Initial commit based on https://github.com/minio/minio/releases/tag/RELEASE.2020-07-02T00-15-09Z

2020-07-03 15:03:06 +03:00 · 2020-07-03 15:03:06 +03:00 · 9bf57615b0
commit 9bf57615b0
1206 changed files with 281445 additions and 0 deletions
--- a/cmd/sts-errors.go
+++ b/cmd/sts-errors.go
@ -0,0 +1,156 @@
+/*
+ * MinIO Cloud Storage, (C) 2018 MinIO, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cmd
+
+import (
+	"context"
+	"encoding/xml"
+	"fmt"
+	"net/http"
+
+	xhttp "github.com/minio/minio/cmd/http"
+	"github.com/minio/minio/cmd/logger"
+)
+
+// writeSTSErrorRespone writes error headers
+func writeSTSErrorResponse(ctx context.Context, w http.ResponseWriter, isErrCodeSTS bool, errCode STSErrorCode, errCtxt error) {
+	var err STSError
+	if isErrCodeSTS {
+		err = stsErrCodes.ToSTSErr(errCode)
+	}
+	if err.Code == "InternalError" || !isErrCodeSTS {
+		aerr := getAPIError(APIErrorCode(errCode))
+		if aerr.Code != "InternalError" {
+			err.Code = aerr.Code
+			err.Description = aerr.Description
+			err.HTTPStatusCode = aerr.HTTPStatusCode
+		}
+	}
+	// Generate error response.
+	stsErrorResponse := STSErrorResponse{}
+	stsErrorResponse.Error.Code = err.Code
+	stsErrorResponse.RequestID = w.Header().Get(xhttp.AmzRequestID)
+	stsErrorResponse.Error.Message = err.Description
+	if errCtxt != nil {
+		stsErrorResponse.Error.Message = fmt.Sprintf("%v", errCtxt)
+	}
+	var logKind logger.Kind
+	switch errCode {
+	case ErrSTSInternalError, ErrSTSNotInitialized:
+		logKind = logger.Minio
+	default:
+		logKind = logger.All
+	}
+	logger.LogIf(ctx, errCtxt, logKind)
+	encodedErrorResponse := encodeResponse(stsErrorResponse)
+	writeResponse(w, err.HTTPStatusCode, encodedErrorResponse, mimeXML)
+}
+
+// STSError structure
+type STSError struct {
+	Code           string
+	Description    string
+	HTTPStatusCode int
+}
+
+// STSErrorResponse - error response format
+type STSErrorResponse struct {
+	XMLName xml.Name `xml:"https://sts.amazonaws.com/doc/2011-06-15/ ErrorResponse" json:"-"`
+	Error   struct {
+		Type    string `xml:"Type"`
+		Code    string `xml:"Code"`
+		Message string `xml:"Message"`
+	} `xml:"Error"`
+	RequestID string `xml:"RequestId"`
+}
+
+// STSErrorCode type of error status.
+type STSErrorCode int
+
+// Error codes, non exhaustive list - http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html
+const (
+	ErrSTSNone STSErrorCode = iota
+	ErrSTSAccessDenied
+	ErrSTSMissingParameter
+	ErrSTSInvalidParameterValue
+	ErrSTSWebIdentityExpiredToken
+	ErrSTSClientGrantsExpiredToken
+	ErrSTSInvalidClientGrantsToken
+	ErrSTSMalformedPolicyDocument
+	ErrSTSNotInitialized
+	ErrSTSInternalError
+)
+
+type stsErrorCodeMap map[STSErrorCode]STSError
+
+func (e stsErrorCodeMap) ToSTSErr(errCode STSErrorCode) STSError {
+	apiErr, ok := e[errCode]
+	if !ok {
+		return e[ErrSTSInternalError]
+	}
+	return apiErr
+}
+
+// error code to STSError structure, these fields carry respective
+// descriptions for all the error responses.
+var stsErrCodes = stsErrorCodeMap{
+	ErrSTSAccessDenied: {
+		Code:           "AccessDenied",
+		Description:    "Generating temporary credentials not allowed for this request.",
+		HTTPStatusCode: http.StatusForbidden,
+	},
+	ErrSTSMissingParameter: {
+		Code:           "MissingParameter",
+		Description:    "A required parameter for the specified action is not supplied.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrSTSInvalidParameterValue: {
+		Code:           "InvalidParameterValue",
+		Description:    "An invalid or out-of-range value was supplied for the input parameter.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrSTSWebIdentityExpiredToken: {
+		Code:           "ExpiredToken",
+		Description:    "The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrSTSClientGrantsExpiredToken: {
+		Code:           "ExpiredToken",
+		Description:    "The client grants that was passed is expired or is not valid. Get a new client grants token from the identity provider and then retry the request.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrSTSInvalidClientGrantsToken: {
+		Code:           "InvalidClientGrantsToken",
+		Description:    "The client grants token that was passed could not be validated by MinIO.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrSTSMalformedPolicyDocument: {
+		Code:           "MalformedPolicyDocument",
+		Description:    "The request was rejected because the policy document was malformed.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrSTSNotInitialized: {
+		Code:           "STSNotInitialized",
+		Description:    "STS API not initialized, please try again.",
+		HTTPStatusCode: http.StatusServiceUnavailable,
+	},
+	ErrSTSInternalError: {
+		Code:           "InternalError",
+		Description:    "We encountered an internal error generating credentials, please try again.",
+		HTTPStatusCode: http.StatusInternalServerError,
+	},
+}