mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
kes: remove unnecessary error conversion (#14459)
This commit removes some duplicate code that
converts KES API errors.
This code was added since KES `0.18.0` changed
some exported API errors. However, the KES SDK
handles this error conversion itself.
Therefore, it is not necessary to duplicate this
behavior in MinIO.
See: 21555fa624/error.go (L94)
Signed-off-by: Andreas Auernhammer <hi@aead.dev>
This commit is contained in:
parent
289fcbd08c
commit
b48f719b8e
@ -22,8 +22,7 @@ import (
|
|||||||
"errors"
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"github.com/minio/minio/internal/kms"
|
"github.com/minio/kes"
|
||||||
|
|
||||||
"github.com/minio/madmin-go"
|
"github.com/minio/madmin-go"
|
||||||
"github.com/minio/minio/internal/auth"
|
"github.com/minio/minio/internal/auth"
|
||||||
"github.com/minio/minio/internal/config"
|
"github.com/minio/minio/internal/config"
|
||||||
@ -145,7 +144,7 @@ func toAdminAPIErr(ctx context.Context, err error) APIError {
|
|||||||
Description: "The policy cannot be removed, as it is in use",
|
Description: "The policy cannot be removed, as it is in use",
|
||||||
HTTPStatusCode: http.StatusBadRequest,
|
HTTPStatusCode: http.StatusBadRequest,
|
||||||
}
|
}
|
||||||
case kms.KeyExists(err):
|
case errors.Is(err, kes.ErrKeyExists):
|
||||||
apiErr = APIError{
|
apiErr = APIError{
|
||||||
Code: "XMinioKMSKeyExists",
|
Code: "XMinioKMSKeyExists",
|
||||||
Description: err.Error(),
|
Description: err.Error(),
|
||||||
|
@ -820,7 +820,7 @@ func handleCommonEnvVars() {
|
|||||||
// This implicitly checks that we can communicate to KES. We don't treat
|
// This implicitly checks that we can communicate to KES. We don't treat
|
||||||
// a policy error as failure condition since MinIO may not have the permission
|
// a policy error as failure condition since MinIO may not have the permission
|
||||||
// to create keys - just to generate/decrypt data encryption keys.
|
// to create keys - just to generate/decrypt data encryption keys.
|
||||||
if err = KMS.CreateKey(defaultKeyID); err != nil && !kms.KeyExists(err) && !errors.Is(err, kes.ErrNotAllowed) {
|
if err = KMS.CreateKey(defaultKeyID); err != nil && !errors.Is(err, kes.ErrKeyExists) && !errors.Is(err, kes.ErrNotAllowed) {
|
||||||
logger.Fatal(err, "Unable to initialize a connection to KES as specified by the shell environment")
|
logger.Fatal(err, "Unable to initialize a connection to KES as specified by the shell environment")
|
||||||
}
|
}
|
||||||
GlobalKMS = KMS
|
GlobalKMS = KMS
|
||||||
|
@ -22,7 +22,6 @@ import (
|
|||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"errors"
|
"errors"
|
||||||
"net/http"
|
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/minio/kes"
|
"github.com/minio/kes"
|
||||||
@ -141,10 +140,3 @@ func (c *kesClient) DecryptKey(keyID string, ciphertext []byte, ctx Context) ([]
|
|||||||
}
|
}
|
||||||
return c.client.Decrypt(context.Background(), keyID, ciphertext, ctxBytes)
|
return c.client.Decrypt(context.Background(), keyID, ciphertext, ctxBytes)
|
||||||
}
|
}
|
||||||
|
|
||||||
// KeyExists returns if key exists on KMS based on the provided error type
|
|
||||||
func KeyExists(err error) bool {
|
|
||||||
// legacyKeyExists will be used to maintain compatibility with KES versions older than v0.18.0
|
|
||||||
legacyKeyExists := kes.NewError(http.StatusBadRequest, "key does already exist")
|
|
||||||
return errors.Is(err, kes.ErrKeyExists) || errors.Is(err, legacyKeyExists)
|
|
||||||
}
|
|
||||||
|
Loading…
Reference in New Issue
Block a user