From b9be841fd2220856aeaaa537400e8d6d3e128825 Mon Sep 17 00:00:00 2001 From: poornas Date: Wed, 22 Jul 2020 17:39:40 -0700 Subject: [PATCH] Add missing validation for replication API conditions (#10114) --- cmd/admin-bucket-handlers.go | 7 +++++-- cmd/api-errors.go | 9 ++++++++- cmd/bucket-handlers.go | 9 ++++++++- cmd/bucket-replication.go | 5 +++++ cmd/object-api-errors.go | 7 +++++++ 5 files changed, 33 insertions(+), 4 deletions(-) diff --git a/cmd/admin-bucket-handlers.go b/cmd/admin-bucket-handlers.go index 77ffdc495..26f9c56fa 100644 --- a/cmd/admin-bucket-handlers.go +++ b/cmd/admin-bucket-handlers.go @@ -135,6 +135,10 @@ func (a adminAPIHandlers) SetBucketReplicationTargetHandler(w http.ResponseWrite writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL) return } + if !globalIsErasure { + writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) + return + } // Turn off replication if disk crawl is unavailable. if env.Get(envDataUsageCrawlConf, config.EnableOn) == config.EnableOff { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrBucketReplicationDisabledError), r.URL) @@ -214,8 +218,7 @@ func (a adminAPIHandlers) GetBucketReplicationTargetsHandler(w http.ResponseWrit if !target.Empty() { var creds auth.Credentials creds.AccessKey = target.Credentials.AccessKey - tgt = madmin.BucketReplicationTarget{Endpoint: target.Endpoint, TargetBucket: target.TargetBucket, Credentials: &creds} - + tgt = madmin.BucketReplicationTarget{Endpoint: target.Endpoint, TargetBucket: target.TargetBucket, Credentials: &creds, Arn: target.Arn} } data, err := json.Marshal(tgt) if err != nil { diff --git a/cmd/api-errors.go b/cmd/api-errors.go index 39b445d3d..aea59f8f0 100644 --- a/cmd/api-errors.go +++ b/cmd/api-errors.go @@ -108,7 +108,7 @@ const ( ErrReplicationConfigurationNotFoundError ErrReplicationDestinationNotFoundError ErrReplicationTargetNotFoundError - + ErrReplicationTargetNotVersionedError ErrReplicationNeedsVersioningError ErrReplicationBucketNeedsVersioningError ErrBucketReplicationDisabledError @@ -830,6 +830,11 @@ var errorCodes = errorCodeMap{ Description: "The replication target does not exist", HTTPStatusCode: http.StatusNotFound, }, + ErrReplicationTargetNotVersionedError: { + Code: "ReplicationTargetNotVersionedError", + Description: "The replication target does not have versioning enabled", + HTTPStatusCode: http.StatusNotFound, + }, ErrReplicationNeedsVersioningError: { Code: "InvalidRequest", Description: "Versioning must be 'Enabled' on the bucket to apply a replication configuration", @@ -1876,6 +1881,8 @@ func toAPIErrorCode(ctx context.Context, err error) (apiErr APIErrorCode) { apiErr = ErrReplicationDestinationNotFoundError case BucketReplicationTargetNotFound: apiErr = ErrReplicationTargetNotFoundError + case BucketReplicationTargetNotVersioned: + apiErr = ErrReplicationTargetNotVersionedError case BucketQuotaExceeded: apiErr = ErrAdminBucketQuotaExceeded case *event.ErrInvalidEventName: diff --git a/cmd/bucket-handlers.go b/cmd/bucket-handlers.go index 335b601ff..57e9fc59f 100644 --- a/cmd/bucket-handlers.go +++ b/cmd/bucket-handlers.go @@ -1036,7 +1036,10 @@ func (api objectAPIHandlers) PutBucketObjectLockConfigHandler(w http.ResponseWri writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL, guessIsBrowserReq(r)) return } - + if !globalIsErasure { + writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) + return + } if s3Error := checkRequestAuthType(ctx, r, policy.PutBucketObjectLockConfigurationAction, bucket, ""); s3Error != ErrNone { writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL, guessIsBrowserReq(r)) return @@ -1238,6 +1241,10 @@ func (api objectAPIHandlers) PutBucketReplicationConfigHandler(w http.ResponseWr writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL, guessIsBrowserReq(r)) return } + if !globalIsErasure { + writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) + return + } // Turn off replication if disk crawl is unavailable. if env.Get(envDataUsageCrawlConf, config.EnableOn) == config.EnableOff { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrBucketReplicationDisabledError), r.URL) diff --git a/cmd/bucket-replication.go b/cmd/bucket-replication.go index e943c14af..7cfdff44f 100644 --- a/cmd/bucket-replication.go +++ b/cmd/bucket-replication.go @@ -32,6 +32,7 @@ import ( xhttp "github.com/minio/minio/cmd/http" "github.com/minio/minio/cmd/logger" "github.com/minio/minio/pkg/bucket/replication" + "github.com/minio/minio/pkg/bucket/versioning" "github.com/minio/minio/pkg/event" iampolicy "github.com/minio/minio/pkg/iam/policy" "github.com/minio/minio/pkg/madmin" @@ -84,6 +85,10 @@ func (sys *BucketReplicationSys) SetTarget(ctx context.Context, bucket string, t if !ok { return BucketReplicationDestinationNotFound{Bucket: tgt.TargetBucket} } + vcfg, err := clnt.GetBucketVersioning(ctx, tgt.TargetBucket) + if err != nil || vcfg.Status != string(versioning.Enabled) { + return BucketReplicationTargetNotVersioned{Bucket: tgt.TargetBucket} + } sys.Lock() sys.targetsMap[bucket] = clnt sys.targetsARNMap[tgt.URL()] = tgt.Arn diff --git a/cmd/object-api-errors.go b/cmd/object-api-errors.go index 6ba7b28f8..3afe2da11 100644 --- a/cmd/object-api-errors.go +++ b/cmd/object-api-errors.go @@ -369,6 +369,13 @@ func (e BucketReplicationTargetNotFound) Error() string { return "Replication target not found: " + e.Bucket } +// BucketReplicationTargetNotVersioned replication target does not have versioning enabled. +type BucketReplicationTargetNotVersioned GenericError + +func (e BucketReplicationTargetNotVersioned) Error() string { + return "Replication target does not have versioning enabled: " + e.Bucket +} + /// Bucket related errors. // BucketNameInvalid - bucketname provided is invalid.