mirror of
https://github.com/minio/minio.git
synced 2024-12-25 22:55:54 -05:00
1bc32215b9
enable linter using golangci-lint across codebase to run a bunch of linters together, we shall enable new linters as we fix more things the codebase. This PR fixes the first stage of this cleanup.
155 lines
5.0 KiB
Go
155 lines
5.0 KiB
Go
/*
|
|
* MinIO Cloud Storage, (C) 2018 MinIO, Inc.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
package cmd
|
|
|
|
import (
|
|
"context"
|
|
"encoding/xml"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
xhttp "github.com/minio/minio/cmd/http"
|
|
"github.com/minio/minio/cmd/logger"
|
|
)
|
|
|
|
// writeSTSErrorRespone writes error headers
|
|
func writeSTSErrorResponse(ctx context.Context, w http.ResponseWriter, errCode STSErrorCode, errCtxt error) {
|
|
err := stsErrCodes.ToSTSErr(errCode)
|
|
if err.Code == "InternalError" {
|
|
aerr := getAPIError(APIErrorCode(errCode))
|
|
if aerr.Code != "InternalError" {
|
|
err.Code = aerr.Code
|
|
err.Description = aerr.Description
|
|
err.HTTPStatusCode = aerr.HTTPStatusCode
|
|
}
|
|
}
|
|
// Generate error response.
|
|
stsErrorResponse := STSErrorResponse{}
|
|
stsErrorResponse.Error.Code = err.Code
|
|
stsErrorResponse.RequestID = w.Header().Get(xhttp.AmzRequestID)
|
|
stsErrorResponse.Error.Message = err.Description
|
|
if errCtxt != nil {
|
|
stsErrorResponse.Error.Message = fmt.Sprintf("%v", errCtxt)
|
|
}
|
|
var logKind logger.Kind
|
|
switch errCode {
|
|
case ErrSTSInternalError, ErrSTSNotInitialized:
|
|
logKind = logger.Minio
|
|
default:
|
|
logKind = logger.All
|
|
}
|
|
logger.LogIf(ctx, errCtxt, logKind)
|
|
encodedErrorResponse := encodeResponse(stsErrorResponse)
|
|
writeResponse(w, err.HTTPStatusCode, encodedErrorResponse, mimeXML)
|
|
}
|
|
|
|
// STSError structure
|
|
type STSError struct {
|
|
Code string
|
|
Description string
|
|
HTTPStatusCode int
|
|
}
|
|
|
|
// STSErrorResponse - error response format
|
|
type STSErrorResponse struct {
|
|
XMLName xml.Name `xml:"https://sts.amazonaws.com/doc/2011-06-15/ ErrorResponse" json:"-"`
|
|
Error struct {
|
|
Type string `xml:"Type"`
|
|
Code string `xml:"Code"`
|
|
Message string `xml:"Message"`
|
|
} `xml:"Error"`
|
|
RequestID string `xml:"RequestId"`
|
|
}
|
|
|
|
// STSErrorCode type of error status.
|
|
type STSErrorCode int
|
|
|
|
// Error codes, non exhaustive list - http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html
|
|
const (
|
|
ErrSTSNone STSErrorCode = iota
|
|
ErrSTSInvalidService
|
|
ErrSTSAccessDenied
|
|
ErrSTSMissingParameter
|
|
ErrSTSInvalidParameterValue
|
|
ErrSTSWebIdentityExpiredToken
|
|
ErrSTSClientGrantsExpiredToken
|
|
ErrSTSInvalidClientGrantsToken
|
|
ErrSTSMalformedPolicyDocument
|
|
ErrSTSNotInitialized
|
|
ErrSTSInternalError
|
|
)
|
|
|
|
type stsErrorCodeMap map[STSErrorCode]STSError
|
|
|
|
func (e stsErrorCodeMap) ToSTSErr(errCode STSErrorCode) STSError {
|
|
apiErr, ok := e[errCode]
|
|
if !ok {
|
|
return e[ErrSTSInternalError]
|
|
}
|
|
return apiErr
|
|
}
|
|
|
|
// error code to STSError structure, these fields carry respective
|
|
// descriptions for all the error responses.
|
|
var stsErrCodes = stsErrorCodeMap{
|
|
ErrSTSAccessDenied: {
|
|
Code: "AccessDenied",
|
|
Description: "Generating temporary credentials not allowed for this request.",
|
|
HTTPStatusCode: http.StatusForbidden,
|
|
},
|
|
ErrSTSMissingParameter: {
|
|
Code: "MissingParameter",
|
|
Description: "A required parameter for the specified action is not supplied.",
|
|
HTTPStatusCode: http.StatusBadRequest,
|
|
},
|
|
ErrSTSInvalidParameterValue: {
|
|
Code: "InvalidParameterValue",
|
|
Description: "An invalid or out-of-range value was supplied for the input parameter.",
|
|
HTTPStatusCode: http.StatusBadRequest,
|
|
},
|
|
ErrSTSWebIdentityExpiredToken: {
|
|
Code: "ExpiredToken",
|
|
Description: "The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request.",
|
|
HTTPStatusCode: http.StatusBadRequest,
|
|
},
|
|
ErrSTSClientGrantsExpiredToken: {
|
|
Code: "ExpiredToken",
|
|
Description: "The client grants that was passed is expired or is not valid. Get a new client grants token from the identity provider and then retry the request.",
|
|
HTTPStatusCode: http.StatusBadRequest,
|
|
},
|
|
ErrSTSInvalidClientGrantsToken: {
|
|
Code: "InvalidClientGrantsToken",
|
|
Description: "The client grants token that was passed could not be validated by MinIO.",
|
|
HTTPStatusCode: http.StatusBadRequest,
|
|
},
|
|
ErrSTSMalformedPolicyDocument: {
|
|
Code: "MalformedPolicyDocument",
|
|
Description: "The request was rejected because the policy document was malformed.",
|
|
HTTPStatusCode: http.StatusBadRequest,
|
|
},
|
|
ErrSTSNotInitialized: {
|
|
Code: "STSNotInitialized",
|
|
Description: "STS API not initialized, please try again.",
|
|
HTTPStatusCode: http.StatusServiceUnavailable,
|
|
},
|
|
ErrSTSInternalError: {
|
|
Code: "InternalError",
|
|
Description: "We encountered an internal error generating credentials, please try again.",
|
|
HTTPStatusCode: http.StatusInternalServerError,
|
|
},
|
|
}
|