diff --git a/cmd/admin-bucket-handlers.go b/cmd/admin-bucket-handlers.go index 13baa2e3c..37a1c91ae 100644 --- a/cmd/admin-bucket-handlers.go +++ b/cmd/admin-bucket-handlers.go @@ -56,9 +56,7 @@ const ( // specified in the quota configuration will be applied by default // to enforce total quota for the specified bucket. func (a adminAPIHandlers) PutBucketQuotaConfigHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "PutBucketQuotaConfig") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.SetBucketQuotaAdminAction) if objectAPI == nil { @@ -110,9 +108,7 @@ func (a adminAPIHandlers) PutBucketQuotaConfigHandler(w http.ResponseWriter, r * // GetBucketQuotaConfigHandler - gets bucket quota configuration func (a adminAPIHandlers) GetBucketQuotaConfigHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "GetBucketQuotaConfig") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.GetBucketQuotaAdminAction) if objectAPI == nil { @@ -145,9 +141,8 @@ func (a adminAPIHandlers) GetBucketQuotaConfigHandler(w http.ResponseWriter, r * // SetRemoteTargetHandler - sets a remote target for bucket func (a adminAPIHandlers) SetRemoteTargetHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SetBucketTarget") + ctx := r.Context() - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) vars := mux.Vars(r) bucket := pathClean(vars["bucket"]) update := r.Form.Get("update") == "true" @@ -289,9 +284,8 @@ func (a adminAPIHandlers) SetRemoteTargetHandler(w http.ResponseWriter, r *http. // ListRemoteTargetsHandler - lists remote target(s) for a bucket or gets a target // for a particular ARN type func (a adminAPIHandlers) ListRemoteTargetsHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ListBucketTargets") + ctx := r.Context() - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) vars := mux.Vars(r) bucket := pathClean(vars["bucket"]) arnType := vars["type"] @@ -324,9 +318,8 @@ func (a adminAPIHandlers) ListRemoteTargetsHandler(w http.ResponseWriter, r *htt // RemoveRemoteTargetHandler - removes a remote target for bucket with specified ARN func (a adminAPIHandlers) RemoveRemoteTargetHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "RemoveBucketTarget") + ctx := r.Context() - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) vars := mux.Vars(r) bucket := pathClean(vars["bucket"]) arn := vars["arn"] @@ -368,8 +361,7 @@ func (a adminAPIHandlers) RemoveRemoteTargetHandler(w http.ResponseWriter, r *ht // ExportBucketMetadataHandler - exports all bucket metadata as a zipped file func (a adminAPIHandlers) ExportBucketMetadataHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ExportBucketMetadata") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() bucket := pathClean(r.Form.Get("bucket")) // Get current object layer instance. @@ -652,9 +644,7 @@ func (i *importMetaReport) SetStatus(bucket, fname string, err error) { // 2. Replication config - is omitted from import as remote target credentials are not available from exported data for security reasons. // 3. lifecycle config - if transition rules are present, tier name needs to have been defined. func (a adminAPIHandlers) ImportBucketMetadataHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ImportBucketMetadata") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Get current object layer instance. objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ImportBucketMetadataAction) @@ -1069,8 +1059,7 @@ func (a adminAPIHandlers) ImportBucketMetadataHandler(w http.ResponseWriter, r * // ReplicationDiffHandler - POST returns info on unreplicated versions for a remote target ARN // to the connected HTTP client. func (a adminAPIHandlers) ReplicationDiffHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ReplicationDiff") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() vars := mux.Vars(r) bucket := vars["bucket"] @@ -1132,8 +1121,7 @@ func (a adminAPIHandlers) ReplicationDiffHandler(w http.ResponseWriter, r *http. // ReplicationMRFHandler - POST returns info on entries in the MRF backlog for a node or all nodes func (a adminAPIHandlers) ReplicationMRFHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ReplicationMRF") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() vars := mux.Vars(r) bucket := vars["bucket"] diff --git a/cmd/admin-handlers-config-kv.go b/cmd/admin-handlers-config-kv.go index 8dc86bbc7..8e964ae09 100644 --- a/cmd/admin-handlers-config-kv.go +++ b/cmd/admin-handlers-config-kv.go @@ -43,9 +43,7 @@ import ( // DelConfigKVHandler - DELETE /minio/admin/v3/del-config-kv func (a adminAPIHandlers) DelConfigKVHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "DeleteConfigKV") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction) if objectAPI == nil { @@ -149,9 +147,7 @@ type setConfigResult struct { // SetConfigKVHandler - PUT /minio/admin/v3/set-config-kv func (a adminAPIHandlers) SetConfigKVHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SetConfigKV") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction) if objectAPI == nil { @@ -244,9 +240,7 @@ func setConfigKV(ctx context.Context, objectAPI ObjectLayer, kvBytes []byte) (re // // This is a reporting API and config secrets are redacted in the response. func (a adminAPIHandlers) GetConfigKVHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "GetConfigKV") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction) if objectAPI == nil { @@ -292,9 +286,7 @@ func (a adminAPIHandlers) GetConfigKVHandler(w http.ResponseWriter, r *http.Requ } func (a adminAPIHandlers) ClearConfigHistoryKVHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ClearConfigHistoryKV") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction) if objectAPI == nil { @@ -327,9 +319,7 @@ func (a adminAPIHandlers) ClearConfigHistoryKVHandler(w http.ResponseWriter, r * // RestoreConfigHistoryKVHandler - restores a config with KV settings for the given KV id. func (a adminAPIHandlers) RestoreConfigHistoryKVHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "RestoreConfigHistoryKV") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction) if objectAPI == nil { @@ -375,9 +365,7 @@ func (a adminAPIHandlers) RestoreConfigHistoryKVHandler(w http.ResponseWriter, r // ListConfigHistoryKVHandler - lists all the KV ids. func (a adminAPIHandlers) ListConfigHistoryKVHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ListConfigHistoryKV") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction) if objectAPI == nil { @@ -415,9 +403,7 @@ func (a adminAPIHandlers) ListConfigHistoryKVHandler(w http.ResponseWriter, r *h // HelpConfigKVHandler - GET /minio/admin/v3/help-config-kv?subSys={subSys}&key={key} func (a adminAPIHandlers) HelpConfigKVHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "HelpConfigKV") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction) if objectAPI == nil { @@ -442,9 +428,7 @@ func (a adminAPIHandlers) HelpConfigKVHandler(w http.ResponseWriter, r *http.Req // SetConfigHandler - PUT /minio/admin/v3/config func (a adminAPIHandlers) SetConfigHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SetConfig") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction) if objectAPI == nil { @@ -496,9 +480,7 @@ func (a adminAPIHandlers) SetConfigHandler(w http.ResponseWriter, r *http.Reques // This endpoint is mainly for exporting and backing up the configuration. // Secrets are not redacted. func (a adminAPIHandlers) GetConfigHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "GetConfig") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction) if objectAPI == nil { diff --git a/cmd/admin-handlers-idp-config.go b/cmd/admin-handlers-idp-config.go index 6a4b5fb65..192ca23f9 100644 --- a/cmd/admin-handlers-idp-config.go +++ b/cmd/admin-handlers-idp-config.go @@ -198,8 +198,7 @@ func handleCreateUpdateValidation(s config.Config, subSys, cfgTarget string, isU // // PUT /idp-cfg/openid/_ -> create (default) named config `_` func (a adminAPIHandlers) AddIdentityProviderCfg(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "AddIdentityProviderCfg") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() addOrUpdateIDPHandler(ctx, w, r, false) } @@ -210,8 +209,7 @@ func (a adminAPIHandlers) AddIdentityProviderCfg(w http.ResponseWriter, r *http. // // POST /idp-cfg/openid/_ -> update (default) named config `_` func (a adminAPIHandlers) UpdateIdentityProviderCfg(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "UpdateIdentityProviderCfg") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() addOrUpdateIDPHandler(ctx, w, r, true) } @@ -220,8 +218,7 @@ func (a adminAPIHandlers) UpdateIdentityProviderCfg(w http.ResponseWriter, r *ht // // GET /idp-cfg/openid -> lists openid provider configs. func (a adminAPIHandlers) ListIdentityProviderCfg(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ListIdentityProviderCfg") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction) if objectAPI == nil { @@ -274,8 +271,7 @@ func (a adminAPIHandlers) ListIdentityProviderCfg(w http.ResponseWriter, r *http // // GET /idp-cfg/openid/dex_test func (a adminAPIHandlers) GetIdentityProviderCfg(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "GetIdentityProviderCfg") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction) if objectAPI == nil { @@ -334,9 +330,7 @@ func (a adminAPIHandlers) GetIdentityProviderCfg(w http.ResponseWriter, r *http. // // DELETE /idp-cfg/openid/dex_test func (a adminAPIHandlers) DeleteIdentityProviderCfg(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "DeleteIdentityProviderCfg") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction) if objectAPI == nil { diff --git a/cmd/admin-handlers-idp-ldap.go b/cmd/admin-handlers-idp-ldap.go index 328cf95c6..70ae95a77 100644 --- a/cmd/admin-handlers-idp-ldap.go +++ b/cmd/admin-handlers-idp-ldap.go @@ -45,9 +45,7 @@ import ( // // When all query parameters are omitted, returns mappings for all policies. func (a adminAPIHandlers) ListLDAPPolicyMappingEntities(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ListLDAPPolicyMappingEntities") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Check authorization. @@ -94,9 +92,7 @@ func (a adminAPIHandlers) ListLDAPPolicyMappingEntities(w http.ResponseWriter, r // // POST /idp/ldap/policy/{operation} func (a adminAPIHandlers) AttachDetachPolicyLDAP(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "AttachDetachPolicyLDAP") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Check authorization. diff --git a/cmd/admin-handlers-pools.go b/cmd/admin-handlers-pools.go index 56ab891e3..00272c36d 100644 --- a/cmd/admin-handlers-pools.go +++ b/cmd/admin-handlers-pools.go @@ -35,9 +35,7 @@ var ( ) func (a adminAPIHandlers) StartDecommission(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "StartDecommission") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.DecommissionAdminAction) if objectAPI == nil { @@ -113,9 +111,7 @@ func (a adminAPIHandlers) StartDecommission(w http.ResponseWriter, r *http.Reque } func (a adminAPIHandlers) CancelDecommission(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "CancelDecommission") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.DecommissionAdminAction) if objectAPI == nil { @@ -161,9 +157,7 @@ func (a adminAPIHandlers) CancelDecommission(w http.ResponseWriter, r *http.Requ } func (a adminAPIHandlers) StatusPool(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "StatusPool") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ServerInfoAdminAction, iampolicy.DecommissionAdminAction) if objectAPI == nil { @@ -204,9 +198,7 @@ func (a adminAPIHandlers) StatusPool(w http.ResponseWriter, r *http.Request) { } func (a adminAPIHandlers) ListPools(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ListPools") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ServerInfoAdminAction, iampolicy.DecommissionAdminAction) if objectAPI == nil { @@ -239,8 +231,7 @@ func (a adminAPIHandlers) ListPools(w http.ResponseWriter, r *http.Request) { } func (a adminAPIHandlers) RebalanceStart(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "RebalanceStart") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.RebalanceAdminAction) if objectAPI == nil { @@ -311,8 +302,7 @@ func (a adminAPIHandlers) RebalanceStart(w http.ResponseWriter, r *http.Request) } func (a adminAPIHandlers) RebalanceStatus(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "RebalanceStatus") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.RebalanceAdminAction) if objectAPI == nil { @@ -352,8 +342,7 @@ func (a adminAPIHandlers) RebalanceStatus(w http.ResponseWriter, r *http.Request } func (a adminAPIHandlers) RebalanceStop(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "RebalanceStop") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.RebalanceAdminAction) if objectAPI == nil { diff --git a/cmd/admin-handlers-site-replication.go b/cmd/admin-handlers-site-replication.go index 9cf4ed721..d4c5b39b4 100644 --- a/cmd/admin-handlers-site-replication.go +++ b/cmd/admin-handlers-site-replication.go @@ -39,9 +39,7 @@ import ( // SiteReplicationAdd - PUT /minio/admin/v3/site-replication/add func (a adminAPIHandlers) SiteReplicationAdd(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SiteReplicationAdd") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.SiteReplicationAddAction) if objectAPI == nil { @@ -75,9 +73,7 @@ func (a adminAPIHandlers) SiteReplicationAdd(w http.ResponseWriter, r *http.Requ // used internally to tell current cluster to enable SR with // the provided peer clusters and service account. func (a adminAPIHandlers) SRPeerJoin(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SRPeerJoin") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.SiteReplicationAddAction) if objectAPI == nil { @@ -99,9 +95,7 @@ func (a adminAPIHandlers) SRPeerJoin(w http.ResponseWriter, r *http.Request) { // SRPeerBucketOps - PUT /minio/admin/v3/site-replication/bucket-ops?bucket=x&operation=y func (a adminAPIHandlers) SRPeerBucketOps(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SRPeerBucketOps") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.SiteReplicationOperationAction) if objectAPI == nil { @@ -148,9 +142,7 @@ func (a adminAPIHandlers) SRPeerBucketOps(w http.ResponseWriter, r *http.Request // SRPeerReplicateIAMItem - PUT /minio/admin/v3/site-replication/iam-item func (a adminAPIHandlers) SRPeerReplicateIAMItem(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SRPeerReplicateIAMItem") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.SiteReplicationOperationAction) if objectAPI == nil { @@ -202,9 +194,7 @@ func (a adminAPIHandlers) SRPeerReplicateIAMItem(w http.ResponseWriter, r *http. // SRPeerReplicateBucketItem - PUT /minio/admin/v3/site-replication/bucket-meta func (a adminAPIHandlers) SRPeerReplicateBucketItem(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SRPeerReplicateBucketItem") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.SiteReplicationOperationAction) if objectAPI == nil { @@ -268,9 +258,7 @@ func (a adminAPIHandlers) SRPeerReplicateBucketItem(w http.ResponseWriter, r *ht // SiteReplicationInfo - GET /minio/admin/v3/site-replication/info func (a adminAPIHandlers) SiteReplicationInfo(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SiteReplicationInfo") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.SiteReplicationInfoAction) if objectAPI == nil { @@ -290,9 +278,7 @@ func (a adminAPIHandlers) SiteReplicationInfo(w http.ResponseWriter, r *http.Req } func (a adminAPIHandlers) SRPeerGetIDPSettings(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SiteReplicationGetIDPSettings") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.SiteReplicationAddAction) if objectAPI == nil { @@ -329,9 +315,7 @@ func parseJSONBody(ctx context.Context, body io.Reader, v interface{}, encryptio // SiteReplicationStatus - GET /minio/admin/v3/site-replication/status func (a adminAPIHandlers) SiteReplicationStatus(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SiteReplicationStatus") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.SiteReplicationInfoAction) if objectAPI == nil { @@ -360,9 +344,7 @@ func (a adminAPIHandlers) SiteReplicationStatus(w http.ResponseWriter, r *http.R // SiteReplicationMetaInfo - GET /minio/admin/v3/site-replication/metainfo func (a adminAPIHandlers) SiteReplicationMetaInfo(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SiteReplicationMetaInfo") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.SiteReplicationInfoAction) if objectAPI == nil { @@ -384,8 +366,7 @@ func (a adminAPIHandlers) SiteReplicationMetaInfo(w http.ResponseWriter, r *http // SiteReplicationEdit - PUT /minio/admin/v3/site-replication/edit func (a adminAPIHandlers) SiteReplicationEdit(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SiteReplicationEdit") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.SiteReplicationAddAction) if objectAPI == nil { @@ -416,8 +397,7 @@ func (a adminAPIHandlers) SiteReplicationEdit(w http.ResponseWriter, r *http.Req // // used internally to tell current cluster to update endpoint for peer func (a adminAPIHandlers) SRPeerEdit(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SRPeerEdit") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.SiteReplicationAddAction) if objectAPI == nil { @@ -451,9 +431,7 @@ func getSRStatusOptions(r *http.Request) (opts madmin.SRStatusOptions) { // SiteReplicationRemove - PUT /minio/admin/v3/site-replication/remove func (a adminAPIHandlers) SiteReplicationRemove(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SiteReplicationRemove") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.SiteReplicationRemoveAction) if objectAPI == nil { @@ -484,8 +462,7 @@ func (a adminAPIHandlers) SiteReplicationRemove(w http.ResponseWriter, r *http.R // // used internally to tell current cluster to update endpoint for peer func (a adminAPIHandlers) SRPeerRemove(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SRPeerRemove") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.SiteReplicationRemoveAction) if objectAPI == nil { @@ -507,9 +484,7 @@ func (a adminAPIHandlers) SRPeerRemove(w http.ResponseWriter, r *http.Request) { // SiteReplicationResyncOp - PUT /minio/admin/v3/site-replication/resync/op func (a adminAPIHandlers) SiteReplicationResyncOp(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SiteReplicationResyncOp") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.SiteReplicationResyncAction) if objectAPI == nil { @@ -550,8 +525,7 @@ func (a adminAPIHandlers) SiteReplicationResyncOp(w http.ResponseWriter, r *http // SiteReplicationDevNull - everything goes to io.Discard // [POST] /minio/admin/v3/site-replication/devnull func (a adminAPIHandlers) SiteReplicationDevNull(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SiteReplicationDevNull") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() globalSiteNetPerfRX.Connect() defer globalSiteNetPerfRX.Disconnect() @@ -581,9 +555,6 @@ func (a adminAPIHandlers) SiteReplicationDevNull(w http.ResponseWriter, r *http. // SiteReplicationNetPerf - everything goes to io.Discard // [POST] /minio/admin/v3/site-replication/netperf func (a adminAPIHandlers) SiteReplicationNetPerf(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SiteReplicationNetPerf") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) - durationStr := r.Form.Get(peerRESTDuration) duration, _ := time.ParseDuration(durationStr) if duration < globalNetPerfMinDuration { diff --git a/cmd/admin-handlers-users.go b/cmd/admin-handlers-users.go index 2ad2d7348..9c3cd83dd 100644 --- a/cmd/admin-handlers-users.go +++ b/cmd/admin-handlers-users.go @@ -39,9 +39,7 @@ import ( // RemoveUser - DELETE /minio/admin/v3/remove-user?accessKey= func (a adminAPIHandlers) RemoveUser(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "RemoveUser") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.DeleteUserAdminAction) if objectAPI == nil { @@ -85,9 +83,7 @@ func (a adminAPIHandlers) RemoveUser(w http.ResponseWriter, r *http.Request) { // ListBucketUsers - GET /minio/admin/v3/list-users?bucket={bucket} func (a adminAPIHandlers) ListBucketUsers(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ListBucketUsers") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ListUsersAdminAction) if objectAPI == nil { @@ -121,9 +117,7 @@ func (a adminAPIHandlers) ListBucketUsers(w http.ResponseWriter, r *http.Request // ListUsers - GET /minio/admin/v3/list-users func (a adminAPIHandlers) ListUsers(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ListUsers") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ListUsersAdminAction) if objectAPI == nil { @@ -167,9 +161,7 @@ func (a adminAPIHandlers) ListUsers(w http.ResponseWriter, r *http.Request) { // GetUserInfo - GET /minio/admin/v3/user-info func (a adminAPIHandlers) GetUserInfo(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "GetUserInfo") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() vars := mux.Vars(r) name := vars["accessKey"] @@ -224,9 +216,7 @@ func (a adminAPIHandlers) GetUserInfo(w http.ResponseWriter, r *http.Request) { // UpdateGroupMembers - PUT /minio/admin/v3/update-group-members func (a adminAPIHandlers) UpdateGroupMembers(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "UpdateGroupMembers") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.AddUserToGroupAdminAction) if objectAPI == nil { @@ -296,9 +286,7 @@ func (a adminAPIHandlers) UpdateGroupMembers(w http.ResponseWriter, r *http.Requ // GetGroup - /minio/admin/v3/group?group=mygroup1 func (a adminAPIHandlers) GetGroup(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "GetGroup") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.GetGroupAdminAction) if objectAPI == nil { @@ -325,9 +313,7 @@ func (a adminAPIHandlers) GetGroup(w http.ResponseWriter, r *http.Request) { // ListGroups - GET /minio/admin/v3/groups func (a adminAPIHandlers) ListGroups(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ListGroups") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ListGroupsAdminAction) if objectAPI == nil { @@ -351,9 +337,7 @@ func (a adminAPIHandlers) ListGroups(w http.ResponseWriter, r *http.Request) { // SetGroupStatus - PUT /minio/admin/v3/set-group-status?group=mygroup1&status=enabled func (a adminAPIHandlers) SetGroupStatus(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SetGroupStatus") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.EnableGroupAdminAction) if objectAPI == nil { @@ -396,9 +380,7 @@ func (a adminAPIHandlers) SetGroupStatus(w http.ResponseWriter, r *http.Request) // SetUserStatus - PUT /minio/admin/v3/set-user-status?accessKey=&status=[enabled|disabled] func (a adminAPIHandlers) SetUserStatus(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SetUserStatus") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, creds := validateAdminReq(ctx, w, r, iampolicy.EnableUserAdminAction) if objectAPI == nil { @@ -436,9 +418,7 @@ func (a adminAPIHandlers) SetUserStatus(w http.ResponseWriter, r *http.Request) // AddUser - PUT /minio/admin/v3/add-user?accessKey= func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "AddUser") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() vars := mux.Vars(r) accessKey := vars["accessKey"] @@ -543,9 +523,7 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) { // TemporaryAccountInfo - GET /minio/admin/v3/temporary-account-info func (a adminAPIHandlers) TemporaryAccountInfo(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "TemporaryAccountInfo") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Get current object layer instance. objectAPI := newObjectLayerFn() @@ -628,9 +606,7 @@ func (a adminAPIHandlers) TemporaryAccountInfo(w http.ResponseWriter, r *http.Re // AddServiceAccount - PUT /minio/admin/v3/add-service-account func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "AddServiceAccount") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Get current object layer instance. objectAPI := newObjectLayerFn() @@ -861,9 +837,7 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque // UpdateServiceAccount - POST /minio/admin/v3/update-service-account func (a adminAPIHandlers) UpdateServiceAccount(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "UpdateServiceAccount") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Get current object layer instance. objectAPI := newObjectLayerFn() @@ -975,9 +949,7 @@ func (a adminAPIHandlers) UpdateServiceAccount(w http.ResponseWriter, r *http.Re // InfoServiceAccount - GET /minio/admin/v3/info-service-account func (a adminAPIHandlers) InfoServiceAccount(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "InfoServiceAccount") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Get current object layer instance. objectAPI := newObjectLayerFn() @@ -1074,9 +1046,7 @@ func (a adminAPIHandlers) InfoServiceAccount(w http.ResponseWriter, r *http.Requ // ListServiceAccounts - GET /minio/admin/v3/list-service-accounts func (a adminAPIHandlers) ListServiceAccounts(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ListServiceAccounts") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Get current object layer instance. objectAPI := newObjectLayerFn() @@ -1153,9 +1123,7 @@ func (a adminAPIHandlers) ListServiceAccounts(w http.ResponseWriter, r *http.Req // DeleteServiceAccount - DELETE /minio/admin/v3/delete-service-account func (a adminAPIHandlers) DeleteServiceAccount(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "DeleteServiceAccount") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Get current object layer instance. objectAPI := newObjectLayerFn() @@ -1226,9 +1194,7 @@ func (a adminAPIHandlers) DeleteServiceAccount(w http.ResponseWriter, r *http.Re // AccountInfoHandler returns usage func (a adminAPIHandlers) AccountInfoHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "AccountInfo") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Get current object layer instance. objectAPI := newObjectLayerFn() @@ -1449,9 +1415,7 @@ func (a adminAPIHandlers) AccountInfoHandler(w http.ResponseWriter, r *http.Requ // timestamps along with the policy JSON. Both versions are supported for now, // for smooth transition to new API. func (a adminAPIHandlers) InfoCannedPolicy(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "InfoCannedPolicy") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.GetPolicyAdminAction) if objectAPI == nil { @@ -1497,9 +1461,7 @@ func (a adminAPIHandlers) InfoCannedPolicy(w http.ResponseWriter, r *http.Reques // ListBucketPolicies - GET /minio/admin/v3/list-canned-policies?bucket={bucket} func (a adminAPIHandlers) ListBucketPolicies(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ListBucketPolicies") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ListUserPoliciesAdminAction) if objectAPI == nil { @@ -1530,9 +1492,7 @@ func (a adminAPIHandlers) ListBucketPolicies(w http.ResponseWriter, r *http.Requ // ListCannedPolicies - GET /minio/admin/v3/list-canned-policies func (a adminAPIHandlers) ListCannedPolicies(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ListCannedPolicies") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ListUserPoliciesAdminAction) if objectAPI == nil { @@ -1562,9 +1522,7 @@ func (a adminAPIHandlers) ListCannedPolicies(w http.ResponseWriter, r *http.Requ // RemoveCannedPolicy - DELETE /minio/admin/v3/remove-canned-policy?name= func (a adminAPIHandlers) RemoveCannedPolicy(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "RemoveCannedPolicy") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.DeletePolicyAdminAction) if objectAPI == nil { @@ -1590,9 +1548,7 @@ func (a adminAPIHandlers) RemoveCannedPolicy(w http.ResponseWriter, r *http.Requ // AddCannedPolicy - PUT /minio/admin/v3/add-canned-policy?name= func (a adminAPIHandlers) AddCannedPolicy(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "AddCannedPolicy") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.CreatePolicyAdminAction) if objectAPI == nil { @@ -1656,9 +1612,7 @@ func (a adminAPIHandlers) AddCannedPolicy(w http.ResponseWriter, r *http.Request // SetPolicyForUserOrGroup - PUT /minio/admin/v3/set-policy?policy=xxx&user-or-group=?[&is-group] func (a adminAPIHandlers) SetPolicyForUserOrGroup(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SetPolicyForUserOrGroup") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.AttachPolicyAdminAction) if objectAPI == nil { @@ -1730,9 +1684,7 @@ func (a adminAPIHandlers) SetPolicyForUserOrGroup(w http.ResponseWriter, r *http // ListPolicyMappingEntities - GET /minio/admin/v3/idp/builtin/polciy-entities?policy=xxx&user=xxx&group=xxx func (a adminAPIHandlers) ListPolicyMappingEntities(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ListPolicyMappingEntities") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Check authorization. objectAPI, cred := validateAdminReq(ctx, w, r, @@ -1772,9 +1724,7 @@ func (a adminAPIHandlers) ListPolicyMappingEntities(w http.ResponseWriter, r *ht // AttachDetachPolicyBuiltin - POST /minio/admin/v3/idp/builtin/policy/{operation} func (a adminAPIHandlers) AttachDetachPolicyBuiltin(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "AttachDetachPolicyBuiltin") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.UpdatePolicyAssociationAction, iampolicy.AttachPolicyAdminAction) @@ -1873,8 +1823,7 @@ const ( // ExportIAMHandler - exports all iam info as a zipped file func (a adminAPIHandlers) ExportIAM(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ExportIAM") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Get current object layer instance. objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ExportIAMAction) @@ -2112,9 +2061,7 @@ func (a adminAPIHandlers) ExportIAM(w http.ResponseWriter, r *http.Request) { // ImportIAM - imports all IAM info into MinIO func (a adminAPIHandlers) ImportIAM(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ImportIAM") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Get current object layer instance. objectAPI := newObjectLayerFn() diff --git a/cmd/admin-handlers.go b/cmd/admin-handlers.go index 739f77fa5..59f8a05fe 100644 --- a/cmd/admin-handlers.go +++ b/cmd/admin-handlers.go @@ -78,9 +78,7 @@ const ( // ---------- // updates all minio servers and restarts them gracefully. func (a adminAPIHandlers) ServerUpdateHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ServerUpdate") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ServerUpdateAdminAction) if objectAPI == nil { @@ -229,9 +227,7 @@ func (a adminAPIHandlers) ServerUpdateHandler(w http.ResponseWriter, r *http.Req // - freeze (freezes all incoming S3 API calls) // - unfreeze (unfreezes previously frozen S3 API calls) func (a adminAPIHandlers) ServiceHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "Service") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() vars := mux.Vars(r) action := vars["action"] @@ -332,9 +328,7 @@ type ServerHTTPStats struct { // ---------- // Get server information func (a adminAPIHandlers) StorageInfoHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "StorageInfo") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.StorageInfoAdminAction) if objectAPI == nil { @@ -373,9 +367,7 @@ func (a adminAPIHandlers) StorageInfoHandler(w http.ResponseWriter, r *http.Requ // ---------- // Get realtime server metrics func (a adminAPIHandlers) MetricsHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "Metrics") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ServerInfoAdminAction) if objectAPI == nil { @@ -484,9 +476,7 @@ func (a adminAPIHandlers) MetricsHandler(w http.ResponseWriter, r *http.Request) // ---------- // Get server/cluster data usage info func (a adminAPIHandlers) DataUsageInfoHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "DataUsageInfo") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.DataUsageInfoAdminAction) if objectAPI == nil { @@ -569,9 +559,7 @@ type PeerLocks struct { // ForceUnlockHandler force unlocks requested resource func (a adminAPIHandlers) ForceUnlockHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ForceUnlock") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ForceUnlockAdminAction) if objectAPI == nil { @@ -606,9 +594,7 @@ func (a adminAPIHandlers) ForceUnlockHandler(w http.ResponseWriter, r *http.Requ // TopLocksHandler Get list of locks in use func (a adminAPIHandlers) TopLocksHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "TopLocks") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.TopLocksAdminAction) if objectAPI == nil { @@ -658,9 +644,7 @@ type StartProfilingResult struct { // ---------- // Enable server profiling func (a adminAPIHandlers) StartProfilingHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "StartProfiling") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Validate request signature. _, adminAPIErr := checkAdminRequestAuth(ctx, r, iampolicy.ProfilingAdminAction, "") @@ -745,9 +729,7 @@ func (a adminAPIHandlers) StartProfilingHandler(w http.ResponseWriter, r *http.R // ---------- // Enable server profiling func (a adminAPIHandlers) ProfileHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "Profile") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Validate request signature. _, adminAPIErr := checkAdminRequestAuth(ctx, r, iampolicy.ProfilingAdminAction, "") @@ -842,9 +824,7 @@ func (f dummyFileInfo) Sys() interface{} { return f.sys } // ---------- // Download profiling information of all nodes in a zip format - deprecated API func (a adminAPIHandlers) DownloadProfilingHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "DownloadProfiling") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Validate request signature. _, adminAPIErr := checkAdminRequestAuth(ctx, r, iampolicy.ProfilingAdminAction, "") @@ -943,9 +923,7 @@ func extractHealInitParams(vars map[string]string, qParms url.Values, r io.Reade // sequence. However, if the force-start flag is provided, the server // aborts the running heal sequence and starts a new one. func (a adminAPIHandlers) HealHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "Heal") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.HealAdminAction) if objectAPI == nil { @@ -1129,9 +1107,7 @@ func getAggregatedBackgroundHealState(ctx context.Context, o ObjectLayer) (madmi } func (a adminAPIHandlers) BackgroundHealStatusHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "HealBackgroundStatus") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.HealAdminAction) if objectAPI == nil { @@ -1152,9 +1128,7 @@ func (a adminAPIHandlers) BackgroundHealStatusHandler(w http.ResponseWriter, r * // SitePerfHandler - measures network throughput between site replicated setups func (a adminAPIHandlers) SitePerfHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "SitePerfHandler") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.HealthInfoAdminAction) if objectAPI == nil { @@ -1200,9 +1174,7 @@ func (a adminAPIHandlers) SitePerfHandler(w http.ResponseWriter, r *http.Request // NetperfHandler - perform mesh style network throughput test func (a adminAPIHandlers) NetperfHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "NetperfHandler") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.HealthInfoAdminAction) if objectAPI == nil { @@ -1247,9 +1219,7 @@ func (a adminAPIHandlers) NetperfHandler(w http.ResponseWriter, r *http.Request) // increasing concurrency and stopping when we have reached the limits on the // system. func (a adminAPIHandlers) ObjectSpeedTestHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ObjectSpeedTestHandler") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.HealthInfoAdminAction) if objectAPI == nil { @@ -1408,19 +1378,9 @@ func validateObjPerfOptions(ctx context.Context, storageInfo madmin.StorageInfo, return true, autotune, "" } -// NetSpeedtestHandler - reports maximum network throughput -func (a adminAPIHandlers) NetSpeedtestHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "NetSpeedtestHandler") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) - - writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) -} - // DriveSpeedtestHandler - reports throughput of drives available in the cluster func (a adminAPIHandlers) DriveSpeedtestHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "DriveSpeedtestHandler") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.HealthInfoAdminAction) if objectAPI == nil { @@ -1540,8 +1500,7 @@ func extractTraceOptions(r *http.Request) (opts madmin.ServiceTraceOpts, err err // ---------- // The handler sends http trace to the connected HTTP client. func (a adminAPIHandlers) TraceHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "HTTPTrace") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Validate request signature. _, adminAPIErr := checkAdminRequestAuth(ctx, r, iampolicy.TraceAdminAction, "") @@ -1613,9 +1572,7 @@ func (a adminAPIHandlers) TraceHandler(w http.ResponseWriter, r *http.Request) { // The ConsoleLogHandler handler sends console logs to the connected HTTP client. func (a adminAPIHandlers) ConsoleLogHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ConsoleLog") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ConsoleLogAdminAction) if objectAPI == nil { @@ -1696,8 +1653,7 @@ func (a adminAPIHandlers) ConsoleLogHandler(w http.ResponseWriter, r *http.Reque // KMSCreateKeyHandler - POST /minio/admin/v3/kms/key/create?key-id= func (a adminAPIHandlers) KMSCreateKeyHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "KMSCreateKey") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.KMSCreateKeyAdminAction) if objectAPI == nil { @@ -1718,8 +1674,7 @@ func (a adminAPIHandlers) KMSCreateKeyHandler(w http.ResponseWriter, r *http.Req // KMSKeyStatusHandler - GET /minio/admin/v3/kms/status func (a adminAPIHandlers) KMSStatusHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "KMSStatus") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.KMSKeyStatusAdminAction) if objectAPI == nil { @@ -1756,9 +1711,7 @@ func (a adminAPIHandlers) KMSStatusHandler(w http.ResponseWriter, r *http.Reques // KMSKeyStatusHandler - GET /minio/admin/v3/kms/key/status?key-id= func (a adminAPIHandlers) KMSKeyStatusHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "KMSKeyStatus") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.KMSKeyStatusAdminAction) if objectAPI == nil { @@ -2353,8 +2306,7 @@ func fetchHealthInfo(healthCtx context.Context, objectAPI ObjectLayer, query *ur // ---------- // Get server health info func (a adminAPIHandlers) HealthInfoHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "HealthInfo") - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.HealthInfoAdminAction) if objectAPI == nil { @@ -2460,9 +2412,7 @@ func getTLSInfo() madmin.TLSInfo { // ---------- // Get server information func (a adminAPIHandlers) ServerInfoHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ServerInfo") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() // Validate request signature. _, adminAPIErr := checkAdminRequestAuth(ctx, r, iampolicy.ServerInfoAdminAction, "") @@ -2714,7 +2664,7 @@ type getRawDataer interface { // ---------- // Download file from all nodes in a zip format func (a adminAPIHandlers) InspectDataHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "InspectData") + ctx := r.Context() // Validate request signature. _, adminAPIErr := checkAdminRequestAuth(ctx, r, iampolicy.InspectDataAction, "") @@ -2722,7 +2672,6 @@ func (a adminAPIHandlers) InspectDataHandler(w http.ResponseWriter, r *http.Requ writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(adminAPIErr), r.URL) return } - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) objLayer := newObjectLayerFn() o, ok := objLayer.(getRawDataer) diff --git a/cmd/admin-router.go b/cmd/admin-router.go index e32d8dd22..cc60b7e52 100644 --- a/cmd/admin-router.go +++ b/cmd/admin-router.go @@ -19,6 +19,9 @@ package cmd import ( "net/http" + "reflect" + "runtime" + "strings" "github.com/klauspost/compress/gzhttp" "github.com/klauspost/compress/gzip" @@ -35,6 +38,106 @@ const ( adminAPISiteReplicationNetPerf = "/site-replication/netperf" ) +var gzipHandler = func() func(http.Handler) http.HandlerFunc { + gz, err := gzhttp.NewWrapper(gzhttp.MinSize(1000), gzhttp.CompressionLevel(gzip.BestSpeed)) + if err != nil { + // Static params, so this is very unlikely. + logger.Fatal(err, "Unable to initialize server") + } + return gz +}() + +// Set of handler options as bit flags +type hFlag uint8 + +const ( + // this flag disables gzip compression of responses + noGZFlag = 1 << iota + + // this flag enables tracing body and headers instead of just headers + traceAllFlag + + // pass this flag to skip checking if object layer is available + noObjLayerFlag +) + +// Has checks if the the given flag is enabled in `h`. +func (h hFlag) Has(flag hFlag) bool { + // Use bitwise-AND and check if the result is non-zero. + return h&flag != 0 +} + +func getHandlerName(f http.HandlerFunc) string { + name := runtime.FuncForPC(reflect.ValueOf(f).Pointer()).Name() + name = strings.TrimPrefix(name, "github.com/minio/minio/cmd.adminAPIHandlers.") + name = strings.TrimSuffix(name, "Handler-fm") + name = strings.TrimSuffix(name, "-fm") + return name +} + +// adminMiddleware performs some common admin handler functionality for all +// handlers: +// +// - updates request context with `logger.ReqInfo` and api name based on the +// name of the function handler passed (this handler must be a method of +// `adminAPIHandlers`). +// +// - sets up call to send AuditLog +// +// Note that, while this is a middleware function (i.e. it takes a handler +// function and returns one), due to flags being passed based on required +// conditions, it is done per-"handler function registration" in the router. +// +// When no flags are passed, gzip compression, http tracing of headers and +// checking of object layer availability are all enabled. Use flags to modify +// this behavior. +func adminMiddleware(f http.HandlerFunc, flags ...hFlag) http.HandlerFunc { + // Collect all flags with bitwise-OR and assign operator + var handlerFlags hFlag + for _, flag := range flags { + handlerFlags |= flag + } + + // Get name of the handler using reflection. NOTE: The passed in handler + // function must be a method of `adminAPIHandlers` for this extraction to + // work as expected. + handlerName := getHandlerName(f) + + var handler http.HandlerFunc = func(w http.ResponseWriter, r *http.Request) { + // Update request context with `logger.ReqInfo`. + r = r.WithContext(newContext(r, w, handlerName)) + + defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r)) + + // Check if object layer is available, if not return error early. + if !handlerFlags.Has(noObjLayerFlag) { + objectAPI := newObjectLayerFn() + if objectAPI == nil || globalNotificationSys == nil { + writeErrorResponseJSON(r.Context(), w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL) + return + } + } + + // Apply http tracing "middleware" based on presence of flag. + var f2 http.HandlerFunc + if handlerFlags.Has(traceAllFlag) { + f2 = httpTraceAll(f) + } else { + f2 = httpTraceHdrs(f) + } + + // call the final handler + f2(w, r) + } + + // Enable compression of responses based on presence of flag. + if !handlerFlags.Has(noGZFlag) { + handler = gzipHandler(handler) + } + + return handler +} + // adminAPIHandlers provides HTTP handlers for MinIO admin API. type adminAPIHandlers struct{} @@ -48,268 +151,262 @@ func registerAdminRouter(router *mux.Router, enableConfigOps bool) { adminAPIVersionPrefix, } - gz, err := gzhttp.NewWrapper(gzhttp.MinSize(1000), gzhttp.CompressionLevel(gzip.BestSpeed)) - if err != nil { - // Static params, so this is very unlikely. - logger.Fatal(err, "Unable to initialize server") - } - for _, adminVersion := range adminVersions { // Restart and stop MinIO service. - adminRouter.Methods(http.MethodPost).Path(adminVersion+"/service").HandlerFunc(gz(httpTraceAll(adminAPI.ServiceHandler))).Queries("action", "{action:.*}") + adminRouter.Methods(http.MethodPost).Path(adminVersion+"/service").HandlerFunc(adminMiddleware(adminAPI.ServiceHandler, traceAllFlag)).Queries("action", "{action:.*}") // Update MinIO servers. - adminRouter.Methods(http.MethodPost).Path(adminVersion+"/update").HandlerFunc(gz(httpTraceAll(adminAPI.ServerUpdateHandler))).Queries("updateURL", "{updateURL:.*}") + adminRouter.Methods(http.MethodPost).Path(adminVersion+"/update").HandlerFunc(adminMiddleware(adminAPI.ServerUpdateHandler, traceAllFlag)).Queries("updateURL", "{updateURL:.*}") // Info operations - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/info").HandlerFunc(gz(httpTraceAll(adminAPI.ServerInfoHandler))) - adminRouter.Methods(http.MethodGet, http.MethodPost).Path(adminVersion + "/inspect-data").HandlerFunc(httpTraceAll(adminAPI.InspectDataHandler)) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/info").HandlerFunc(adminMiddleware(adminAPI.ServerInfoHandler, traceAllFlag, noObjLayerFlag)) + adminRouter.Methods(http.MethodGet, http.MethodPost).Path(adminVersion + "/inspect-data").HandlerFunc(adminMiddleware(adminAPI.InspectDataHandler, noGZFlag, traceAllFlag)) // StorageInfo operations - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/storageinfo").HandlerFunc(gz(httpTraceAll(adminAPI.StorageInfoHandler))) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/storageinfo").HandlerFunc(adminMiddleware(adminAPI.StorageInfoHandler, traceAllFlag)) // DataUsageInfo operations - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/datausageinfo").HandlerFunc(gz(httpTraceAll(adminAPI.DataUsageInfoHandler))) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/datausageinfo").HandlerFunc(adminMiddleware(adminAPI.DataUsageInfoHandler, traceAllFlag)) // Metrics operation - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/metrics").HandlerFunc(gz(httpTraceAll(adminAPI.MetricsHandler))) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/metrics").HandlerFunc(adminMiddleware(adminAPI.MetricsHandler, traceAllFlag)) if globalIsDistErasure || globalIsErasure { // Heal operations // Heal processing endpoint. - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/heal/").HandlerFunc(gz(httpTraceAll(adminAPI.HealHandler))) - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/heal/{bucket}").HandlerFunc(gz(httpTraceAll(adminAPI.HealHandler))) - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/heal/{bucket}/{prefix:.*}").HandlerFunc(gz(httpTraceAll(adminAPI.HealHandler))) - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/background-heal/status").HandlerFunc(gz(httpTraceAll(adminAPI.BackgroundHealStatusHandler))) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/heal/").HandlerFunc(adminMiddleware(adminAPI.HealHandler, traceAllFlag)) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/heal/{bucket}").HandlerFunc(adminMiddleware(adminAPI.HealHandler, traceAllFlag)) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/heal/{bucket}/{prefix:.*}").HandlerFunc(adminMiddleware(adminAPI.HealHandler, traceAllFlag)) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/background-heal/status").HandlerFunc(adminMiddleware(adminAPI.BackgroundHealStatusHandler, traceAllFlag)) // Pool operations - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/pools/list").HandlerFunc(gz(httpTraceAll(adminAPI.ListPools))) - adminRouter.Methods(http.MethodGet).Path(adminVersion+"/pools/status").HandlerFunc(gz(httpTraceAll(adminAPI.StatusPool))).Queries("pool", "{pool:.*}") + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/pools/list").HandlerFunc(adminMiddleware(adminAPI.ListPools, traceAllFlag)) + adminRouter.Methods(http.MethodGet).Path(adminVersion+"/pools/status").HandlerFunc(adminMiddleware(adminAPI.StatusPool, traceAllFlag)).Queries("pool", "{pool:.*}") - adminRouter.Methods(http.MethodPost).Path(adminVersion+"/pools/decommission").HandlerFunc(gz(httpTraceAll(adminAPI.StartDecommission))).Queries("pool", "{pool:.*}") - adminRouter.Methods(http.MethodPost).Path(adminVersion+"/pools/cancel").HandlerFunc(gz(httpTraceAll(adminAPI.CancelDecommission))).Queries("pool", "{pool:.*}") + adminRouter.Methods(http.MethodPost).Path(adminVersion+"/pools/decommission").HandlerFunc(adminMiddleware(adminAPI.StartDecommission, traceAllFlag)).Queries("pool", "{pool:.*}") + adminRouter.Methods(http.MethodPost).Path(adminVersion+"/pools/cancel").HandlerFunc(adminMiddleware(adminAPI.CancelDecommission, traceAllFlag)).Queries("pool", "{pool:.*}") // Rebalance operations - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/rebalance/start").HandlerFunc(gz(httpTraceAll(adminAPI.RebalanceStart))) - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/rebalance/status").HandlerFunc(gz(httpTraceAll(adminAPI.RebalanceStatus))) - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/rebalance/stop").HandlerFunc(gz(httpTraceAll(adminAPI.RebalanceStop))) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/rebalance/start").HandlerFunc(adminMiddleware(adminAPI.RebalanceStart, traceAllFlag)) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/rebalance/status").HandlerFunc(adminMiddleware(adminAPI.RebalanceStatus, traceAllFlag)) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/rebalance/stop").HandlerFunc(adminMiddleware(adminAPI.RebalanceStop, traceAllFlag)) } // Profiling operations - deprecated API - adminRouter.Methods(http.MethodPost).Path(adminVersion+"/profiling/start").HandlerFunc(gz(httpTraceAll(adminAPI.StartProfilingHandler))). + adminRouter.Methods(http.MethodPost).Path(adminVersion+"/profiling/start").HandlerFunc(adminMiddleware(adminAPI.StartProfilingHandler, traceAllFlag, noObjLayerFlag)). Queries("profilerType", "{profilerType:.*}") - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/profiling/download").HandlerFunc(gz(httpTraceAll(adminAPI.DownloadProfilingHandler))) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/profiling/download").HandlerFunc(adminMiddleware(adminAPI.DownloadProfilingHandler, traceAllFlag, noObjLayerFlag)) // Profiling operations - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/profile").HandlerFunc(gz(httpTraceAll(adminAPI.ProfileHandler))) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/profile").HandlerFunc(adminMiddleware(adminAPI.ProfileHandler, traceAllFlag, noObjLayerFlag)) // Config KV operations. if enableConfigOps { - adminRouter.Methods(http.MethodGet).Path(adminVersion+"/get-config-kv").HandlerFunc(gz(httpTraceHdrs(adminAPI.GetConfigKVHandler))).Queries("key", "{key:.*}") - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/set-config-kv").HandlerFunc(gz(httpTraceHdrs(adminAPI.SetConfigKVHandler))) - adminRouter.Methods(http.MethodDelete).Path(adminVersion + "/del-config-kv").HandlerFunc(gz(httpTraceHdrs(adminAPI.DelConfigKVHandler))) + adminRouter.Methods(http.MethodGet).Path(adminVersion+"/get-config-kv").HandlerFunc(adminMiddleware(adminAPI.GetConfigKVHandler)).Queries("key", "{key:.*}") + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/set-config-kv").HandlerFunc(adminMiddleware(adminAPI.SetConfigKVHandler)) + adminRouter.Methods(http.MethodDelete).Path(adminVersion + "/del-config-kv").HandlerFunc(adminMiddleware(adminAPI.DelConfigKVHandler)) } // Enable config help in all modes. - adminRouter.Methods(http.MethodGet).Path(adminVersion+"/help-config-kv").HandlerFunc(gz(httpTraceAll(adminAPI.HelpConfigKVHandler))).Queries("subSys", "{subSys:.*}", "key", "{key:.*}") + adminRouter.Methods(http.MethodGet).Path(adminVersion+"/help-config-kv").HandlerFunc(adminMiddleware(adminAPI.HelpConfigKVHandler, traceAllFlag)).Queries("subSys", "{subSys:.*}", "key", "{key:.*}") // Config KV history operations. if enableConfigOps { - adminRouter.Methods(http.MethodGet).Path(adminVersion+"/list-config-history-kv").HandlerFunc(gz(httpTraceAll(adminAPI.ListConfigHistoryKVHandler))).Queries("count", "{count:[0-9]+}") - adminRouter.Methods(http.MethodDelete).Path(adminVersion+"/clear-config-history-kv").HandlerFunc(gz(httpTraceHdrs(adminAPI.ClearConfigHistoryKVHandler))).Queries("restoreId", "{restoreId:.*}") - adminRouter.Methods(http.MethodPut).Path(adminVersion+"/restore-config-history-kv").HandlerFunc(gz(httpTraceHdrs(adminAPI.RestoreConfigHistoryKVHandler))).Queries("restoreId", "{restoreId:.*}") + adminRouter.Methods(http.MethodGet).Path(adminVersion+"/list-config-history-kv").HandlerFunc(adminMiddleware(adminAPI.ListConfigHistoryKVHandler, traceAllFlag)).Queries("count", "{count:[0-9]+}") + adminRouter.Methods(http.MethodDelete).Path(adminVersion+"/clear-config-history-kv").HandlerFunc(adminMiddleware(adminAPI.ClearConfigHistoryKVHandler)).Queries("restoreId", "{restoreId:.*}") + adminRouter.Methods(http.MethodPut).Path(adminVersion+"/restore-config-history-kv").HandlerFunc(adminMiddleware(adminAPI.RestoreConfigHistoryKVHandler)).Queries("restoreId", "{restoreId:.*}") } // Config import/export bulk operations if enableConfigOps { // Get config - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/config").HandlerFunc(gz(httpTraceHdrs(adminAPI.GetConfigHandler))) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/config").HandlerFunc(adminMiddleware(adminAPI.GetConfigHandler)) // Set config - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/config").HandlerFunc(gz(httpTraceHdrs(adminAPI.SetConfigHandler))) + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/config").HandlerFunc(adminMiddleware(adminAPI.SetConfigHandler)) } // -- IAM APIs -- // Add policy IAM - adminRouter.Methods(http.MethodPut).Path(adminVersion+"/add-canned-policy").HandlerFunc(gz(httpTraceAll(adminAPI.AddCannedPolicy))).Queries("name", "{name:.*}") + adminRouter.Methods(http.MethodPut).Path(adminVersion+"/add-canned-policy").HandlerFunc(adminMiddleware(adminAPI.AddCannedPolicy, traceAllFlag)).Queries("name", "{name:.*}") // Add user IAM - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/accountinfo").HandlerFunc(gz(httpTraceAll(adminAPI.AccountInfoHandler))) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/accountinfo").HandlerFunc(adminMiddleware(adminAPI.AccountInfoHandler, traceAllFlag)) - adminRouter.Methods(http.MethodPut).Path(adminVersion+"/add-user").HandlerFunc(gz(httpTraceHdrs(adminAPI.AddUser))).Queries("accessKey", "{accessKey:.*}") + adminRouter.Methods(http.MethodPut).Path(adminVersion+"/add-user").HandlerFunc(adminMiddleware(adminAPI.AddUser)).Queries("accessKey", "{accessKey:.*}") - adminRouter.Methods(http.MethodPut).Path(adminVersion+"/set-user-status").HandlerFunc(gz(httpTraceHdrs(adminAPI.SetUserStatus))).Queries("accessKey", "{accessKey:.*}").Queries("status", "{status:.*}") + adminRouter.Methods(http.MethodPut).Path(adminVersion+"/set-user-status").HandlerFunc(adminMiddleware(adminAPI.SetUserStatus)).Queries("accessKey", "{accessKey:.*}").Queries("status", "{status:.*}") // Service accounts ops - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/add-service-account").HandlerFunc(gz(httpTraceHdrs(adminAPI.AddServiceAccount))) - adminRouter.Methods(http.MethodPost).Path(adminVersion+"/update-service-account").HandlerFunc(gz(httpTraceHdrs(adminAPI.UpdateServiceAccount))).Queries("accessKey", "{accessKey:.*}") - adminRouter.Methods(http.MethodGet).Path(adminVersion+"/info-service-account").HandlerFunc(gz(httpTraceHdrs(adminAPI.InfoServiceAccount))).Queries("accessKey", "{accessKey:.*}") - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/list-service-accounts").HandlerFunc(gz(httpTraceHdrs(adminAPI.ListServiceAccounts))) - adminRouter.Methods(http.MethodDelete).Path(adminVersion+"/delete-service-account").HandlerFunc(gz(httpTraceHdrs(adminAPI.DeleteServiceAccount))).Queries("accessKey", "{accessKey:.*}") + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/add-service-account").HandlerFunc(adminMiddleware(adminAPI.AddServiceAccount)) + adminRouter.Methods(http.MethodPost).Path(adminVersion+"/update-service-account").HandlerFunc(adminMiddleware(adminAPI.UpdateServiceAccount)).Queries("accessKey", "{accessKey:.*}") + adminRouter.Methods(http.MethodGet).Path(adminVersion+"/info-service-account").HandlerFunc(adminMiddleware(adminAPI.InfoServiceAccount)).Queries("accessKey", "{accessKey:.*}") + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/list-service-accounts").HandlerFunc(adminMiddleware(adminAPI.ListServiceAccounts)) + adminRouter.Methods(http.MethodDelete).Path(adminVersion+"/delete-service-account").HandlerFunc(adminMiddleware(adminAPI.DeleteServiceAccount)).Queries("accessKey", "{accessKey:.*}") // STS accounts ops - adminRouter.Methods(http.MethodGet).Path(adminVersion+"/temporary-account-info").HandlerFunc(gz(httpTraceHdrs(adminAPI.TemporaryAccountInfo))).Queries("accessKey", "{accessKey:.*}") + adminRouter.Methods(http.MethodGet).Path(adminVersion+"/temporary-account-info").HandlerFunc(adminMiddleware(adminAPI.TemporaryAccountInfo)).Queries("accessKey", "{accessKey:.*}") // Info policy IAM latest - adminRouter.Methods(http.MethodGet).Path(adminVersion+"/info-canned-policy").HandlerFunc(gz(httpTraceHdrs(adminAPI.InfoCannedPolicy))).Queries("name", "{name:.*}") + adminRouter.Methods(http.MethodGet).Path(adminVersion+"/info-canned-policy").HandlerFunc(adminMiddleware(adminAPI.InfoCannedPolicy)).Queries("name", "{name:.*}") // List policies latest - adminRouter.Methods(http.MethodGet).Path(adminVersion+"/list-canned-policies").HandlerFunc(gz(httpTraceHdrs(adminAPI.ListBucketPolicies))).Queries("bucket", "{bucket:.*}") - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/list-canned-policies").HandlerFunc(gz(httpTraceHdrs(adminAPI.ListCannedPolicies))) + adminRouter.Methods(http.MethodGet).Path(adminVersion+"/list-canned-policies").HandlerFunc(adminMiddleware(adminAPI.ListBucketPolicies)).Queries("bucket", "{bucket:.*}") + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/list-canned-policies").HandlerFunc(adminMiddleware(adminAPI.ListCannedPolicies)) // Builtin IAM policy associations - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/idp/builtin/policy-entities").HandlerFunc(gz(httpTraceHdrs(adminAPI.ListPolicyMappingEntities))) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/idp/builtin/policy-entities").HandlerFunc(adminMiddleware(adminAPI.ListPolicyMappingEntities)) // Remove policy IAM - adminRouter.Methods(http.MethodDelete).Path(adminVersion+"/remove-canned-policy").HandlerFunc(gz(httpTraceHdrs(adminAPI.RemoveCannedPolicy))).Queries("name", "{name:.*}") + adminRouter.Methods(http.MethodDelete).Path(adminVersion+"/remove-canned-policy").HandlerFunc(adminMiddleware(adminAPI.RemoveCannedPolicy)).Queries("name", "{name:.*}") // Set user or group policy adminRouter.Methods(http.MethodPut).Path(adminVersion+"/set-user-or-group-policy"). - HandlerFunc(gz(httpTraceHdrs(adminAPI.SetPolicyForUserOrGroup))). + HandlerFunc(adminMiddleware(adminAPI.SetPolicyForUserOrGroup)). Queries("policyName", "{policyName:.*}", "userOrGroup", "{userOrGroup:.*}", "isGroup", "{isGroup:true|false}") // Attach/Detach policies to/from user or group - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/idp/builtin/policy/{operation}").HandlerFunc(gz(httpTraceHdrs(adminAPI.AttachDetachPolicyBuiltin))) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/idp/builtin/policy/{operation}").HandlerFunc(adminMiddleware(adminAPI.AttachDetachPolicyBuiltin)) // Remove user IAM - adminRouter.Methods(http.MethodDelete).Path(adminVersion+"/remove-user").HandlerFunc(gz(httpTraceHdrs(adminAPI.RemoveUser))).Queries("accessKey", "{accessKey:.*}") + adminRouter.Methods(http.MethodDelete).Path(adminVersion+"/remove-user").HandlerFunc(adminMiddleware(adminAPI.RemoveUser)).Queries("accessKey", "{accessKey:.*}") // List users - adminRouter.Methods(http.MethodGet).Path(adminVersion+"/list-users").HandlerFunc(gz(httpTraceHdrs(adminAPI.ListBucketUsers))).Queries("bucket", "{bucket:.*}") - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/list-users").HandlerFunc(gz(httpTraceHdrs(adminAPI.ListUsers))) + adminRouter.Methods(http.MethodGet).Path(adminVersion+"/list-users").HandlerFunc(adminMiddleware(adminAPI.ListBucketUsers)).Queries("bucket", "{bucket:.*}") + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/list-users").HandlerFunc(adminMiddleware(adminAPI.ListUsers)) // User info - adminRouter.Methods(http.MethodGet).Path(adminVersion+"/user-info").HandlerFunc(gz(httpTraceHdrs(adminAPI.GetUserInfo))).Queries("accessKey", "{accessKey:.*}") + adminRouter.Methods(http.MethodGet).Path(adminVersion+"/user-info").HandlerFunc(adminMiddleware(adminAPI.GetUserInfo)).Queries("accessKey", "{accessKey:.*}") // Add/Remove members from group - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/update-group-members").HandlerFunc(gz(httpTraceHdrs(adminAPI.UpdateGroupMembers))) + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/update-group-members").HandlerFunc(adminMiddleware(adminAPI.UpdateGroupMembers)) // Get Group - adminRouter.Methods(http.MethodGet).Path(adminVersion+"/group").HandlerFunc(gz(httpTraceHdrs(adminAPI.GetGroup))).Queries("group", "{group:.*}") + adminRouter.Methods(http.MethodGet).Path(adminVersion+"/group").HandlerFunc(adminMiddleware(adminAPI.GetGroup)).Queries("group", "{group:.*}") // List Groups - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/groups").HandlerFunc(gz(httpTraceHdrs(adminAPI.ListGroups))) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/groups").HandlerFunc(adminMiddleware(adminAPI.ListGroups)) // Set Group Status - adminRouter.Methods(http.MethodPut).Path(adminVersion+"/set-group-status").HandlerFunc(gz(httpTraceHdrs(adminAPI.SetGroupStatus))).Queries("group", "{group:.*}").Queries("status", "{status:.*}") + adminRouter.Methods(http.MethodPut).Path(adminVersion+"/set-group-status").HandlerFunc(adminMiddleware(adminAPI.SetGroupStatus)).Queries("group", "{group:.*}").Queries("status", "{status:.*}") // Export IAM info to zipped file - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/export-iam").HandlerFunc(httpTraceHdrs(adminAPI.ExportIAM)) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/export-iam").HandlerFunc(adminMiddleware(adminAPI.ExportIAM, noGZFlag)) // Import IAM info - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/import-iam").HandlerFunc(httpTraceHdrs(adminAPI.ImportIAM)) + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/import-iam").HandlerFunc(adminMiddleware(adminAPI.ImportIAM, noGZFlag)) // IDentity Provider configuration APIs - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/idp-config/{type}/{name}").HandlerFunc(gz(httpTraceHdrs(adminAPI.AddIdentityProviderCfg))) - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/idp-config/{type}/{name}").HandlerFunc(gz(httpTraceHdrs(adminAPI.UpdateIdentityProviderCfg))) - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/idp-config/{type}").HandlerFunc(gz(httpTraceHdrs(adminAPI.ListIdentityProviderCfg))) - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/idp-config/{type}/{name}").HandlerFunc(gz(httpTraceHdrs(adminAPI.GetIdentityProviderCfg))) - adminRouter.Methods(http.MethodDelete).Path(adminVersion + "/idp-config/{type}/{name}").HandlerFunc(gz(httpTraceHdrs(adminAPI.DeleteIdentityProviderCfg))) + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/idp-config/{type}/{name}").HandlerFunc(adminMiddleware(adminAPI.AddIdentityProviderCfg)) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/idp-config/{type}/{name}").HandlerFunc(adminMiddleware(adminAPI.UpdateIdentityProviderCfg)) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/idp-config/{type}").HandlerFunc(adminMiddleware(adminAPI.ListIdentityProviderCfg)) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/idp-config/{type}/{name}").HandlerFunc(adminMiddleware(adminAPI.GetIdentityProviderCfg)) + adminRouter.Methods(http.MethodDelete).Path(adminVersion + "/idp-config/{type}/{name}").HandlerFunc(adminMiddleware(adminAPI.DeleteIdentityProviderCfg)) // LDAP IAM operations - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/idp/ldap/policy-entities").HandlerFunc(gz(httpTraceHdrs(adminAPI.ListLDAPPolicyMappingEntities))) - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/idp/ldap/policy/{operation}").HandlerFunc(gz(httpTraceHdrs(adminAPI.AttachDetachPolicyLDAP))) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/idp/ldap/policy-entities").HandlerFunc(adminMiddleware(adminAPI.ListLDAPPolicyMappingEntities)) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/idp/ldap/policy/{operation}").HandlerFunc(adminMiddleware(adminAPI.AttachDetachPolicyLDAP)) // -- END IAM APIs -- // GetBucketQuotaConfig adminRouter.Methods(http.MethodGet).Path(adminVersion+"/get-bucket-quota").HandlerFunc( - gz(httpTraceHdrs(adminAPI.GetBucketQuotaConfigHandler))).Queries("bucket", "{bucket:.*}") + adminMiddleware(adminAPI.GetBucketQuotaConfigHandler)).Queries("bucket", "{bucket:.*}") // PutBucketQuotaConfig adminRouter.Methods(http.MethodPut).Path(adminVersion+"/set-bucket-quota").HandlerFunc( - gz(httpTraceHdrs(adminAPI.PutBucketQuotaConfigHandler))).Queries("bucket", "{bucket:.*}") + adminMiddleware(adminAPI.PutBucketQuotaConfigHandler)).Queries("bucket", "{bucket:.*}") // Bucket replication operations // GetBucketTargetHandler adminRouter.Methods(http.MethodGet).Path(adminVersion+"/list-remote-targets").HandlerFunc( - gz(httpTraceHdrs(adminAPI.ListRemoteTargetsHandler))).Queries("bucket", "{bucket:.*}", "type", "{type:.*}") + adminMiddleware(adminAPI.ListRemoteTargetsHandler)).Queries("bucket", "{bucket:.*}", "type", "{type:.*}") // SetRemoteTargetHandler adminRouter.Methods(http.MethodPut).Path(adminVersion+"/set-remote-target").HandlerFunc( - gz(httpTraceHdrs(adminAPI.SetRemoteTargetHandler))).Queries("bucket", "{bucket:.*}") + adminMiddleware(adminAPI.SetRemoteTargetHandler)).Queries("bucket", "{bucket:.*}") // RemoveRemoteTargetHandler adminRouter.Methods(http.MethodDelete).Path(adminVersion+"/remove-remote-target").HandlerFunc( - gz(httpTraceHdrs(adminAPI.RemoveRemoteTargetHandler))).Queries("bucket", "{bucket:.*}", "arn", "{arn:.*}") + adminMiddleware(adminAPI.RemoveRemoteTargetHandler)).Queries("bucket", "{bucket:.*}", "arn", "{arn:.*}") // ReplicationDiff - MinIO extension API adminRouter.Methods(http.MethodPost).Path(adminVersion+"/replication/diff").HandlerFunc( - gz(httpTraceHdrs(adminAPI.ReplicationDiffHandler))).Queries("bucket", "{bucket:.*}") + adminMiddleware(adminAPI.ReplicationDiffHandler)).Queries("bucket", "{bucket:.*}") // ReplicationMRFHandler - MinIO extension API adminRouter.Methods(http.MethodGet).Path(adminVersion+"/replication/mrf").HandlerFunc( - gz(httpTraceHdrs(adminAPI.ReplicationMRFHandler))).Queries("bucket", "{bucket:.*}") + adminMiddleware(adminAPI.ReplicationMRFHandler)).Queries("bucket", "{bucket:.*}") // Batch job operations adminRouter.Methods(http.MethodPost).Path(adminVersion + "/start-job").HandlerFunc( - gz(httpTraceHdrs(adminAPI.StartBatchJob))) + adminMiddleware(adminAPI.StartBatchJob)) adminRouter.Methods(http.MethodGet).Path(adminVersion + "/list-jobs").HandlerFunc( - gz(httpTraceHdrs(adminAPI.ListBatchJobs))) + adminMiddleware(adminAPI.ListBatchJobs)) adminRouter.Methods(http.MethodGet).Path(adminVersion + "/describe-job").HandlerFunc( - gz(httpTraceHdrs(adminAPI.DescribeBatchJob))) + adminMiddleware(adminAPI.DescribeBatchJob)) adminRouter.Methods(http.MethodDelete).Path(adminVersion + "/cancel-job").HandlerFunc( - gz(httpTraceHdrs(adminAPI.CancelBatchJob))) + adminMiddleware(adminAPI.CancelBatchJob)) // Bucket migration operations // ExportBucketMetaHandler adminRouter.Methods(http.MethodGet).Path(adminVersion + "/export-bucket-metadata").HandlerFunc( - gz(httpTraceHdrs(adminAPI.ExportBucketMetadataHandler))) + adminMiddleware(adminAPI.ExportBucketMetadataHandler)) // ImportBucketMetaHandler adminRouter.Methods(http.MethodPut).Path(adminVersion + "/import-bucket-metadata").HandlerFunc( - gz(httpTraceHdrs(adminAPI.ImportBucketMetadataHandler))) + adminMiddleware(adminAPI.ImportBucketMetadataHandler)) // Remote Tier management operations - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/tier").HandlerFunc(gz(httpTraceHdrs(adminAPI.AddTierHandler))) - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/tier/{tier}").HandlerFunc(gz(httpTraceHdrs(adminAPI.EditTierHandler))) - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/tier").HandlerFunc(gz(httpTraceHdrs(adminAPI.ListTierHandler))) - adminRouter.Methods(http.MethodDelete).Path(adminVersion + "/tier/{tier}").HandlerFunc(gz(httpTraceHdrs(adminAPI.RemoveTierHandler))) - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/tier/{tier}").HandlerFunc(gz(httpTraceHdrs(adminAPI.VerifyTierHandler))) + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/tier").HandlerFunc(adminMiddleware(adminAPI.AddTierHandler)) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/tier/{tier}").HandlerFunc(adminMiddleware(adminAPI.EditTierHandler)) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/tier").HandlerFunc(adminMiddleware(adminAPI.ListTierHandler)) + adminRouter.Methods(http.MethodDelete).Path(adminVersion + "/tier/{tier}").HandlerFunc(adminMiddleware(adminAPI.RemoveTierHandler)) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/tier/{tier}").HandlerFunc(adminMiddleware(adminAPI.VerifyTierHandler)) // Tier stats - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/tier-stats").HandlerFunc(gz(httpTraceHdrs(adminAPI.TierStatsHandler))) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/tier-stats").HandlerFunc(adminMiddleware(adminAPI.TierStatsHandler)) // Cluster Replication APIs - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/add").HandlerFunc(gz(httpTraceHdrs(adminAPI.SiteReplicationAdd))) - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/remove").HandlerFunc(gz(httpTraceHdrs(adminAPI.SiteReplicationRemove))) - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/site-replication/info").HandlerFunc(gz(httpTraceHdrs(adminAPI.SiteReplicationInfo))) - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/site-replication/metainfo").HandlerFunc(gz(httpTraceHdrs(adminAPI.SiteReplicationMetaInfo))) - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/site-replication/status").HandlerFunc(gz(httpTraceHdrs(adminAPI.SiteReplicationStatus))) - adminRouter.Methods(http.MethodPost).Path(adminVersion + adminAPISiteReplicationDevNull).HandlerFunc(gz(httpTraceHdrs(adminAPI.SiteReplicationDevNull))) - adminRouter.Methods(http.MethodPost).Path(adminVersion + adminAPISiteReplicationNetPerf).HandlerFunc(gz(httpTraceHdrs(adminAPI.SiteReplicationNetPerf))) + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/add").HandlerFunc(adminMiddleware(adminAPI.SiteReplicationAdd)) + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/remove").HandlerFunc(adminMiddleware(adminAPI.SiteReplicationRemove)) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/site-replication/info").HandlerFunc(adminMiddleware(adminAPI.SiteReplicationInfo)) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/site-replication/metainfo").HandlerFunc(adminMiddleware(adminAPI.SiteReplicationMetaInfo)) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/site-replication/status").HandlerFunc(adminMiddleware(adminAPI.SiteReplicationStatus)) + adminRouter.Methods(http.MethodPost).Path(adminVersion + adminAPISiteReplicationDevNull).HandlerFunc(adminMiddleware(adminAPI.SiteReplicationDevNull, noObjLayerFlag)) + adminRouter.Methods(http.MethodPost).Path(adminVersion + adminAPISiteReplicationNetPerf).HandlerFunc(adminMiddleware(adminAPI.SiteReplicationNetPerf, noObjLayerFlag)) - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/peer/join").HandlerFunc(gz(httpTraceHdrs(adminAPI.SRPeerJoin))) - adminRouter.Methods(http.MethodPut).Path(adminVersion+"/site-replication/peer/bucket-ops").HandlerFunc(gz(httpTraceHdrs(adminAPI.SRPeerBucketOps))).Queries("bucket", "{bucket:.*}").Queries("operation", "{operation:.*}") - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/peer/iam-item").HandlerFunc(gz(httpTraceHdrs(adminAPI.SRPeerReplicateIAMItem))) - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/peer/bucket-meta").HandlerFunc(gz(httpTraceHdrs(adminAPI.SRPeerReplicateBucketItem))) - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/site-replication/peer/idp-settings").HandlerFunc(gz(httpTraceHdrs(adminAPI.SRPeerGetIDPSettings))) - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/edit").HandlerFunc(gz(httpTraceHdrs(adminAPI.SiteReplicationEdit))) - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/peer/edit").HandlerFunc(gz(httpTraceHdrs(adminAPI.SRPeerEdit))) - adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/peer/remove").HandlerFunc(gz(httpTraceHdrs(adminAPI.SRPeerRemove))) - adminRouter.Methods(http.MethodPut).Path(adminVersion+"/site-replication/resync/op").HandlerFunc(gz(httpTraceHdrs(adminAPI.SiteReplicationResyncOp))).Queries("operation", "{operation:.*}") + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/peer/join").HandlerFunc(adminMiddleware(adminAPI.SRPeerJoin)) + adminRouter.Methods(http.MethodPut).Path(adminVersion+"/site-replication/peer/bucket-ops").HandlerFunc(adminMiddleware(adminAPI.SRPeerBucketOps)).Queries("bucket", "{bucket:.*}").Queries("operation", "{operation:.*}") + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/peer/iam-item").HandlerFunc(adminMiddleware(adminAPI.SRPeerReplicateIAMItem)) + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/peer/bucket-meta").HandlerFunc(adminMiddleware(adminAPI.SRPeerReplicateBucketItem)) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/site-replication/peer/idp-settings").HandlerFunc(adminMiddleware(adminAPI.SRPeerGetIDPSettings)) + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/edit").HandlerFunc(adminMiddleware(adminAPI.SiteReplicationEdit)) + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/peer/edit").HandlerFunc(adminMiddleware(adminAPI.SRPeerEdit)) + adminRouter.Methods(http.MethodPut).Path(adminVersion + "/site-replication/peer/remove").HandlerFunc(adminMiddleware(adminAPI.SRPeerRemove)) + adminRouter.Methods(http.MethodPut).Path(adminVersion+"/site-replication/resync/op").HandlerFunc(adminMiddleware(adminAPI.SiteReplicationResyncOp)).Queries("operation", "{operation:.*}") if globalIsDistErasure { // Top locks - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/top/locks").HandlerFunc(gz(httpTraceHdrs(adminAPI.TopLocksHandler))) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/top/locks").HandlerFunc(adminMiddleware(adminAPI.TopLocksHandler)) // Force unlocks paths adminRouter.Methods(http.MethodPost).Path(adminVersion+"/force-unlock"). - Queries("paths", "{paths:.*}").HandlerFunc(gz(httpTraceHdrs(adminAPI.ForceUnlockHandler))) + Queries("paths", "{paths:.*}").HandlerFunc(adminMiddleware(adminAPI.ForceUnlockHandler)) } - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/speedtest").HandlerFunc(httpTraceHdrs(adminAPI.ObjectSpeedTestHandler)) - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/speedtest/object").HandlerFunc(httpTraceHdrs(adminAPI.ObjectSpeedTestHandler)) - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/speedtest/drive").HandlerFunc(httpTraceHdrs(adminAPI.DriveSpeedtestHandler)) - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/speedtest/net").HandlerFunc(httpTraceHdrs(adminAPI.NetperfHandler)) - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/speedtest/site").HandlerFunc(httpTraceHdrs(adminAPI.SitePerfHandler)) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/speedtest").HandlerFunc(adminMiddleware(adminAPI.ObjectSpeedTestHandler, noGZFlag)) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/speedtest/object").HandlerFunc(adminMiddleware(adminAPI.ObjectSpeedTestHandler, noGZFlag)) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/speedtest/drive").HandlerFunc(adminMiddleware(adminAPI.DriveSpeedtestHandler, noGZFlag)) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/speedtest/net").HandlerFunc(adminMiddleware(adminAPI.NetperfHandler, noGZFlag)) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/speedtest/site").HandlerFunc(adminMiddleware(adminAPI.SitePerfHandler, noGZFlag)) // HTTP Trace - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/trace").HandlerFunc(gz(http.HandlerFunc(adminAPI.TraceHandler))) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/trace").HandlerFunc(adminMiddleware(adminAPI.TraceHandler, noObjLayerFlag)) // Console Logs - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/log").HandlerFunc(gz(httpTraceAll(adminAPI.ConsoleLogHandler))) + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/log").HandlerFunc(adminMiddleware(adminAPI.ConsoleLogHandler, traceAllFlag)) // -- KMS APIs -- // - adminRouter.Methods(http.MethodPost).Path(adminVersion + "/kms/status").HandlerFunc(gz(httpTraceAll(adminAPI.KMSStatusHandler))) - adminRouter.Methods(http.MethodPost).Path(adminVersion+"/kms/key/create").HandlerFunc(gz(httpTraceAll(adminAPI.KMSCreateKeyHandler))).Queries("key-id", "{key-id:.*}") - adminRouter.Methods(http.MethodGet).Path(adminVersion + "/kms/key/status").HandlerFunc(gz(httpTraceAll(adminAPI.KMSKeyStatusHandler))) + adminRouter.Methods(http.MethodPost).Path(adminVersion + "/kms/status").HandlerFunc(adminMiddleware(adminAPI.KMSStatusHandler, traceAllFlag)) + adminRouter.Methods(http.MethodPost).Path(adminVersion+"/kms/key/create").HandlerFunc(adminMiddleware(adminAPI.KMSCreateKeyHandler, traceAllFlag)).Queries("key-id", "{key-id:.*}") + adminRouter.Methods(http.MethodGet).Path(adminVersion + "/kms/key/status").HandlerFunc(adminMiddleware(adminAPI.KMSKeyStatusHandler, traceAllFlag)) // Keep obdinfo for backward compatibility with mc adminRouter.Methods(http.MethodGet).Path(adminVersion + "/obdinfo"). - HandlerFunc(gz(httpTraceHdrs(adminAPI.HealthInfoHandler))) + HandlerFunc(adminMiddleware(adminAPI.HealthInfoHandler)) // -- Health API -- adminRouter.Methods(http.MethodGet).Path(adminVersion + "/healthinfo"). - HandlerFunc(gz(httpTraceHdrs(adminAPI.HealthInfoHandler))) + HandlerFunc(adminMiddleware(adminAPI.HealthInfoHandler)) } // If none of the routes match add default error handler routes diff --git a/cmd/batch-handlers.go b/cmd/batch-handlers.go index 6d94a3918..42491621b 100644 --- a/cmd/batch-handlers.go +++ b/cmd/batch-handlers.go @@ -1463,9 +1463,7 @@ func batchReplicationOpts(ctx context.Context, sc string, objInfo ObjectInfo) (p // ListBatchJobs - lists all currently active batch jobs, optionally takes {jobType} // input to list only active batch jobs of 'jobType' func (a adminAPIHandlers) ListBatchJobs(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ListBatchJobs") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ListBatchJobsAction) if objectAPI == nil { @@ -1515,9 +1513,7 @@ var errNoSuchJob = errors.New("no such job") // DescribeBatchJob returns the currently active batch job definition func (a adminAPIHandlers) DescribeBatchJob(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "DescribeBatchJob") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.DescribeBatchJobAction) if objectAPI == nil { @@ -1552,9 +1548,7 @@ func (a adminAPIHandlers) DescribeBatchJob(w http.ResponseWriter, r *http.Reques // StarBatchJob queue a new job for execution func (a adminAPIHandlers) StartBatchJob(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "StartBatchJob") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, creds := validateAdminReq(ctx, w, r, iampolicy.StartBatchJobAction) if objectAPI == nil { @@ -1608,9 +1602,7 @@ func (a adminAPIHandlers) StartBatchJob(w http.ResponseWriter, r *http.Request) // CancelBatchJob cancels a job in progress func (a adminAPIHandlers) CancelBatchJob(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "CancelBatchJob") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.CancelBatchJobAction) if objectAPI == nil { diff --git a/cmd/tier-handlers.go b/cmd/tier-handlers.go index 933cef58a..66075b963 100644 --- a/cmd/tier-handlers.go +++ b/cmd/tier-handlers.go @@ -26,7 +26,6 @@ import ( jsoniter "github.com/json-iterator/go" "github.com/minio/madmin-go/v3" "github.com/minio/minio/internal/config/storageclass" - "github.com/minio/minio/internal/logger" "github.com/minio/mux" iampolicy "github.com/minio/pkg/iam/policy" ) @@ -71,9 +70,7 @@ var ( ) func (api adminAPIHandlers) AddTierHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "AddTier") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objAPI, cred := validateAdminReq(ctx, w, r, iampolicy.SetTierAction) if objAPI == nil { @@ -129,9 +126,7 @@ func (api adminAPIHandlers) AddTierHandler(w http.ResponseWriter, r *http.Reques } func (api adminAPIHandlers) ListTierHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "ListTier") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ListTierAction) if objAPI == nil { @@ -149,9 +144,7 @@ func (api adminAPIHandlers) ListTierHandler(w http.ResponseWriter, r *http.Reque } func (api adminAPIHandlers) EditTierHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "EditTier") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objAPI, cred := validateAdminReq(ctx, w, r, iampolicy.SetTierAction) if objAPI == nil { @@ -195,9 +188,7 @@ func (api adminAPIHandlers) EditTierHandler(w http.ResponseWriter, r *http.Reque } func (api adminAPIHandlers) RemoveTierHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "RemoveTier") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objAPI, _ := validateAdminReq(ctx, w, r, iampolicy.SetTierAction) if objAPI == nil { @@ -226,9 +217,7 @@ func (api adminAPIHandlers) RemoveTierHandler(w http.ResponseWriter, r *http.Req } func (api adminAPIHandlers) VerifyTierHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "VerifyTier") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ListTierAction) if objAPI == nil { @@ -246,9 +235,7 @@ func (api adminAPIHandlers) VerifyTierHandler(w http.ResponseWriter, r *http.Req } func (api adminAPIHandlers) TierStatsHandler(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "TierStats") - - defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + ctx := r.Context() objAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ListTierAction) if objAPI == nil {