accessKeyId missing should return appropriate error in AssumeRole (#9048)

For a non-existent user server would return STS not initialized ``` aws --profile harsha --endpoint-url http://localhost:9000 \ sts assume-role \ --role-arn arn:xxx:xxx:xxx:xxxx \ --role-session-name anything ``` instead return an appropriate error as expected by STS API Additionally also format the `trace` output for STS APIs
2020-02-27 01:56:47 +05:30
parent 2dd14c0b89
commit 1330e59307
3 changed files with 15 additions and 2 deletions
--- a/cmd/sts-errors.go
+++ b/cmd/sts-errors.go
@@ -78,6 +78,7 @@ const (
 	ErrSTSInvalidParameterValue
 	ErrSTSWebIdentityExpiredToken
 	ErrSTSClientGrantsExpiredToken
+	ErrSTSInvalidAccessKey
 	ErrSTSInvalidClientGrantsToken
 	ErrSTSMalformedPolicyDocument
 	ErrSTSNotInitialized
@@ -127,6 +128,11 @@ var stsErrCodes = stsErrorCodeMap{
 		Description:    "The client grants token that was passed could not be validated by MinIO.",
 		HTTPStatusCode: http.StatusBadRequest,
 	},
+	ErrSTSInvalidAccessKey: {
+		Code:           "InvalidClientTokenId",
+		Description:    "The security token included in the request is invalid.",
+		HTTPStatusCode: http.StatusForbidden,
+	},
 	ErrSTSMalformedPolicyDocument: {
 		Code:           "MalformedPolicyDocument",
 		Description:    "The request was rejected because the policy document was malformed.",