check for quorum errors for DeleteBucket() (#16859)

2023-03-20 23:38:06 -07:00 · 2023-03-20 23:38:06 -07:00 · fb1492f531
parent d14ead7bec
commit fb1492f531
17 changed files with 55 additions and 58 deletions
--- a/cmd/admin-handlers-users.go
+++ b/cmd/admin-handlers-users.go
@ -1956,7 +1956,7 @@ func (a adminAPIHandlers) DetachPolicyBuiltin(w http.ResponseWriter, r *http.Req
 			UserOrGroup: userOrGroup,
 			UserType:    int(userType),
 			IsGroup:     isGroup,
-			Policy:      strings.Join(policiesToDetach, ","),
+			Policy:      newPolicies,
 		},
 		UpdatedAt: updatedAt,
 	}))
--- a/cmd/peer-s3-client.go
+++ b/cmd/peer-s3-client.go
@ -167,7 +167,7 @@ func (sys *S3PeerSys) GetBucketInfo(ctx context.Context, bucket string, opts Buc

 	quorum := (len(sys.allPeerClients) / 2)
 	if err = reduceReadQuorumErrs(ctx, errs, bucketOpIgnoredErrs, quorum); err != nil {
-		return BucketInfo{}, err
+		return BucketInfo{}, toObjectErr(err, bucket)
 	}

 	for i, err := range errs {
@ -266,12 +266,9 @@ func (sys *S3PeerSys) DeleteBucket(ctx context.Context, bucket string, opts Dele
 	errs := g.Wait()
 	errs = append(errs, deleteBucketLocal(ctx, bucket, opts))

-	for _, err := range errs {
-		if err != nil {
-			return err
-		}
-	}
-	return nil
+	quorum := (len(sys.allPeerClients) / 2) + 1
+	err := reduceWriteQuorumErrs(ctx, errs, bucketOpIgnoredErrs, quorum)
+	return toObjectErr(err, bucket)
 }

 // DeleteBucket deletes bucket on a peer
--- a/docs/bucket/replication/setup_replication.sh
+++ b/docs/bucket/replication/setup_replication.sh
@ -38,11 +38,11 @@ cat > repladmin-policy-source.json <<EOF
    ]
   }
 EOF
-mc admin policy add source repladmin-policy ./repladmin-policy-source.json
+mc admin policy create source repladmin-policy ./repladmin-policy-source.json
 cat ./repladmin-policy-source.json

 #assign this replication policy to repladmin
-mc admin policy set source repladmin-policy user=repladmin
+mc admin policy attach source repladmin-policy --user=repladmin

 ### on dest alias
 # Create a replication user : repluser on dest alias
@ -90,11 +90,11 @@ cat > replpolicy.json <<EOF
 ]
 }
 EOF
-mc admin policy add dest replpolicy ./replpolicy.json
+mc admin policy create dest replpolicy ./replpolicy.json
 cat ./replpolicy.json

 # assign this replication policy to repluser
-mc admin policy set dest replpolicy user=repluser
+mc admin policy attach dest replpolicy --user=repluser

 # configure replication config to remote bucket at http://localhost:9000
 mc replicate add source/bucket --priority 1 --remote-bucket http://repluser:repluser123@localhost:9000/bucket \
--- a/docs/distributed/decom-compressed-sse-s3.sh
+++ b/docs/distributed/decom-compressed-sse-s3.sh
@ -29,11 +29,11 @@ sleep 2
 ./mc admin user add myminio/ minio123 minio123
 ./mc admin user add myminio/ minio12345 minio12345

-./mc admin policy add myminio/ rw ./docs/distributed/rw.json
-./mc admin policy add myminio/ lake ./docs/distributed/rw.json
+./mc admin policy create myminio/ rw ./docs/distributed/rw.json
+./mc admin policy create myminio/ lake ./docs/distributed/rw.json

-./mc admin policy set myminio/ rw user=minio123
-./mc admin policy set myminio/ lake,rw user=minio12345
+./mc admin policy attach myminio/ rw --user=minio123
+./mc admin policy attach myminio/ lake,rw --user=minio12345

 ./mc mb -l myminio/versioned

--- a/docs/distributed/decom-encrypted-sse-s3.sh
+++ b/docs/distributed/decom-encrypted-sse-s3.sh
@ -24,11 +24,11 @@ sleep 2
 ./mc admin user add myminio/ minio123 minio123
 ./mc admin user add myminio/ minio12345 minio12345

-./mc admin policy add myminio/ rw ./docs/distributed/rw.json
-./mc admin policy add myminio/ lake ./docs/distributed/rw.json
+./mc admin policy create myminio/ rw ./docs/distributed/rw.json
+./mc admin policy create myminio/ lake ./docs/distributed/rw.json

-./mc admin policy set myminio/ rw user=minio123
-./mc admin policy set myminio/ lake,rw user=minio12345
+./mc admin policy attach myminio/ rw --user=minio123
+./mc admin policy attach myminio/ lake,rw --user=minio12345

 ./mc mb -l myminio/versioned

--- a/docs/distributed/decom-encrypted.sh
+++ b/docs/distributed/decom-encrypted.sh
@ -26,11 +26,11 @@ export MC_HOST_myminio="http://minioadmin:minioadmin@localhost:9000/"
 ./mc admin user add myminio/ minio123 minio123
 ./mc admin user add myminio/ minio12345 minio12345

-./mc admin policy add myminio/ rw ./docs/distributed/rw.json
-./mc admin policy add myminio/ lake ./docs/distributed/rw.json
+./mc admin policy create myminio/ rw ./docs/distributed/rw.json
+./mc admin policy create myminio/ lake ./docs/distributed/rw.json

-./mc admin policy set myminio/ rw user=minio123
-./mc admin policy set myminio/ lake,rw user=minio12345
+./mc admin policy attach myminio/ rw --user=minio123
+./mc admin policy attach myminio/ lake,rw --user=minio12345

 ./mc mb -l myminio/versioned

--- a/docs/distributed/decom.sh
+++ b/docs/distributed/decom.sh
@ -25,11 +25,11 @@ export MC_HOST_myminio="http://minioadmin:minioadmin@localhost:9000/"
 ./mc admin user add myminio/ minio123 minio123
 ./mc admin user add myminio/ minio12345 minio12345

-./mc admin policy add myminio/ rw ./docs/distributed/rw.json
-./mc admin policy add myminio/ lake ./docs/distributed/rw.json
+./mc admin policy create myminio/ rw ./docs/distributed/rw.json
+./mc admin policy create myminio/ lake ./docs/distributed/rw.json

-./mc admin policy set myminio/ rw user=minio123
-./mc admin policy set myminio/ lake,rw user=minio12345
+./mc admin policy attach myminio/ rw --user=minio123
+./mc admin policy attach myminio/ lake,rw --user=minio12345

 ./mc mb -l myminio/versioned

--- a/docs/multi-user/README.md
+++ b/docs/multi-user/README.md
@ -41,7 +41,7 @@ EOF
 Create new canned policy by name `getonly` using `getonly.json` policy file.

 ```
-mc admin policy add myminio getonly getonly.json
+mc admin policy create myminio getonly getonly.json
 ```

 Create a new user `newuser` on MinIO use `mc admin user`.
@ -53,7 +53,7 @@ mc admin user add myminio newuser newuser123
 Once the user is successfully created you can now apply the `getonly` policy for this user.

 ```
-mc admin policy set myminio getonly user=newuser
+mc admin policy attach myminio getonly --user=newuser
 ```

 ### 3. Create a new group
@ -65,7 +65,7 @@ mc admin group add myminio newgroup newuser
 Once the group is successfully created you can now apply the `getonly` policy for this group.

 ```
-mc admin policy set myminio getonly group=newgroup
+mc admin policy attach myminio getonly --group=newgroup
 ```

 ### 4. Disable user
@ -107,13 +107,13 @@ mc admin group remove myminio newgroup
 Change the policy for user `newuser` to `putonly` canned policy.

 ```
-mc admin policy set myminio putonly user=newuser
+mc admin policy attach myminio putonly --user=newuser
 ```

 Change the policy for group `newgroup` to `putonly` canned policy.

 ```
-mc admin policy set myminio putonly group=newgroup
+mc admin policy attach myminio putonly --group=newgroup
 ```

 ### 7. List all users or groups
--- a/docs/multi-user/admin/README.md
+++ b/docs/multi-user/admin/README.md
@ -50,7 +50,7 @@ EOF
 Create new canned policy by name `userManager` using `userManager.json` policy file.

 ```
-mc admin policy add myminio userManager adminManageUser.json
+mc admin policy attach myminio userManager adminManageUser.json
 ```

 Create a new admin user `admin1` on MinIO use `mc admin user`.
@ -62,7 +62,7 @@ mc admin user add myminio admin1 admin123
 Once the user is successfully created you can now apply the `userManage` policy for this user.

 ```
-mc admin policy set myminio userManager user=admin1
+mc admin policy attach myminio userManager --user=admin1
 ```

 This admin user will then be allowed to perform create/delete user operations via `mc admin user`
@ -73,8 +73,8 @@ This admin user will then be allowed to perform create/delete user operations vi
 mc alias set myminio-admin1 http://localhost:9000 admin1 admin123 --api s3v4

 mc admin user add myminio-admin1 user1 user123
-mc admin policy add myminio-admin1 user1policy ~/user1policy.json
-mc admin policy set myminio-admin1 user1policy user=user1
+mc admin policy attach myminio-admin1 user1policy ~/user1policy.json
+mc admin policy attach myminio-admin1 user1policy --user=user1
 ```

 ### 4. List of permissions defined for admin operations
--- a/docs/site-replication/run-multi-site-ldap.sh
+++ b/docs/site-replication/run-multi-site-ldap.sh
@ -64,12 +64,12 @@ export MC_HOST_minio3=http://minio:minio123@localhost:9003

 ./mc admin replicate add minio1 minio2 minio3

-./mc admin policy set minio1 consoleAdmin user="uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
+./mc admin policy attach minio1 consoleAdmin --user="uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
 sleep 5

 ./mc admin user info minio2 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
 ./mc admin user info minio3 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
-./mc admin policy add minio1 rw ./docs/site-replication/rw.json
+./mc admin policy create minio1 rw ./docs/site-replication/rw.json

 sleep 5
 ./mc admin policy info minio2 rw >/dev/null 2>&1
--- a/docs/site-replication/run-multi-site-minio-idp.sh
+++ b/docs/site-replication/run-multi-site-minio-idp.sh
@ -61,14 +61,14 @@ export MC_HOST_minio3=http://minio:minio123@localhost:9003
 ## add foobar-g group with foobar
 ./mc admin group add minio2 foobar-g foobar

-./mc admin policy set minio1 consoleAdmin user=foobar
+./mc admin policy attach minio1 consoleAdmin --user=foobar
 sleep 5

 ./mc admin user info minio2 foobar

 ./mc admin group info minio1 foobar-g

-./mc admin policy add minio1 rw ./docs/site-replication/rw.json
+./mc admin policy create minio1 rw ./docs/site-replication/rw.json

 sleep 5
 ./mc admin policy info minio2 rw >/dev/null 2>&1
@ -299,7 +299,7 @@ if [ $? -ne 0 ]; then
    echo "adding user failed, exiting.."
    exit_1;
 fi
-./mc admin policy set minio1 consoleAdmin user=foobarx
+./mc admin policy attach minio1 consoleAdmin --user=foobarx
 if [ $? -ne 0 ]; then
    echo "adding policy mapping failed, exiting.."
    exit_1;
@ -307,7 +307,7 @@ fi
 sleep 10

 # unset policy for foobarx in minio2
-./mc admin policy unset minio2 consoleAdmin user=foobarx
+./mc admin policy detach minio2 consoleAdmin --user=foobarx
 if [ $? -ne 0 ]; then
    echo "unset policy mapping failed, exiting.."
    exit_1;
@ -318,10 +318,10 @@ fi

 sleep 10

-# Test whether policy unset replicated to minio1
+# Test whether policy detach replicated to minio1
 policy=$(./mc admin user info minio1 foobarx --json | jq -r .policyName)
 if [ "${policy}" != "null" ]; then
-    echo "expected policy unset to have replicated, exiting..."
+    echo "expected policy detach to have replicated, exiting..."
    exit_1;
 fi

--- a/docs/site-replication/run-multi-site-oidc.sh
+++ b/docs/site-replication/run-multi-site-oidc.sh
@ -65,7 +65,7 @@ export MC_HOST_minio3=http://minio:minio123@localhost:9003

 ./mc admin replicate add minio1 minio2 minio3

-./mc admin policy add minio1 projecta ./docs/site-replication/rw.json
+./mc admin policy create minio1 projecta ./docs/site-replication/rw.json
 sleep 5

 ./mc admin policy info minio2 projecta >/dev/null 2>&1
@ -94,7 +94,7 @@ if [ $? -eq 0 ]; then
    exit_1;
 fi

-./mc admin policy add minio1 projecta ./docs/site-replication/rw.json
+./mc admin policy create minio1 projecta ./docs/site-replication/rw.json
 sleep 5

 # Generate STS credential with STS call to minio1
--- a/docs/sts/dex.md
+++ b/docs/sts/dex.md
@ -39,7 +39,7 @@ time="2020-07-12T20:45:50Z" level=info msg="listening (http) on 0.0.0.0:5556"
 ```

 ```
-~ mc admin policy add admin allaccess.json
+~ mc admin policy create admin allaccess.json
 ```

 Contents of `allaccess.json`
@ -95,7 +95,7 @@ Now you have successfully configured Dex IdP with MinIO.
 export MINIO_IDENTITY_OPENID_CLAIM_NAME=groups
 ```

-and add relevant policies on MinIO using `mc admin policy add myminio/ <group_name> group-access.json`
+and add relevant policies on MinIO using `mc admin policy create myminio/ <group_name> group-access.json`

 ## Explore Further

--- a/docs/sts/ldap.md
+++ b/docs/sts/ldap.md
@ -153,7 +153,7 @@ In the configuration variables, `%s` is substituted with the _username_ from the
 Access policies may be associated by their name with a group or user directly. Access policies are first defined on the MinIO server using IAM policy JSON syntax. To define a new policy, you can use the [AWS policy generator](https://awspolicygen.s3.amazonaws.com/policygen.html). Copy the policy into a text file `mypolicy.json` and issue the command like so:

 ```sh
-mc admin policy add myminio mypolicy mypolicy.json
+mc admin policy create myminio mypolicy mypolicy.json
 ```

 To associate the policy with an LDAP user or group, use the full DN of the user or group:
@ -163,7 +163,7 @@ mc admin idp ldap policy attach myminio mypolicy --user='uid=james,cn=accounts,d
 ```

 ```sh
-mc admin idp ldap policy attach myminio mypolicy --group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
+mc admin idp ldap policy attach myminio mypolicy ----group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
 ```

 To remove a policy association, use the similar `detach` command:
@ -173,7 +173,7 @@ mc admin idp ldap policy detach myminio mypolicy --user='uid=james,cn=accounts,d
 ```

 ```sh
-mc admin idp ldap policy detach myminio mypolicy --group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
+mc admin idp ldap policy detach myminio mypolicy ----group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
 ```


@ -184,12 +184,12 @@ Note that the commands above attempt to validate if the given entity (user or gr
 Please **do not use** these as they may be removed or their behavior may change.

 ```sh
-mc admin policy set myminio mypolicy user='uid=james,cn=accounts,dc=myldapserver,dc=com'
+mc admin policy attach myminio mypolicy --user='uid=james,cn=accounts,dc=myldapserver,dc=com'
 ```


 ```sh
-mc admin policy set myminio mypolicy group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
+mc admin policy attach myminio mypolicy --group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
 ```

 </details>
--- a/helm/minio/templates/_helper_create_policy.txt
+++ b/helm/minio/templates/_helper_create_policy.txt
@ -55,7 +55,7 @@ createPolicy () {
  else
    echo "Policy '$NAME' already exists."
  fi
-  ${MC} admin policy add myminio $NAME /config/$FILENAME.json
+  ${MC} admin policy create myminio $NAME /config/$FILENAME.json

 }

@ -72,4 +72,4 @@ connectToMinio $scheme
 {{- range $idx, $policy := .Values.policies }}
 createPolicy {{ $policy.name }} policy_{{ $idx }}
 {{- end }}
-{{- end }}
+{{- end }}
--- a/helm/minio/templates/_helper_create_user.txt
+++ b/helm/minio/templates/_helper_create_user.txt
@ -73,7 +73,7 @@ createUser() {
  # set policy for user
  if [ ! -z $POLICY -a $POLICY != " " ] ; then
      echo "Adding policy '$POLICY' for '$USER'"
-      ${MC} admin policy set myminio $POLICY user=$USER
+      ${MC} admin policy attach myminio $POLICY --user=$USER
  else
      echo "User '$USER' has no policy attached."
  fi
--- a/helm/minio/values.yaml
+++ b/helm/minio/values.yaml
@ -433,7 +433,7 @@ makeBucketJob:
 ## List of command to run after minio install
 ## NOTE: the mc command TARGET is always "myminio"
 customCommands:
-  # - command: "admin policy set myminio consoleAdmin group='cn=ops,cn=groups,dc=example,dc=com'"
+  # - command: "admin policy attach myminio consoleAdmin --group='cn=ops,cn=groups,dc=example,dc=com'"

 ## Additional Annotations for the Kubernetes Job customCommandJob
 customCommandJob: