mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
Removed user and group details from logs (#20072)
Signed-off-by: Shubhendu Ram Tripathi <shubhendu@minio.io>
This commit is contained in:
parent
eff0ea43aa
commit
f944a42886
@ -2308,7 +2308,7 @@ func (a adminAPIHandlers) ImportIAM(w http.ResponseWriter, r *http.Request) {
|
||||
// clean import.
|
||||
err := globalIAMSys.DeleteServiceAccount(ctx, svcAcctReq.AccessKey, true)
|
||||
if err != nil {
|
||||
delErr := fmt.Errorf("failed to delete existing service account(%s) before importing it: %w", svcAcctReq.AccessKey, err)
|
||||
delErr := fmt.Errorf("failed to delete existing service account (%s) before importing it: %w", svcAcctReq.AccessKey, err)
|
||||
writeErrorResponseJSON(ctx, w, importError(ctx, delErr, allSvcAcctsFile, user), r.URL)
|
||||
return
|
||||
}
|
||||
|
@ -495,7 +495,7 @@ func (iamOS *IAMObjectStore) loadAllFromObjStore(ctx context.Context, cache *iam
|
||||
for _, item := range regUsersList {
|
||||
userName := path.Dir(item)
|
||||
if err := iamOS.loadUser(ctx, userName, regUser, cache.iamUsersMap); err != nil && err != errNoSuchUser {
|
||||
return fmt.Errorf("unable to load the user `%s`: %w", userName, err)
|
||||
return fmt.Errorf("unable to load the user: %w", err)
|
||||
}
|
||||
}
|
||||
if took := time.Since(regUsersLoadStartTime); took > maxIAMLoadOpTime {
|
||||
@ -510,7 +510,7 @@ func (iamOS *IAMObjectStore) loadAllFromObjStore(ctx context.Context, cache *iam
|
||||
for _, item := range groupsList {
|
||||
group := path.Dir(item)
|
||||
if err := iamOS.loadGroup(ctx, group, cache.iamGroupsMap); err != nil && err != errNoSuchGroup {
|
||||
return fmt.Errorf("unable to load the group `%s`: %w", group, err)
|
||||
return fmt.Errorf("unable to load the group: %w", err)
|
||||
}
|
||||
}
|
||||
if took := time.Since(groupsLoadStartTime); took > maxIAMLoadOpTime {
|
||||
@ -524,7 +524,7 @@ func (iamOS *IAMObjectStore) loadAllFromObjStore(ctx context.Context, cache *iam
|
||||
for _, item := range userPolicyMappingsList {
|
||||
userName := strings.TrimSuffix(item, ".json")
|
||||
if err := iamOS.loadMappedPolicy(ctx, userName, regUser, false, cache.iamUserPolicyMap); err != nil && !errors.Is(err, errNoSuchPolicy) {
|
||||
return fmt.Errorf("unable to load the policy mapping for the user `%s`: %w", userName, err)
|
||||
return fmt.Errorf("unable to load the policy mapping for the user: %w", err)
|
||||
}
|
||||
}
|
||||
if took := time.Since(userPolicyMappingLoadStartTime); took > maxIAMLoadOpTime {
|
||||
@ -537,7 +537,7 @@ func (iamOS *IAMObjectStore) loadAllFromObjStore(ctx context.Context, cache *iam
|
||||
for _, item := range groupPolicyMappingsList {
|
||||
groupName := strings.TrimSuffix(item, ".json")
|
||||
if err := iamOS.loadMappedPolicy(ctx, groupName, regUser, true, cache.iamGroupPolicyMap); err != nil && !errors.Is(err, errNoSuchPolicy) {
|
||||
return fmt.Errorf("unable to load the policy mapping for the group `%s`: %w", groupName, err)
|
||||
return fmt.Errorf("unable to load the policy mapping for the group: %w", err)
|
||||
}
|
||||
}
|
||||
if took := time.Since(groupPolicyMappingLoadStartTime); took > maxIAMLoadOpTime {
|
||||
@ -551,7 +551,7 @@ func (iamOS *IAMObjectStore) loadAllFromObjStore(ctx context.Context, cache *iam
|
||||
for _, item := range svcAccList {
|
||||
userName := path.Dir(item)
|
||||
if err := iamOS.loadUser(ctx, userName, svcUser, svcUsersMap); err != nil && err != errNoSuchUser {
|
||||
return fmt.Errorf("unable to load the service account `%s`: %w", userName, err)
|
||||
return fmt.Errorf("unable to load the service account: %w", err)
|
||||
}
|
||||
}
|
||||
if took := time.Since(svcAccLoadStartTime); took > maxIAMLoadOpTime {
|
||||
@ -580,7 +580,7 @@ func (iamOS *IAMObjectStore) loadAllFromObjStore(ctx context.Context, cache *iam
|
||||
// OIDC/AssumeRoleWithCustomToken/AssumeRoleWithCertificate).
|
||||
err := iamOS.loadMappedPolicy(ctx, svcParent, stsUser, false, cache.iamSTSPolicyMap)
|
||||
if err != nil && !errors.Is(err, errNoSuchPolicy) {
|
||||
return fmt.Errorf("unable to load the policy mapping for the STS user `%s`: %w", svcParent, err)
|
||||
return fmt.Errorf("unable to load the policy mapping for the STS user: %w", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
10
cmd/iam.go
10
cmd/iam.go
@ -1574,11 +1574,11 @@ func (sys *IAMSys) NormalizeLDAPAccessKeypairs(ctx context.Context, accessKeyMap
|
||||
// server and is under a configured base DN.
|
||||
validatedParent, isUnderBaseDN, err := sys.LDAPConfig.GetValidatedUserDN(conn, parent)
|
||||
if err != nil {
|
||||
collectedErrors = append(collectedErrors, fmt.Errorf("could not validate `%s` exists in LDAP directory: %w", parent, err))
|
||||
collectedErrors = append(collectedErrors, fmt.Errorf("could not validate parent exists in LDAP directory: %w", err))
|
||||
continue
|
||||
}
|
||||
if validatedParent == nil || !isUnderBaseDN {
|
||||
err := fmt.Errorf("DN `%s` was not found in the LDAP directory", parent)
|
||||
err := fmt.Errorf("DN parent was not found in the LDAP directory")
|
||||
collectedErrors = append(collectedErrors, err)
|
||||
continue
|
||||
}
|
||||
@ -1593,11 +1593,11 @@ func (sys *IAMSys) NormalizeLDAPAccessKeypairs(ctx context.Context, accessKeyMap
|
||||
// configured base DN.
|
||||
validatedGroup, _, err := sys.LDAPConfig.GetValidatedGroupDN(conn, group)
|
||||
if err != nil {
|
||||
collectedErrors = append(collectedErrors, fmt.Errorf("could not validate `%s` exists in LDAP directory: %w", group, err))
|
||||
collectedErrors = append(collectedErrors, fmt.Errorf("could not validate group exists in LDAP directory: %w", err))
|
||||
continue
|
||||
}
|
||||
if validatedGroup == nil {
|
||||
err := fmt.Errorf("DN `%s` was not found in the LDAP directory", group)
|
||||
err := fmt.Errorf("DN group was not found in the LDAP directory")
|
||||
collectedErrors = append(collectedErrors, err)
|
||||
continue
|
||||
}
|
||||
@ -1687,7 +1687,7 @@ func (sys *IAMSys) NormalizeLDAPMappingImport(ctx context.Context, isGroup bool,
|
||||
continue
|
||||
}
|
||||
if validatedDN == nil || !underBaseDN {
|
||||
err := fmt.Errorf("DN `%s` was not found in the LDAP directory", k)
|
||||
err := fmt.Errorf("DN was not found in the LDAP directory")
|
||||
collectedErrors = append(collectedErrors, err)
|
||||
continue
|
||||
}
|
||||
|
@ -5390,7 +5390,7 @@ func (c *SiteReplicationSys) healUserPolicies(ctx context.Context, objAPI Object
|
||||
UpdatedAt: lastUpdate,
|
||||
})
|
||||
if err != nil {
|
||||
replLogOnceIf(ctx, fmt.Errorf("Unable to heal IAM user policy mapping for %s from peer site %s -> site %s : %w", user, latestPeerName, peerName, err),
|
||||
replLogOnceIf(ctx, fmt.Errorf("Unable to heal IAM user policy mapping from peer site %s -> site %s : %w", latestPeerName, peerName, err),
|
||||
fmt.Sprintf("heal-user-policy-%s", user))
|
||||
}
|
||||
}
|
||||
@ -5455,7 +5455,7 @@ func (c *SiteReplicationSys) healGroupPolicies(ctx context.Context, objAPI Objec
|
||||
})
|
||||
if err != nil {
|
||||
replLogOnceIf(ctx,
|
||||
fmt.Errorf("Unable to heal IAM group policy mapping for %s from peer site %s -> site %s : %w", group, latestPeerName, peerName, err),
|
||||
fmt.Errorf("Unable to heal IAM group policy mapping for from peer site %s -> site %s : %w", latestPeerName, peerName, err),
|
||||
fmt.Sprintf("heal-group-policy-%s", group))
|
||||
}
|
||||
}
|
||||
@ -5518,7 +5518,7 @@ func (c *SiteReplicationSys) healUsers(ctx context.Context, objAPI ObjectLayer,
|
||||
claims, err := globalIAMSys.GetClaimsForSvcAcc(ctx, creds.AccessKey)
|
||||
if err != nil {
|
||||
replLogOnceIf(ctx,
|
||||
fmt.Errorf("Unable to heal service account %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err),
|
||||
fmt.Errorf("Unable to heal service account from peer site %s -> %s : %w", latestPeerName, peerName, err),
|
||||
fmt.Sprintf("heal-user-%s", user))
|
||||
continue
|
||||
}
|
||||
@ -5526,7 +5526,7 @@ func (c *SiteReplicationSys) healUsers(ctx context.Context, objAPI ObjectLayer,
|
||||
_, policy, err := globalIAMSys.GetServiceAccount(ctx, creds.AccessKey)
|
||||
if err != nil {
|
||||
replLogOnceIf(ctx,
|
||||
fmt.Errorf("Unable to heal service account %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err),
|
||||
fmt.Errorf("Unable to heal service account from peer site %s -> %s : %w", latestPeerName, peerName, err),
|
||||
fmt.Sprintf("heal-user-%s", user))
|
||||
continue
|
||||
}
|
||||
@ -5536,7 +5536,7 @@ func (c *SiteReplicationSys) healUsers(ctx context.Context, objAPI ObjectLayer,
|
||||
policyJSON, err = json.Marshal(policy)
|
||||
if err != nil {
|
||||
replLogOnceIf(ctx,
|
||||
fmt.Errorf("Unable to heal service account %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err),
|
||||
fmt.Errorf("Unable to heal service account from peer site %s -> %s : %w", latestPeerName, peerName, err),
|
||||
fmt.Sprintf("heal-user-%s", user))
|
||||
continue
|
||||
}
|
||||
@ -5561,7 +5561,7 @@ func (c *SiteReplicationSys) healUsers(ctx context.Context, objAPI ObjectLayer,
|
||||
UpdatedAt: lastUpdate,
|
||||
}); err != nil {
|
||||
replLogOnceIf(ctx,
|
||||
fmt.Errorf("Unable to heal service account %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err),
|
||||
fmt.Errorf("Unable to heal service account from peer site %s -> %s : %w", latestPeerName, peerName, err),
|
||||
fmt.Sprintf("heal-user-%s", user))
|
||||
}
|
||||
continue
|
||||
@ -5576,7 +5576,7 @@ func (c *SiteReplicationSys) healUsers(ctx context.Context, objAPI ObjectLayer,
|
||||
// be applied.
|
||||
if !errors.Is(err, errNoSuchUser) {
|
||||
replLogOnceIf(ctx,
|
||||
fmt.Errorf("Unable to heal temporary credentials %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err),
|
||||
fmt.Errorf("Unable to heal temporary credentials from peer site %s -> %s : %w", latestPeerName, peerName, err),
|
||||
fmt.Sprintf("heal-user-%s", user))
|
||||
continue
|
||||
}
|
||||
@ -5596,7 +5596,7 @@ func (c *SiteReplicationSys) healUsers(ctx context.Context, objAPI ObjectLayer,
|
||||
UpdatedAt: lastUpdate,
|
||||
}); err != nil {
|
||||
replLogOnceIf(ctx,
|
||||
fmt.Errorf("Unable to heal temporary credentials %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err),
|
||||
fmt.Errorf("Unable to heal temporary credentials from peer site %s -> %s : %w", latestPeerName, peerName, err),
|
||||
fmt.Sprintf("heal-user-%s", user))
|
||||
}
|
||||
continue
|
||||
@ -5614,7 +5614,7 @@ func (c *SiteReplicationSys) healUsers(ctx context.Context, objAPI ObjectLayer,
|
||||
UpdatedAt: lastUpdate,
|
||||
}); err != nil {
|
||||
replLogOnceIf(ctx,
|
||||
fmt.Errorf("Unable to heal user %s from peer site %s -> %s : %w", user, latestPeerName, peerName, err),
|
||||
fmt.Errorf("Unable to heal user from peer site %s -> %s : %w", latestPeerName, peerName, err),
|
||||
fmt.Sprintf("heal-user-%s", user))
|
||||
}
|
||||
}
|
||||
@ -5680,7 +5680,7 @@ func (c *SiteReplicationSys) healGroups(ctx context.Context, objAPI ObjectLayer,
|
||||
UpdatedAt: lastUpdate,
|
||||
}); err != nil {
|
||||
replLogOnceIf(ctx,
|
||||
fmt.Errorf("Unable to heal group %s from peer site %s -> site %s : %w", group, latestPeerName, peerName, err),
|
||||
fmt.Errorf("Unable to heal group from peer site %s -> site %s : %w", latestPeerName, peerName, err),
|
||||
fmt.Sprintf("heal-group-%s", group))
|
||||
}
|
||||
}
|
||||
|
@ -117,7 +117,7 @@ func (k *KeycloakProvider) LookupUser(userid string) (User, error) {
|
||||
case http.StatusUnauthorized:
|
||||
return User{}, ErrAccessTokenExpired
|
||||
}
|
||||
return User{}, fmt.Errorf("Unable to lookup %s - keycloak user lookup returned %v", userid, resp.Status)
|
||||
return User{}, fmt.Errorf("Unable to lookup - keycloak user lookup returned %v", resp.Status)
|
||||
}
|
||||
|
||||
// Option is a function type that accepts a pointer Target
|
||||
|
Loading…
Reference in New Issue
Block a user