diff --git a/cmd/admin-handler-utils.go b/cmd/admin-handler-utils.go index d8c38767b..a6658468a 100644 --- a/cmd/admin-handler-utils.go +++ b/cmd/admin-handler-utils.go @@ -22,8 +22,7 @@ import ( "errors" "net/http" - "github.com/minio/minio/internal/kms" - + "github.com/minio/kes" "github.com/minio/madmin-go" "github.com/minio/minio/internal/auth" "github.com/minio/minio/internal/config" @@ -145,7 +144,7 @@ func toAdminAPIErr(ctx context.Context, err error) APIError { Description: "The policy cannot be removed, as it is in use", HTTPStatusCode: http.StatusBadRequest, } - case kms.KeyExists(err): + case errors.Is(err, kes.ErrKeyExists): apiErr = APIError{ Code: "XMinioKMSKeyExists", Description: err.Error(), diff --git a/cmd/common-main.go b/cmd/common-main.go index 7a93ec1a8..ab1f5215d 100644 --- a/cmd/common-main.go +++ b/cmd/common-main.go @@ -820,7 +820,7 @@ func handleCommonEnvVars() { // This implicitly checks that we can communicate to KES. We don't treat // a policy error as failure condition since MinIO may not have the permission // to create keys - just to generate/decrypt data encryption keys. - if err = KMS.CreateKey(defaultKeyID); err != nil && !kms.KeyExists(err) && !errors.Is(err, kes.ErrNotAllowed) { + if err = KMS.CreateKey(defaultKeyID); err != nil && !errors.Is(err, kes.ErrKeyExists) && !errors.Is(err, kes.ErrNotAllowed) { logger.Fatal(err, "Unable to initialize a connection to KES as specified by the shell environment") } GlobalKMS = KMS diff --git a/internal/kms/kes.go b/internal/kms/kes.go index 653c942e5..5227f0f2f 100644 --- a/internal/kms/kes.go +++ b/internal/kms/kes.go @@ -22,7 +22,6 @@ import ( "crypto/tls" "crypto/x509" "errors" - "net/http" "time" "github.com/minio/kes" @@ -141,10 +140,3 @@ func (c *kesClient) DecryptKey(keyID string, ciphertext []byte, ctx Context) ([] } return c.client.Decrypt(context.Background(), keyID, ciphertext, ctxBytes) } - -// KeyExists returns if key exists on KMS based on the provided error type -func KeyExists(err error) bool { - // legacyKeyExists will be used to maintain compatibility with KES versions older than v0.18.0 - legacyKeyExists := kes.NewError(http.StatusBadRequest, "key does already exist") - return errors.Is(err, kes.ErrKeyExists) || errors.Is(err, legacyKeyExists) -}