mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
Do not use a chain for S3 tiering to return better error messages (#18030)
When using a chain provider all providers do not return a valid access and secret key, an anonymous request is sent, which makes it hard for users to figure out what is going on In the case of S3 tiering, when AWS IAM temporary account generation returns an error, an anonymous login will be used because of the chain provider. Avoid this and use the AWS IAM provider directly to get a good error message.
This commit is contained in:
parent
7a7068ee47
commit
b0e1776d6d
@ -29,7 +29,6 @@ import (
|
||||
"fmt"
|
||||
"math/rand"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
"path"
|
||||
@ -54,7 +53,6 @@ import (
|
||||
"github.com/minio/kes-go"
|
||||
"github.com/minio/madmin-go/v3"
|
||||
"github.com/minio/minio-go/v7"
|
||||
"github.com/minio/minio-go/v7/pkg/credentials"
|
||||
"github.com/minio/minio-go/v7/pkg/set"
|
||||
"github.com/minio/minio/internal/auth"
|
||||
"github.com/minio/minio/internal/color"
|
||||
@ -71,10 +69,7 @@ import (
|
||||
// serverDebugLog will enable debug printing
|
||||
var serverDebugLog = env.Get("_MINIO_SERVER_DEBUG", config.EnableOff) == config.EnableOn
|
||||
|
||||
var (
|
||||
shardDiskTimeDelta time.Duration
|
||||
defaultAWSCredProvider []credentials.Provider
|
||||
)
|
||||
var shardDiskTimeDelta time.Duration
|
||||
|
||||
func init() {
|
||||
if runtime.GOOS == "windows" {
|
||||
@ -112,14 +107,6 @@ func init() {
|
||||
gob.Register(madmin.XFSErrorConfigs{})
|
||||
gob.Register(map[string]interface{}{})
|
||||
|
||||
defaultAWSCredProvider = []credentials.Provider{
|
||||
&credentials.IAM{
|
||||
Client: &http.Client{
|
||||
Transport: NewHTTPTransport(),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
var err error
|
||||
shardDiskTimeDelta, err = time.ParseDuration(env.Get("_MINIO_SHARD_DISKTIME_DELTA", "1m"))
|
||||
if err != nil {
|
||||
|
@ -115,7 +115,11 @@ func newWarmBackendS3(conf madmin.TierS3, tier string) (*warmBackendS3, error) {
|
||||
}
|
||||
var creds *credentials.Credentials
|
||||
if conf.AWSRole {
|
||||
creds = credentials.NewChainCredentials(defaultAWSCredProvider)
|
||||
creds = credentials.New(&credentials.IAM{
|
||||
Client: &http.Client{
|
||||
Transport: NewHTTPTransport(),
|
||||
},
|
||||
})
|
||||
} else {
|
||||
creds = credentials.NewStaticV4(conf.AccessKey, conf.SecretKey, "")
|
||||
}
|
||||
|
@ -117,7 +117,7 @@ type tierPermErr struct {
|
||||
}
|
||||
|
||||
func (te tierPermErr) Error() string {
|
||||
return fmt.Sprintf("failed to perform %s %v", te.Op, te.Err)
|
||||
return fmt.Sprintf("failed to perform %s: %v", te.Op, te.Err)
|
||||
}
|
||||
|
||||
func errIsTierPermError(err error) bool {
|
||||
|
Loading…
Reference in New Issue
Block a user