kes: remove unnecessary error conversion (#14459)

This commit removes some duplicate code that
converts KES API errors.

This code was added since KES `0.18.0` changed
some exported API errors. However, the KES SDK
handles this error conversion itself.
Therefore, it is not necessary to duplicate this
behavior in MinIO.

See: 21555fa624/error.go (L94)

Signed-off-by: Andreas Auernhammer <hi@aead.dev>
This commit is contained in:
Andreas Auernhammer 2022-03-03 18:42:37 +01:00 committed by GitHub
parent 289fcbd08c
commit b48f719b8e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 3 additions and 12 deletions

View File

@ -22,8 +22,7 @@ import (
"errors" "errors"
"net/http" "net/http"
"github.com/minio/minio/internal/kms" "github.com/minio/kes"
"github.com/minio/madmin-go" "github.com/minio/madmin-go"
"github.com/minio/minio/internal/auth" "github.com/minio/minio/internal/auth"
"github.com/minio/minio/internal/config" "github.com/minio/minio/internal/config"
@ -145,7 +144,7 @@ func toAdminAPIErr(ctx context.Context, err error) APIError {
Description: "The policy cannot be removed, as it is in use", Description: "The policy cannot be removed, as it is in use",
HTTPStatusCode: http.StatusBadRequest, HTTPStatusCode: http.StatusBadRequest,
} }
case kms.KeyExists(err): case errors.Is(err, kes.ErrKeyExists):
apiErr = APIError{ apiErr = APIError{
Code: "XMinioKMSKeyExists", Code: "XMinioKMSKeyExists",
Description: err.Error(), Description: err.Error(),

View File

@ -820,7 +820,7 @@ func handleCommonEnvVars() {
// This implicitly checks that we can communicate to KES. We don't treat // This implicitly checks that we can communicate to KES. We don't treat
// a policy error as failure condition since MinIO may not have the permission // a policy error as failure condition since MinIO may not have the permission
// to create keys - just to generate/decrypt data encryption keys. // to create keys - just to generate/decrypt data encryption keys.
if err = KMS.CreateKey(defaultKeyID); err != nil && !kms.KeyExists(err) && !errors.Is(err, kes.ErrNotAllowed) { if err = KMS.CreateKey(defaultKeyID); err != nil && !errors.Is(err, kes.ErrKeyExists) && !errors.Is(err, kes.ErrNotAllowed) {
logger.Fatal(err, "Unable to initialize a connection to KES as specified by the shell environment") logger.Fatal(err, "Unable to initialize a connection to KES as specified by the shell environment")
} }
GlobalKMS = KMS GlobalKMS = KMS

View File

@ -22,7 +22,6 @@ import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"errors" "errors"
"net/http"
"time" "time"
"github.com/minio/kes" "github.com/minio/kes"
@ -141,10 +140,3 @@ func (c *kesClient) DecryptKey(keyID string, ciphertext []byte, ctx Context) ([]
} }
return c.client.Decrypt(context.Background(), keyID, ciphertext, ctxBytes) return c.client.Decrypt(context.Background(), keyID, ciphertext, ctxBytes)
} }
// KeyExists returns if key exists on KMS based on the provided error type
func KeyExists(err error) bool {
// legacyKeyExists will be used to maintain compatibility with KES versions older than v0.18.0
legacyKeyExists := kes.NewError(http.StatusBadRequest, "key does already exist")
return errors.Is(err, kes.ErrKeyExists) || errors.Is(err, legacyKeyExists)
}