fix: under site replication disallow remote target modification (#16628)

This commit is contained in:
Poorna 2023-02-15 20:22:13 -08:00 committed by GitHub
parent eb7d3da994
commit c33a237067
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 263 additions and 254 deletions

View File

@ -225,10 +225,12 @@ func (a adminAPIHandlers) SetRemoteTargetHandler(w http.ResponseWriter, r *http.
for _, op := range ops { for _, op := range ops {
switch op { switch op {
case madmin.CredentialsUpdateType: case madmin.CredentialsUpdateType:
if !globalSiteReplicationSys.isEnabled() { if globalSiteReplicationSys.isEnabled() {
tgt.Credentials = target.Credentials writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErrWithErr(ErrRemoteTargetDenyEditError, err), r.URL)
tgt.TargetBucket = target.TargetBucket return
} }
tgt.Credentials = target.Credentials
tgt.TargetBucket = target.TargetBucket
tgt.Secure = target.Secure tgt.Secure = target.Secure
tgt.Endpoint = target.Endpoint tgt.Endpoint = target.Endpoint
case madmin.SyncUpdateType: case madmin.SyncUpdateType:

View File

@ -132,6 +132,7 @@ const (
ErrReplicationNeedsVersioningError ErrReplicationNeedsVersioningError
ErrReplicationBucketNeedsVersioningError ErrReplicationBucketNeedsVersioningError
ErrReplicationDenyEditError ErrReplicationDenyEditError
ErrRemoteTargetDenyEditError
ErrReplicationNoExistingObjects ErrReplicationNoExistingObjects
ErrObjectRestoreAlreadyInProgress ErrObjectRestoreAlreadyInProgress
ErrNoSuchKey ErrNoSuchKey
@ -919,6 +920,11 @@ var errorCodes = errorCodeMap{
Description: "No matching ExistingsObjects rule enabled", Description: "No matching ExistingsObjects rule enabled",
HTTPStatusCode: http.StatusBadRequest, HTTPStatusCode: http.StatusBadRequest,
}, },
ErrRemoteTargetDenyEditError: {
Code: "XMinioAdminRemoteTargetDenyEdit",
Description: "Cannot alter remote target endpoint since this server is in a cluster replication setup. use `mc admin replicate update`",
HTTPStatusCode: http.StatusBadRequest,
},
ErrReplicationDenyEditError: { ErrReplicationDenyEditError: {
Code: "XMinioReplicationDenyEdit", Code: "XMinioReplicationDenyEdit",
Description: "Cannot alter local replication config since this server is in a cluster replication setup", Description: "Cannot alter local replication config since this server is in a cluster replication setup",

File diff suppressed because one or more lines are too long

View File

@ -415,7 +415,7 @@ func replicateDelete(ctx context.Context, dobj DeletedObjectReplicationInfo, obj
lkctx, err := lk.GetLock(ctx, globalOperationTimeout) lkctx, err := lk.GetLock(ctx, globalOperationTimeout)
if err != nil { if err != nil {
globalReplicationPool.queueMRFSave(dobj.ToMRFEntry()) globalReplicationPool.queueMRFSave(dobj.ToMRFEntry())
logger.LogIf(ctx, fmt.Errorf("failed to get lock for object: %s bucket:%s arn:%s", dobj.ObjectName, bucket, rcfg.RoleArn)) logger.LogIf(ctx, fmt.Errorf("failed to get lock for object: %s bucket:%s arn:%s", dobj.ObjectName, bucket, dobj.TargetArn))
sendEvent(eventArgs{ sendEvent(eventArgs{
BucketName: bucket, BucketName: bucket,
Object: ObjectInfo{ Object: ObjectInfo{
@ -938,7 +938,7 @@ func replicateObject(ctx context.Context, ri ReplicateObjectInfo, objectAPI Obje
Host: "Internal: [Replication]", Host: "Internal: [Replication]",
}) })
globalReplicationPool.queueMRFSave(ri.ToMRFEntry()) globalReplicationPool.queueMRFSave(ri.ToMRFEntry())
logger.LogIf(ctx, fmt.Errorf("failed to get lock for object: %s bucket:%s arn:%s", object, bucket, cfg.RoleArn)) logger.LogIf(ctx, fmt.Errorf("failed to get lock for object: %s bucket:%s arn:%s", object, bucket, ri.TargetArn))
return return
} }
ctx = lkctx.Context() ctx = lkctx.Context()