check for quorum errors for DeleteBucket() (#16859)

This commit is contained in:
Harshavardhana 2023-03-20 23:38:06 -07:00 committed by GitHub
parent d14ead7bec
commit fb1492f531
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 55 additions and 58 deletions

View File

@ -1956,7 +1956,7 @@ func (a adminAPIHandlers) DetachPolicyBuiltin(w http.ResponseWriter, r *http.Req
UserOrGroup: userOrGroup,
UserType: int(userType),
IsGroup: isGroup,
Policy: strings.Join(policiesToDetach, ","),
Policy: newPolicies,
},
UpdatedAt: updatedAt,
}))

View File

@ -167,7 +167,7 @@ func (sys *S3PeerSys) GetBucketInfo(ctx context.Context, bucket string, opts Buc
quorum := (len(sys.allPeerClients) / 2)
if err = reduceReadQuorumErrs(ctx, errs, bucketOpIgnoredErrs, quorum); err != nil {
return BucketInfo{}, err
return BucketInfo{}, toObjectErr(err, bucket)
}
for i, err := range errs {
@ -266,12 +266,9 @@ func (sys *S3PeerSys) DeleteBucket(ctx context.Context, bucket string, opts Dele
errs := g.Wait()
errs = append(errs, deleteBucketLocal(ctx, bucket, opts))
for _, err := range errs {
if err != nil {
return err
}
}
return nil
quorum := (len(sys.allPeerClients) / 2) + 1
err := reduceWriteQuorumErrs(ctx, errs, bucketOpIgnoredErrs, quorum)
return toObjectErr(err, bucket)
}
// DeleteBucket deletes bucket on a peer

View File

@ -38,11 +38,11 @@ cat > repladmin-policy-source.json <<EOF
]
}
EOF
mc admin policy add source repladmin-policy ./repladmin-policy-source.json
mc admin policy create source repladmin-policy ./repladmin-policy-source.json
cat ./repladmin-policy-source.json
#assign this replication policy to repladmin
mc admin policy set source repladmin-policy user=repladmin
mc admin policy attach source repladmin-policy --user=repladmin
### on dest alias
# Create a replication user : repluser on dest alias
@ -90,11 +90,11 @@ cat > replpolicy.json <<EOF
]
}
EOF
mc admin policy add dest replpolicy ./replpolicy.json
mc admin policy create dest replpolicy ./replpolicy.json
cat ./replpolicy.json
# assign this replication policy to repluser
mc admin policy set dest replpolicy user=repluser
mc admin policy attach dest replpolicy --user=repluser
# configure replication config to remote bucket at http://localhost:9000
mc replicate add source/bucket --priority 1 --remote-bucket http://repluser:repluser123@localhost:9000/bucket \

View File

@ -29,11 +29,11 @@ sleep 2
./mc admin user add myminio/ minio123 minio123
./mc admin user add myminio/ minio12345 minio12345
./mc admin policy add myminio/ rw ./docs/distributed/rw.json
./mc admin policy add myminio/ lake ./docs/distributed/rw.json
./mc admin policy create myminio/ rw ./docs/distributed/rw.json
./mc admin policy create myminio/ lake ./docs/distributed/rw.json
./mc admin policy set myminio/ rw user=minio123
./mc admin policy set myminio/ lake,rw user=minio12345
./mc admin policy attach myminio/ rw --user=minio123
./mc admin policy attach myminio/ lake,rw --user=minio12345
./mc mb -l myminio/versioned

View File

@ -24,11 +24,11 @@ sleep 2
./mc admin user add myminio/ minio123 minio123
./mc admin user add myminio/ minio12345 minio12345
./mc admin policy add myminio/ rw ./docs/distributed/rw.json
./mc admin policy add myminio/ lake ./docs/distributed/rw.json
./mc admin policy create myminio/ rw ./docs/distributed/rw.json
./mc admin policy create myminio/ lake ./docs/distributed/rw.json
./mc admin policy set myminio/ rw user=minio123
./mc admin policy set myminio/ lake,rw user=minio12345
./mc admin policy attach myminio/ rw --user=minio123
./mc admin policy attach myminio/ lake,rw --user=minio12345
./mc mb -l myminio/versioned

View File

@ -26,11 +26,11 @@ export MC_HOST_myminio="http://minioadmin:minioadmin@localhost:9000/"
./mc admin user add myminio/ minio123 minio123
./mc admin user add myminio/ minio12345 minio12345
./mc admin policy add myminio/ rw ./docs/distributed/rw.json
./mc admin policy add myminio/ lake ./docs/distributed/rw.json
./mc admin policy create myminio/ rw ./docs/distributed/rw.json
./mc admin policy create myminio/ lake ./docs/distributed/rw.json
./mc admin policy set myminio/ rw user=minio123
./mc admin policy set myminio/ lake,rw user=minio12345
./mc admin policy attach myminio/ rw --user=minio123
./mc admin policy attach myminio/ lake,rw --user=minio12345
./mc mb -l myminio/versioned

View File

@ -25,11 +25,11 @@ export MC_HOST_myminio="http://minioadmin:minioadmin@localhost:9000/"
./mc admin user add myminio/ minio123 minio123
./mc admin user add myminio/ minio12345 minio12345
./mc admin policy add myminio/ rw ./docs/distributed/rw.json
./mc admin policy add myminio/ lake ./docs/distributed/rw.json
./mc admin policy create myminio/ rw ./docs/distributed/rw.json
./mc admin policy create myminio/ lake ./docs/distributed/rw.json
./mc admin policy set myminio/ rw user=minio123
./mc admin policy set myminio/ lake,rw user=minio12345
./mc admin policy attach myminio/ rw --user=minio123
./mc admin policy attach myminio/ lake,rw --user=minio12345
./mc mb -l myminio/versioned

View File

@ -41,7 +41,7 @@ EOF
Create new canned policy by name `getonly` using `getonly.json` policy file.
```
mc admin policy add myminio getonly getonly.json
mc admin policy create myminio getonly getonly.json
```
Create a new user `newuser` on MinIO use `mc admin user`.
@ -53,7 +53,7 @@ mc admin user add myminio newuser newuser123
Once the user is successfully created you can now apply the `getonly` policy for this user.
```
mc admin policy set myminio getonly user=newuser
mc admin policy attach myminio getonly --user=newuser
```
### 3. Create a new group
@ -65,7 +65,7 @@ mc admin group add myminio newgroup newuser
Once the group is successfully created you can now apply the `getonly` policy for this group.
```
mc admin policy set myminio getonly group=newgroup
mc admin policy attach myminio getonly --group=newgroup
```
### 4. Disable user
@ -107,13 +107,13 @@ mc admin group remove myminio newgroup
Change the policy for user `newuser` to `putonly` canned policy.
```
mc admin policy set myminio putonly user=newuser
mc admin policy attach myminio putonly --user=newuser
```
Change the policy for group `newgroup` to `putonly` canned policy.
```
mc admin policy set myminio putonly group=newgroup
mc admin policy attach myminio putonly --group=newgroup
```
### 7. List all users or groups

View File

@ -50,7 +50,7 @@ EOF
Create new canned policy by name `userManager` using `userManager.json` policy file.
```
mc admin policy add myminio userManager adminManageUser.json
mc admin policy attach myminio userManager adminManageUser.json
```
Create a new admin user `admin1` on MinIO use `mc admin user`.
@ -62,7 +62,7 @@ mc admin user add myminio admin1 admin123
Once the user is successfully created you can now apply the `userManage` policy for this user.
```
mc admin policy set myminio userManager user=admin1
mc admin policy attach myminio userManager --user=admin1
```
This admin user will then be allowed to perform create/delete user operations via `mc admin user`
@ -73,8 +73,8 @@ This admin user will then be allowed to perform create/delete user operations vi
mc alias set myminio-admin1 http://localhost:9000 admin1 admin123 --api s3v4
mc admin user add myminio-admin1 user1 user123
mc admin policy add myminio-admin1 user1policy ~/user1policy.json
mc admin policy set myminio-admin1 user1policy user=user1
mc admin policy attach myminio-admin1 user1policy ~/user1policy.json
mc admin policy attach myminio-admin1 user1policy --user=user1
```
### 4. List of permissions defined for admin operations

View File

@ -64,12 +64,12 @@ export MC_HOST_minio3=http://minio:minio123@localhost:9003
./mc admin replicate add minio1 minio2 minio3
./mc admin policy set minio1 consoleAdmin user="uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
./mc admin policy attach minio1 consoleAdmin --user="uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
sleep 5
./mc admin user info minio2 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
./mc admin user info minio3 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
./mc admin policy add minio1 rw ./docs/site-replication/rw.json
./mc admin policy create minio1 rw ./docs/site-replication/rw.json
sleep 5
./mc admin policy info minio2 rw >/dev/null 2>&1

View File

@ -61,14 +61,14 @@ export MC_HOST_minio3=http://minio:minio123@localhost:9003
## add foobar-g group with foobar
./mc admin group add minio2 foobar-g foobar
./mc admin policy set minio1 consoleAdmin user=foobar
./mc admin policy attach minio1 consoleAdmin --user=foobar
sleep 5
./mc admin user info minio2 foobar
./mc admin group info minio1 foobar-g
./mc admin policy add minio1 rw ./docs/site-replication/rw.json
./mc admin policy create minio1 rw ./docs/site-replication/rw.json
sleep 5
./mc admin policy info minio2 rw >/dev/null 2>&1
@ -299,7 +299,7 @@ if [ $? -ne 0 ]; then
echo "adding user failed, exiting.."
exit_1;
fi
./mc admin policy set minio1 consoleAdmin user=foobarx
./mc admin policy attach minio1 consoleAdmin --user=foobarx
if [ $? -ne 0 ]; then
echo "adding policy mapping failed, exiting.."
exit_1;
@ -307,7 +307,7 @@ fi
sleep 10
# unset policy for foobarx in minio2
./mc admin policy unset minio2 consoleAdmin user=foobarx
./mc admin policy detach minio2 consoleAdmin --user=foobarx
if [ $? -ne 0 ]; then
echo "unset policy mapping failed, exiting.."
exit_1;
@ -318,10 +318,10 @@ fi
sleep 10
# Test whether policy unset replicated to minio1
# Test whether policy detach replicated to minio1
policy=$(./mc admin user info minio1 foobarx --json | jq -r .policyName)
if [ "${policy}" != "null" ]; then
echo "expected policy unset to have replicated, exiting..."
echo "expected policy detach to have replicated, exiting..."
exit_1;
fi

View File

@ -65,7 +65,7 @@ export MC_HOST_minio3=http://minio:minio123@localhost:9003
./mc admin replicate add minio1 minio2 minio3
./mc admin policy add minio1 projecta ./docs/site-replication/rw.json
./mc admin policy create minio1 projecta ./docs/site-replication/rw.json
sleep 5
./mc admin policy info minio2 projecta >/dev/null 2>&1
@ -94,7 +94,7 @@ if [ $? -eq 0 ]; then
exit_1;
fi
./mc admin policy add minio1 projecta ./docs/site-replication/rw.json
./mc admin policy create minio1 projecta ./docs/site-replication/rw.json
sleep 5
# Generate STS credential with STS call to minio1

View File

@ -39,7 +39,7 @@ time="2020-07-12T20:45:50Z" level=info msg="listening (http) on 0.0.0.0:5556"
```
```
~ mc admin policy add admin allaccess.json
~ mc admin policy create admin allaccess.json
```
Contents of `allaccess.json`
@ -95,7 +95,7 @@ Now you have successfully configured Dex IdP with MinIO.
export MINIO_IDENTITY_OPENID_CLAIM_NAME=groups
```
and add relevant policies on MinIO using `mc admin policy add myminio/ <group_name> group-access.json`
and add relevant policies on MinIO using `mc admin policy create myminio/ <group_name> group-access.json`
## Explore Further

View File

@ -153,7 +153,7 @@ In the configuration variables, `%s` is substituted with the _username_ from the
Access policies may be associated by their name with a group or user directly. Access policies are first defined on the MinIO server using IAM policy JSON syntax. To define a new policy, you can use the [AWS policy generator](https://awspolicygen.s3.amazonaws.com/policygen.html). Copy the policy into a text file `mypolicy.json` and issue the command like so:
```sh
mc admin policy add myminio mypolicy mypolicy.json
mc admin policy create myminio mypolicy mypolicy.json
```
To associate the policy with an LDAP user or group, use the full DN of the user or group:
@ -163,7 +163,7 @@ mc admin idp ldap policy attach myminio mypolicy --user='uid=james,cn=accounts,d
```
```sh
mc admin idp ldap policy attach myminio mypolicy --group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
mc admin idp ldap policy attach myminio mypolicy ----group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
```
To remove a policy association, use the similar `detach` command:
@ -173,7 +173,7 @@ mc admin idp ldap policy detach myminio mypolicy --user='uid=james,cn=accounts,d
```
```sh
mc admin idp ldap policy detach myminio mypolicy --group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
mc admin idp ldap policy detach myminio mypolicy ----group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
```
@ -184,12 +184,12 @@ Note that the commands above attempt to validate if the given entity (user or gr
Please **do not use** these as they may be removed or their behavior may change.
```sh
mc admin policy set myminio mypolicy user='uid=james,cn=accounts,dc=myldapserver,dc=com'
mc admin policy attach myminio mypolicy --user='uid=james,cn=accounts,dc=myldapserver,dc=com'
```
```sh
mc admin policy set myminio mypolicy group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
mc admin policy attach myminio mypolicy --group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
```
</details>

View File

@ -55,7 +55,7 @@ createPolicy () {
else
echo "Policy '$NAME' already exists."
fi
${MC} admin policy add myminio $NAME /config/$FILENAME.json
${MC} admin policy create myminio $NAME /config/$FILENAME.json
}

View File

@ -73,7 +73,7 @@ createUser() {
# set policy for user
if [ ! -z $POLICY -a $POLICY != " " ] ; then
echo "Adding policy '$POLICY' for '$USER'"
${MC} admin policy set myminio $POLICY user=$USER
${MC} admin policy attach myminio $POLICY --user=$USER
else
echo "User '$USER' has no policy attached."
fi

View File

@ -433,7 +433,7 @@ makeBucketJob:
## List of command to run after minio install
## NOTE: the mc command TARGET is always "myminio"
customCommands:
# - command: "admin policy set myminio consoleAdmin group='cn=ops,cn=groups,dc=example,dc=com'"
# - command: "admin policy attach myminio consoleAdmin --group='cn=ops,cn=groups,dc=example,dc=com'"
## Additional Annotations for the Kubernetes Job customCommandJob
customCommandJob: