x[ErrAdminBucketQuotaExceeded-186] + _ = x[ErrAdminNoSuchQuotaConfiguration-187] + _ = x[ErrHealNotImplemented-188] + _ = x[ErrHealNoSuchProcess-189] + _ = x[ErrHealInvalidClientToken-190] + _ = x[ErrHealMissingBucket-191] + _ = x[ErrHealAlreadyRunning-192] + _ = x[ErrHealOverlappingPaths-193] + _ = x[ErrIncorrectContinuationToken-194] + _ = x[ErrEmptyRequestBody-195] + _ = x[ErrUnsupportedFunction-196] + _ = x[ErrInvalidExpressionType-197] + _ = x[ErrBusy-198] + _ = x[ErrUnauthorizedAccess-199] + _ = x[ErrExpressionTooLong-200] + _ = x[ErrIllegalSQLFunctionArgument-201] + _ = x[ErrInvalidKeyPath-202] + _ = x[ErrInvalidCompressionFormat-203] + _ = x[ErrInvalidFileHeaderInfo-204] + _ = x[ErrInvalidJSONType-205] + _ = x[ErrInvalidQuoteFields-206] + _ = x[ErrInvalidRequestParameter-207] + _ = x[ErrInvalidDataType-208] + _ = x[ErrInvalidTextEncoding-209] + _ = x[ErrInvalidDataSource-210] + _ = x[ErrInvalidTableAlias-211] + _ = x[ErrMissingRequiredParameter-212] + _ = x[ErrObjectSerializationConflict-213] + _ = x[ErrUnsupportedSQLOperation-214] + _ = x[ErrUnsupportedSQLStructure-215] + _ = x[ErrUnsupportedSyntax-216] + _ = x[ErrUnsupportedRangeHeader-217] + _ = x[ErrLexerInvalidChar-218] + _ = x[ErrLexerInvalidOperator-219] + _ = x[ErrLexerInvalidLiteral-220] + _ = x[ErrLexerInvalidIONLiteral-221] + _ = x[ErrParseExpectedDatePart-222] + _ = x[ErrParseExpectedKeyword-223] + _ = x[ErrParseExpectedTokenType-224] + _ = x[ErrParseExpected2TokenTypes-225] + _ = x[ErrParseExpectedNumber-226] + _ = x[ErrParseExpectedRightParenBuiltinFunctionCall-227] + _ = x[ErrParseExpectedTypeName-228] + _ = x[ErrParseExpectedWhenClause-229] + _ = x[ErrParseUnsupportedToken-230] + _ = x[ErrParseUnsupportedLiteralsGroupBy-231] + _ = x[ErrParseExpectedMember-232] + _ = x[ErrParseUnsupportedSelect-233] + _ = x[ErrParseUnsupportedCase-234] + _ = x[ErrParseUnsupportedCaseClause-235] + _ = x[ErrParseUnsupportedAlias-236] + _ = x[ErrParseUnsupportedSyntax-237] + _ = x[ErrParseUnknownOperator-238] + _ = x[ErrParseMissingIdentAfterAt-239] + _ = x[ErrParseUnexpectedOperator-240] + _ = x[ErrParseUnexpectedTerm-241] + _ = x[ErrParseUnexpectedToken-242] + _ = x[ErrParseUnexpectedKeyword-243] + _ = x[ErrParseExpectedExpression-244] + _ = x[ErrParseExpectedLeftParenAfterCast-245] + _ = x[ErrParseExpectedLeftParenValueConstructor-246] + _ = x[ErrParseExpectedLeftParenBuiltinFunctionCall-247] + _ = x[ErrParseExpectedArgumentDelimiter-248] + _ = x[ErrParseCastArity-249] + _ = x[ErrParseInvalidTypeParam-250] + _ = x[ErrParseEmptySelect-251] + _ = x[ErrParseSelectMissingFrom-252] + _ = x[ErrParseExpectedIdentForGroupName-253] + _ = x[ErrParseExpectedIdentForAlias-254] + _ = x[ErrParseUnsupportedCallWithStar-255] + _ = x[ErrParseNonUnaryAgregateFunctionCall-256] + _ = x[ErrParseMalformedJoin-257] + _ = x[ErrParseExpectedIdentForAt-258] + _ = x[ErrParseAsteriskIsNotAloneInSelectList-259] + _ = x[ErrParseCannotMixSqbAndWildcardInSelectList-260] + _ = x[ErrParseInvalidContextForWildcardInSelectList-261] + _ = x[ErrIncorrectSQLFunctionArgumentType-262] + _ = x[ErrValueParseFailure-263] + _ = x[ErrEvaluatorInvalidArguments-264] + _ = x[ErrIntegerOverflow-265] + _ = x[ErrLikeInvalidInputs-266] + _ = x[ErrCastFailed-267] + _ = x[ErrInvalidCast-268] + _ = x[ErrEvaluatorInvalidTimestampFormatPattern-269] + _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbolForParsing-270] + _ = x[ErrEvaluatorTimestampFormatPatternDuplicateFields-271] + _ = x[ErrEvaluatorTimestampFormatPatternHourClockAmPmMismatch-272] + _ = x[ErrEvaluatorUnterminatedTimestampFormatPatternToken-273] + _ = x[ErrEvaluatorInvalidTimestampFormatPatternToken-274] + _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbol-275] + _ = x[ErrEvaluatorBindingDoesNotExist-276] + _ = x[ErrMissingHeaders-277] + _ = x[ErrInvalidColumnIndex-278] + _ = x[ErrAdminConfigNotificationTargetsFailed-279] + _ = x[ErrAdminProfilerNotEnabled-280] + _ = x[ErrInvalidDecompressedSize-281] + _ = x[ErrAddUserInvalidArgument-282] + _ = x[ErrAdminAccountNotEligible-283] + _ = x[ErrAccountNotEligible-284] + _ = x[ErrAdminServiceAccountNotFound-285] + _ = x[ErrPostPolicyConditionInvalidFormat-286] } -const _APIErrorCode_name = "NoneAccessDeniedBadDigestEntityTooSmallEntityTooLargePolicyTooLargeIncompleteBodyInternalErrorInvalidAccessKeyIDAccessKeyDisabledInvalidBucketNameInvalidDigestInvalidRangeInvalidRangePartNumberInvalidCopyPartRangeInvalidCopyPartRangeSourceInvalidMaxKeysInvalidEncodingMethodInvalidMaxUploadsInvalidMaxPartsInvalidPartNumberMarkerInvalidPartNumberInvalidRequestBodyInvalidCopySourceInvalidMetadataDirectiveInvalidCopyDestInvalidPolicyDocumentInvalidObjectStateMalformedXMLMissingContentLengthMissingContentMD5MissingRequestBodyErrorMissingSecurityHeaderNoSuchBucketNoSuchBucketPolicyNoSuchBucketLifecycleNoSuchLifecycleConfigurationInvalidLifecycleWithObjectLockNoSuchBucketSSEConfigNoSuchCORSConfigurationNoSuchWebsiteConfigurationReplicationConfigurationNotFoundErrorRemoteDestinationNotFoundErrorReplicationDestinationMissingLockRemoteTargetNotFoundErrorReplicationRemoteConnectionErrorReplicationBandwidthLimitErrorBucketRemoteIdenticalToSourceBucketRemoteAlreadyExistsBucketRemoteLabelInUseBucketRemoteArnTypeInvalidBucketRemoteArnInvalidBucketRemoteRemoveDisallowedRemoteTargetNotVersionedErrorReplicationSourceNotVersionedErrorReplicationNeedsVersioningErrorReplicationBucketNeedsVersioningErrorReplicationDenyEditErrorReplicationNoMatchingRuleErrorObjectRestoreAlreadyInProgressNoSuchKeyNoSuchUploadInvalidVersionIDNoSuchVersionNotImplementedPreconditionFailedRequestTimeTooSkewedSignatureDoesNotMatchMethodNotAllowedInvalidPartInvalidPartOrderAuthorizationHeaderMalformedMalformedPOSTRequestPOSTFileRequiredSignatureVersionNotSupportedBucketNotEmptyAllAccessDisabledMalformedPolicyMissingFieldsMissingCredTagCredMalformedInvalidRegionInvalidServiceS3InvalidServiceSTSInvalidRequestVersionMissingSignTagMissingSignHeadersTagMalformedDateMalformedPresignedDateMalformedCredentialDateMalformedCredentialRegionMalformedExpiresNegativeExpiresAuthHeaderEmptyExpiredPresignRequestRequestNotReadyYetUnsignedHeadersMissingDateHeaderInvalidQuerySignatureAlgoInvalidQueryParamsBucketAlreadyOwnedByYouInvalidDurationBucketAlreadyExistsMetadataTooLargeUnsupportedMetadataMaximumExpiresSlowDownInvalidPrefixMarkerBadRequestKeyTooLongErrorInvalidBucketObjectLockConfigurationObjectLockConfigurationNotFoundObjectLockConfigurationNotAllowedNoSuchObjectLockConfigurationObjectLockedInvalidRetentionDatePastObjectLockRetainDateUnknownWORMModeDirectiveBucketTaggingNotFoundObjectLockInvalidHeadersInvalidTagDirectiveInvalidEncryptionMethodInsecureSSECustomerRequestSSEMultipartEncryptedSSEEncryptedObjectInvalidEncryptionParametersInvalidSSECustomerAlgorithmInvalidSSECustomerKeyMissingSSECustomerKeyMissingSSECustomerKeyMD5SSECustomerKeyMD5MismatchInvalidSSECustomerParametersIncompatibleEncryptionMethodKMSNotConfiguredNoAccessKeyInvalidTokenEventNotificationARNNotificationRegionNotificationOverlappingFilterNotificationFilterNameInvalidFilterNamePrefixFilterNameSuffixFilterValueInvalidOverlappingConfigsUnsupportedNotificationContentSHA256MismatchReadQuorumWriteQuorumStorageFullRequestBodyParseObjectExistsAsDirectoryInvalidObjectNameInvalidObjectNamePrefixSlashInvalidResourceNameServerNotInitializedOperationTimedOutClientDisconnectedOperationMaxedOutInvalidRequestTransitionStorageClassNotFoundErrorInvalidStorageClassBackendDownMalformedJSONAdminNoSuchUserAdminNoSuchGroupAdminGroupNotEmptyAdminNoSuchPolicyAdminInvalidArgumentAdminInvalidAccessKeyAdminInvalidSecretKeyAdminConfigNoQuorumAdminConfigTooLargeAdminConfigBadJSONAdminConfigDuplicateKeysAdminCredentialsMismatchInsecureClientRequestObjectTamperedSiteReplicationInvalidRequestSiteReplicationPeerRespSiteReplicationBackendIssueSiteReplicationServiceAccountErrorSiteReplicationBucketConfigErrorSiteReplicationBucketMetaErrorSiteReplicationIAMErrorAdminBucketQuotaExceededAdminNoSuchQuotaConfigurationHealNotImplementedHealNoSuchProcessHealInvalidClientTokenHealMissingBucketHealAlreadyRunningHealOverlappingPathsIncorrectContinuationTokenEmptyRequestBodyUnsupportedFunctionInvalidExpressionTypeBusyUnauthorizedAccessExpressionTooLongIllegalSQLFunctionArgumentInvalidKeyPathInvalidCompressionFormatInvalidFileHeaderInfoInvalidJSONTypeInvalidQuoteFieldsInvalidRequestParameterInvalidDataTypeInvalidTextEncodingInvalidDataSourceInvalidTableAliasMissingRequiredParameterObjectSerializationConflictUnsupportedSQLOperationUnsupportedSQLStructureUnsupportedSyntaxUnsupportedRangeHeaderLexerInvalidCharLexerInvalidOperatorLexerInvalidLiteralLexerInvalidIONLiteralParseExpectedDatePartParseExpectedKeywordParseExpectedTokenTypeParseExpected2TokenTypesParseExpectedNumberParseExpectedRightParenBuiltinFunctionCallParseExpectedTypeNameParseExpectedWhenClauseParseUnsupportedTokenParseUnsupportedLiteralsGroupByParseExpectedMemberParseUnsupportedSelectParseUnsupportedCaseParseUnsupportedCaseClauseParseUnsupportedAliasParseUnsupportedSyntaxParseUnknownOperatorParseMissingIdentAfterAtParseUnexpectedOperatorParseUnexpectedTermParseUnexpectedTokenParseUnexpectedKeywordParseExpectedExpressionParseExpectedLeftParenAfterCastParseExpectedLeftParenValueConstructorParseExpectedLeftParenBuiltinFunctionCallParseExpectedArgumentDelimiterParseCastArityParseInvalidTypeParamParseEmptySelectParseSelectMissingFromParseExpectedIdentForGroupNameParseExpectedIdentForAliasParseUnsupportedCallWithStarParseNonUnaryAgregateFunctionCallParseMalformedJoinParseExpectedIdentForAtParseAsteriskIsNotAloneInSelectListParseCannotMixSqbAndWildcardInSelectListParseInvalidContextForWildcardInSelectListIncorrectSQLFunctionArgumentTypeValueParseFailureEvaluatorInvalidArgumentsIntegerOverflowLikeInvalidInputsCastFailedInvalidCastEvaluatorInvalidTimestampFormatPatternEvaluatorInvalidTimestampFormatPatternSymbolForParsingEvaluatorTimestampFormatPatternDuplicateFieldsEvaluatorTimestampFormatPatternHourClockAmPmMismatchEvaluatorUnterminatedTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternSymbolEvaluatorBindingDoesNotExistMissingHeadersInvalidColumnIndexAdminConfigNotificationTargetsFailedAdminProfilerNotEnabledInvalidDecompressedSizeAddUserInvalidArgumentAdminAccountNotEligibleAccountNotEligibleAdminServiceAccountNotFoundPostPolicyConditionInvalidFormat" +const _APIErrorCode_name = "NoneAccessDeniedBadDigestEntityTooSmallEntityTooLargePolicyTooLargeIncompleteBodyInternalErrorInvalidAccessKeyIDAccessKeyDisabledInvalidBucketNameInvalidDigestInvalidRangeInvalidRangePartNumberInvalidCopyPartRangeInvalidCopyPartRangeSourceInvalidMaxKeysInvalidEncodingMethodInvalidMaxUploadsInvalidMaxPartsInvalidPartNumberMarkerInvalidPartNumberInvalidRequestBodyInvalidCopySourceInvalidMetadataDirectiveInvalidCopyDestInvalidPolicyDocumentInvalidObjectStateMalformedXMLMissingContentLengthMissingContentMD5MissingRequestBodyErrorMissingSecurityHeaderNoSuchBucketNoSuchBucketPolicyNoSuchBucketLifecycleNoSuchLifecycleConfigurationInvalidLifecycleWithObjectLockNoSuchBucketSSEConfigNoSuchCORSConfigurationNoSuchWebsiteConfigurationReplicationConfigurationNotFoundErrorRemoteDestinationNotFoundErrorReplicationDestinationMissingLockRemoteTargetNotFoundErrorReplicationRemoteConnectionErrorReplicationBandwidthLimitErrorBucketRemoteIdenticalToSourceBucketRemoteAlreadyExistsBucketRemoteLabelInUseBucketRemoteArnTypeInvalidBucketRemoteArnInvalidBucketRemoteRemoveDisallowedRemoteTargetNotVersionedErrorReplicationSourceNotVersionedErrorReplicationNeedsVersioningErrorReplicationBucketNeedsVersioningErrorReplicationDenyEditErrorReplicationNoMatchingRuleErrorObjectRestoreAlreadyInProgressNoSuchKeyNoSuchUploadInvalidVersionIDNoSuchVersionNotImplementedPreconditionFailedRequestTimeTooSkewedSignatureDoesNotMatchMethodNotAllowedInvalidPartInvalidPartOrderAuthorizationHeaderMalformedMalformedPOSTRequestPOSTFileRequiredSignatureVersionNotSupportedBucketNotEmptyAllAccessDisabledMalformedPolicyMissingFieldsMissingCredTagCredMalformedInvalidRegionInvalidServiceS3InvalidServiceSTSInvalidRequestVersionMissingSignTagMissingSignHeadersTagMalformedDateMalformedPresignedDateMalformedCredentialDateMalformedCredentialRegionMalformedExpiresNegativeExpiresAuthHeaderEmptyExpiredPresignRequestRequestNotReadyYetUnsignedHeadersMissingDateHeaderInvalidQuerySignatureAlgoInvalidQueryParamsBucketAlreadyOwnedByYouInvalidDurationBucketAlreadyExistsMetadataTooLargeUnsupportedMetadataMaximumExpiresSlowDownInvalidPrefixMarkerBadRequestKeyTooLongErrorInvalidBucketObjectLockConfigurationObjectLockConfigurationNotFoundObjectLockConfigurationNotAllowedNoSuchObjectLockConfigurationObjectLockedInvalidRetentionDatePastObjectLockRetainDateUnknownWORMModeDirectiveBucketTaggingNotFoundObjectLockInvalidHeadersInvalidTagDirectiveInvalidEncryptionMethodInsecureSSECustomerRequestSSEMultipartEncryptedSSEEncryptedObjectInvalidEncryptionParametersInvalidSSECustomerAlgorithmInvalidSSECustomerKeyMissingSSECustomerKeyMissingSSECustomerKeyMD5SSECustomerKeyMD5MismatchInvalidSSECustomerParametersIncompatibleEncryptionMethodKMSNotConfiguredKMSKeyNotFoundExceptionNoAccessKeyInvalidTokenEventNotificationARNNotificationRegionNotificationOverlappingFilterNotificationFilterNameInvalidFilterNamePrefixFilterNameSuffixFilterValueInvalidOverlappingConfigsUnsupportedNotificationContentSHA256MismatchReadQuorumWriteQuorumStorageFullRequestBodyParseObjectExistsAsDirectoryInvalidObjectNameInvalidObjectNamePrefixSlashInvalidResourceNameServerNotInitializedOperationTimedOutClientDisconnectedOperationMaxedOutInvalidRequestTransitionStorageClassNotFoundErrorInvalidStorageClassBackendDownMalformedJSONAdminNoSuchUserAdminNoSuchGroupAdminGroupNotEmptyAdminNoSuchPolicyAdminInvalidArgumentAdminInvalidAccessKeyAdminInvalidSecretKeyAdminConfigNoQuorumAdminConfigTooLargeAdminConfigBadJSONAdminConfigDuplicateKeysAdminCredentialsMismatchInsecureClientRequestObjectTamperedSiteReplicationInvalidRequestSiteReplicationPeerRespSiteReplicationBackendIssueSiteReplicationServiceAccountErrorSiteReplicationBucketConfigErrorSiteReplicationBucketMetaErrorSiteReplicationIAMErrorAdminBucketQuotaExceededAdminNoSuchQuotaConfigurationHealNotImplementedHealNoSuchProcessHealInvalidClientTokenHealMissingBucketHealAlreadyRunningHealOverlappingPathsIncorrectContinuationTokenEmptyRequestBodyUnsupportedFunctionInvalidExpressionTypeBusyUnauthorizedAccessExpressionTooLongIllegalSQLFunctionArgumentInvalidKeyPathInvalidCompressionFormatInvalidFileHeaderInfoInvalidJSONTypeInvalidQuoteFieldsInvalidRequestParameterInvalidDataTypeInvalidTextEncodingInvalidDataSourceInvalidTableAliasMissingRequiredParameterObjectSerializationConflictUnsupportedSQLOperationUnsupportedSQLStructureUnsupportedSyntaxUnsupportedRangeHeaderLexerInvalidCharLexerInvalidOperatorLexerInvalidLiteralLexerInvalidIONLiteralParseExpectedDatePartParseExpectedKeywordParseExpectedTokenTypeParseExpected2TokenTypesParseExpectedNumberParseExpectedRightParenBuiltinFunctionCallParseExpectedTypeNameParseExpectedWhenClauseParseUnsupportedTokenParseUnsupportedLiteralsGroupByParseExpectedMemberParseUnsupportedSelectParseUnsupportedCaseParseUnsupportedCaseClauseParseUnsupportedAliasParseUnsupportedSyntaxParseUnknownOperatorParseMissingIdentAfterAtParseUnexpectedOperatorParseUnexpectedTermParseUnexpectedTokenParseUnexpectedKeywordParseExpectedExpressionParseExpectedLeftParenAfterCastParseExpectedLeftParenValueConstructorParseExpectedLeftParenBuiltinFunctionCallParseExpectedArgumentDelimiterParseCastArityParseInvalidTypeParamParseEmptySelectParseSelectMissingFromParseExpectedIdentForGroupNameParseExpectedIdentForAliasParseUnsupportedCallWithStarParseNonUnaryAgregateFunctionCallParseMalformedJoinParseExpectedIdentForAtParseAsteriskIsNotAloneInSelectListParseCannotMixSqbAndWildcardInSelectListParseInvalidContextForWildcardInSelectListIncorrectSQLFunctionArgumentTypeValueParseFailureEvaluatorInvalidArgumentsIntegerOverflowLikeInvalidInputsCastFailedInvalidCastEvaluatorInvalidTimestampFormatPatternEvaluatorInvalidTimestampFormatPatternSymbolForParsingEvaluatorTimestampFormatPatternDuplicateFieldsEvaluatorTimestampFormatPatternHourClockAmPmMismatchEvaluatorUnterminatedTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternSymbolEvaluatorBindingDoesNotExistMissingHeadersInvalidColumnIndexAdminConfigNotificationTargetsFailedAdminProfilerNotEnabledInvalidDecompressedSizeAddUserInvalidArgumentAdminAccountNotEligibleAccountNotEligibleAdminServiceAccountNotFoundPostPolicyConditionInvalidFormat" -var _APIErrorCode_index = [...]uint16{0, 4, 16, 25, 39, 53, 67, 81, 94, 112, 129, 146, 159, 171, 193, 213, 239, 253, 274, 291, 306, 329, 346, 364, 381, 405, 420, 441, 459, 471, 491, 508, 531, 552, 564, 582, 603, 631, 661, 682, 705, 731, 768, 798, 831, 856, 888, 918, 947, 972, 994, 1020, 1042, 1070, 1099, 1133, 1164, 1201, 1225, 1255, 1285, 1294, 1306, 1322, 1335, 1349, 1367, 1387, 1408, 1424, 1435, 1451, 1479, 1499, 1515, 1543, 1557, 1574, 1589, 1602, 1616, 1629, 1642, 1658, 1675, 1696, 1710, 1731, 1744, 1766, 1789, 1814, 1830, 1845, 1860, 1881, 1899, 1914, 1931, 1956, 1974, 1997, 2012, 2031, 2047, 2066, 2080, 2088, 2107, 2117, 2132, 2168, 2199, 2232, 2261, 2273, 2293, 2317, 2341, 2362, 2386, 2405, 2428, 2454, 2475, 2493, 2520, 2547, 2568, 2589, 2613, 2638, 2666, 2694, 2710, 2721, 2733, 2750, 2765, 2783, 2812, 2829, 2845, 2861, 2879, 2897, 2920, 2941, 2951, 2962, 2973, 2989, 3012, 3029, 3057, 3076, 3096, 3113, 3131, 3148, 3162, 3197, 3216, 3227, 3240, 3255, 3271, 3289, 3306, 3326, 3347, 3368, 3387, 3406, 3424, 3448, 3472, 3493, 3507, 3536, 3559, 3586, 3620, 3652, 3682, 3705, 3729, 3758, 3776, 3793, 3815, 3832, 3850, 3870, 3896, 3912, 3931, 3952, 3956, 3974, 3991, 4017, 4031, 4055, 4076, 4091, 4109, 4132, 4147, 4166, 4183, 4200, 4224, 4251, 4274, 4297, 4314, 4336, 4352, 4372, 4391, 4413, 4434, 4454, 4476, 4500, 4519, 4561, 4582, 4605, 4626, 4657, 4676, 4698, 4718, 4744, 4765, 4787, 4807, 4831, 4854, 4873, 4893, 4915, 4938, 4969, 5007, 5048, 5078, 5092, 5113, 5129, 5151, 5181, 5207, 5235, 5268, 5286, 5309, 5344, 5384, 5426, 5458, 5475, 5500, 5515, 5532, 5542, 5553, 5591, 5645, 5691, 5743, 5791, 5834, 5878, 5906, 5920, 5938, 5974, 5997, 6020, 6042, 6065, 6083, 6110, 6142} +var _APIErrorCode_index = [...]uint16{0, 4, 16, 25, 39, 53, 67, 81, 94, 112, 129, 146, 159, 171, 193, 213, 239, 253, 274, 291, 306, 329, 346, 364, 381, 405, 420, 441, 459, 471, 491, 508, 531, 552, 564, 582, 603, 631, 661, 682, 705, 731, 768, 798, 831, 856, 888, 918, 947, 972, 994, 1020, 1042, 1070, 1099, 1133, 1164, 1201, 1225, 1255, 1285, 1294, 1306, 1322, 1335, 1349, 1367, 1387, 1408, 1424, 1435, 1451, 1479, 1499, 1515, 1543, 1557, 1574, 1589, 1602, 1616, 1629, 1642, 1658, 1675, 1696, 1710, 1731, 1744, 1766, 1789, 1814, 1830, 1845, 1860, 1881, 1899, 1914, 1931, 1956, 1974, 1997, 2012, 2031, 2047, 2066, 2080, 2088, 2107, 2117, 2132, 2168, 2199, 2232, 2261, 2273, 2293, 2317, 2341, 2362, 2386, 2405, 2428, 2454, 2475, 2493, 2520, 2547, 2568, 2589, 2613, 2638, 2666, 2694, 2710, 2733, 2744, 2756, 2773, 2788, 2806, 2835, 2852, 2868, 2884, 2902, 2920, 2943, 2964, 2974, 2985, 2996, 3012, 3035, 3052, 3080, 3099, 3119, 3136, 3154, 3171, 3185, 3220, 3239, 3250, 3263, 3278, 3294, 3312, 3329, 3349, 3370, 3391, 3410, 3429, 3447, 3471, 3495, 3516, 3530, 3559, 3582, 3609, 3643, 3675, 3705, 3728, 3752, 3781, 3799, 3816, 3838, 3855, 3873, 3893, 3919, 3935, 3954, 3975, 3979, 3997, 4014, 4040, 4054, 4078, 4099, 4114, 4132, 4155, 4170, 4189, 4206, 4223, 4247, 4274, 4297, 4320, 4337, 4359, 4375, 4395, 4414, 4436, 4457, 4477, 4499, 4523, 4542, 4584, 4605, 4628, 4649, 4680, 4699, 4721, 4741, 4767, 4788, 4810, 4830, 4854, 4877, 4896, 4916, 4938, 4961, 4992, 5030, 5071, 5101, 5115, 5136, 5152, 5174, 5204, 5230, 5258, 5291, 5309, 5332, 5367, 5407, 5449, 5481, 5498, 5523, 5538, 5555, 5565, 5576, 5614, 5668, 5714, 5766, 5814, 5857, 5901, 5929, 5943, 5961, 5997, 6020, 6043, 6065, 6088, 6106, 6133, 6165} func (i APIErrorCode) String() string { if i < 0 || i >= APIErrorCode(len(_APIErrorCode_index)-1) { diff --git a/cmd/bucket-encryption-handlers.go b/cmd/bucket-encryption-handlers.go index e26957303..fa8df219c 100644 --- a/cmd/bucket-encryption-handlers.go +++ b/cmd/bucket-encryption-handlers.go @@ -20,12 +20,15 @@ package cmd import ( "encoding/base64" "encoding/xml" + "errors" "fmt" "io" "net/http" "github.com/gorilla/mux" + "github.com/minio/kes" "github.com/minio/madmin-go" + "github.com/minio/minio/internal/kms" "github.com/minio/minio/internal/logger" "github.com/minio/pkg/bucket/policy" ) @@ -84,6 +87,19 @@ func (api objectAPIHandlers) PutBucketEncryptionHandler(w http.ResponseWriter, r writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrKMSNotConfigured), r.URL) return } + kmsKey := encConfig.KeyID() + if kmsKey != "" { + kmsContext := kms.Context{"MinIO admin API": "ServerInfoHandler"} // Context for a test key operation + _, err := GlobalKMS.GenerateKey(kmsKey, kmsContext) + if err != nil { + if errors.Is(err, kes.ErrKeyNotFound) { + writeErrorResponse(ctx, w, toAPIError(ctx, errKMSKeyNotFound), r.URL) + return + } + writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL) + return + } + } configData, err := xml.Marshal(encConfig) if err != nil { diff --git a/cmd/encryption-v1.go b/cmd/encryption-v1.go index 70a5f25dd..d1a39e338 100644 --- a/cmd/encryption-v1.go +++ b/cmd/encryption-v1.go @@ -33,6 +33,7 @@ import ( "strconv" "strings" + "github.com/minio/kes" "github.com/minio/minio/internal/crypto" "github.com/minio/minio/internal/fips" xhttp "github.com/minio/minio/internal/http" @@ -46,6 +47,7 @@ var ( errEncryptedObject = errors.New("The object was stored using a form of SSE") errInvalidSSEParameters = errors.New("The SSE-C key for key-rotation is not correct") // special access denied errKMSNotConfigured = errors.New("KMS not configured for a server side encrypted object") + errKMSKeyNotFound = errors.New("Invalid KMS keyId") // Additional MinIO errors for SSE-C requests. errObjectTampered = errors.New("The requested object was modified and may be compromised") // error returned when invalid encryption parameters are specified @@ -262,6 +264,9 @@ func newEncryptMetadata(kind crypto.Type, keyID string, key []byte, bucket, obje } key, err := GlobalKMS.GenerateKey(keyID, kmsCtx) if err != nil { + if errors.Is(err, kes.ErrKeyNotFound) { + return crypto.ObjectKey{}, errKMSKeyNotFound + } return crypto.ObjectKey{}, err }