From fb49aead9b4c980eeb8f88749528ae830aa26fb1 Mon Sep 17 00:00:00 2001 From: Poorna Date: Mon, 10 Jul 2023 23:09:20 -0400 Subject: [PATCH] replication: add validation API (#17520) To check if replication is set up properly on a bucket. --- cmd/api-errors.go | 12 + cmd/api-router.go | 3 + cmd/apierrorcode_string.go | 516 +++++++++++++++-------------- cmd/bucket-replication-handlers.go | 150 +++++++++ cmd/object-api-errors.go | 12 + cmd/object-handlers.go | 11 + cmd/utils.go | 2 + go.mod | 2 + go.sum | 4 +- internal/http/headers.go | 2 + 10 files changed, 455 insertions(+), 259 deletions(-) diff --git a/cmd/api-errors.go b/cmd/api-errors.go index aebae1a4d..3117d22c8 100644 --- a/cmd/api-errors.go +++ b/cmd/api-errors.go @@ -138,6 +138,8 @@ const ( ErrReplicationDenyEditError ErrRemoteTargetDenyAddError ErrReplicationNoExistingObjects + ErrReplicationValidationError + ErrReplicationPermissionCheckError ErrObjectRestoreAlreadyInProgress ErrNoSuchKey ErrNoSuchUpload @@ -1015,6 +1017,16 @@ var errorCodes = errorCodeMap{ Description: "Versioning must be 'Enabled' on the bucket to add a replication target", HTTPStatusCode: http.StatusBadRequest, }, + ErrReplicationValidationError: { + Code: "InvalidRequest", + Description: "Replication validation failed on target", + HTTPStatusCode: http.StatusBadRequest, + }, + ErrReplicationPermissionCheckError: { + Code: "ReplicationPermissionCheck", + Description: "X-Minio-Source-Replication-Check cannot be specified in request. Request cannot be completed", + HTTPStatusCode: http.StatusBadRequest, + }, ErrNoSuchObjectLockConfiguration: { Code: "NoSuchObjectLockConfiguration", Description: "The specified object does not have a ObjectLock configuration", diff --git a/cmd/api-router.go b/cmd/api-router.go index 76a3ddc28..517b0dd6d 100644 --- a/cmd/api-router.go +++ b/cmd/api-router.go @@ -464,6 +464,9 @@ func registerAPIRouter(router *mux.Router) { // GetBucketReplicationMetrics router.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketreplicationmetrics", maxClients(gz(httpTraceAll(api.GetBucketReplicationMetricsHandler))))).Queries("replication-metrics", "") + // ValidateBucketReplicationCreds + router.Methods(http.MethodGet).HandlerFunc( + collectAPIStats("checkbucketreplicationconfiguration", maxClients(gz(httpTraceAll(api.ValidateBucketReplicationCredsHandler))))).Queries("replication-check", "") // Register rejected bucket APIs for _, r := range rejectedBucketAPIs { diff --git a/cmd/apierrorcode_string.go b/cmd/apierrorcode_string.go index e974ca755..68980c83b 100644 --- a/cmd/apierrorcode_string.go +++ b/cmd/apierrorcode_string.go @@ -69,266 +69,268 @@ func _() { _ = x[ErrReplicationDenyEditError-58] _ = x[ErrRemoteTargetDenyAddError-59] _ = x[ErrReplicationNoExistingObjects-60] - _ = x[ErrObjectRestoreAlreadyInProgress-61] - _ = x[ErrNoSuchKey-62] - _ = x[ErrNoSuchUpload-63] - _ = x[ErrInvalidVersionID-64] - _ = x[ErrNoSuchVersion-65] - _ = x[ErrNotImplemented-66] - _ = x[ErrPreconditionFailed-67] - _ = x[ErrRequestTimeTooSkewed-68] - _ = x[ErrSignatureDoesNotMatch-69] - _ = x[ErrMethodNotAllowed-70] - _ = x[ErrInvalidPart-71] - _ = x[ErrInvalidPartOrder-72] - _ = x[ErrMissingPart-73] - _ = x[ErrAuthorizationHeaderMalformed-74] - _ = x[ErrMalformedPOSTRequest-75] - _ = x[ErrPOSTFileRequired-76] - _ = x[ErrSignatureVersionNotSupported-77] - _ = x[ErrBucketNotEmpty-78] - _ = x[ErrAllAccessDisabled-79] - _ = x[ErrPolicyInvalidVersion-80] - _ = x[ErrMissingFields-81] - _ = x[ErrMissingCredTag-82] - _ = x[ErrCredMalformed-83] - _ = x[ErrInvalidRegion-84] - _ = x[ErrInvalidServiceS3-85] - _ = x[ErrInvalidServiceSTS-86] - _ = x[ErrInvalidRequestVersion-87] - _ = x[ErrMissingSignTag-88] - _ = x[ErrMissingSignHeadersTag-89] - _ = x[ErrMalformedDate-90] - _ = x[ErrMalformedPresignedDate-91] - _ = x[ErrMalformedCredentialDate-92] - _ = x[ErrMalformedExpires-93] - _ = x[ErrNegativeExpires-94] - _ = x[ErrAuthHeaderEmpty-95] - _ = x[ErrExpiredPresignRequest-96] - _ = x[ErrRequestNotReadyYet-97] - _ = x[ErrUnsignedHeaders-98] - _ = x[ErrMissingDateHeader-99] - _ = x[ErrInvalidQuerySignatureAlgo-100] - _ = x[ErrInvalidQueryParams-101] - _ = x[ErrBucketAlreadyOwnedByYou-102] - _ = x[ErrInvalidDuration-103] - _ = x[ErrBucketAlreadyExists-104] - _ = x[ErrMetadataTooLarge-105] - _ = x[ErrUnsupportedMetadata-106] - _ = x[ErrUnsupportedHostHeader-107] - _ = x[ErrMaximumExpires-108] - _ = x[ErrSlowDownRead-109] - _ = x[ErrSlowDownWrite-110] - _ = x[ErrInvalidPrefixMarker-111] - _ = x[ErrBadRequest-112] - _ = x[ErrKeyTooLongError-113] - _ = x[ErrInvalidBucketObjectLockConfiguration-114] - _ = x[ErrObjectLockConfigurationNotFound-115] - _ = x[ErrObjectLockConfigurationNotAllowed-116] - _ = x[ErrNoSuchObjectLockConfiguration-117] - _ = x[ErrObjectLocked-118] - _ = x[ErrInvalidRetentionDate-119] - _ = x[ErrPastObjectLockRetainDate-120] - _ = x[ErrUnknownWORMModeDirective-121] - _ = x[ErrBucketTaggingNotFound-122] - _ = x[ErrObjectLockInvalidHeaders-123] - _ = x[ErrInvalidTagDirective-124] - _ = x[ErrPolicyAlreadyAttached-125] - _ = x[ErrPolicyNotAttached-126] - _ = x[ErrExcessData-127] - _ = x[ErrInvalidEncryptionMethod-128] - _ = x[ErrInvalidEncryptionKeyID-129] - _ = x[ErrInsecureSSECustomerRequest-130] - _ = x[ErrSSEMultipartEncrypted-131] - _ = x[ErrSSEEncryptedObject-132] - _ = x[ErrInvalidEncryptionParameters-133] - _ = x[ErrInvalidEncryptionParametersSSEC-134] - _ = x[ErrInvalidSSECustomerAlgorithm-135] - _ = x[ErrInvalidSSECustomerKey-136] - _ = x[ErrMissingSSECustomerKey-137] - _ = x[ErrMissingSSECustomerKeyMD5-138] - _ = x[ErrSSECustomerKeyMD5Mismatch-139] - _ = x[ErrInvalidSSECustomerParameters-140] - _ = x[ErrIncompatibleEncryptionMethod-141] - _ = x[ErrKMSNotConfigured-142] - _ = x[ErrKMSKeyNotFoundException-143] - _ = x[ErrKMSDefaultKeyAlreadyConfigured-144] - _ = x[ErrNoAccessKey-145] - _ = x[ErrInvalidToken-146] - _ = x[ErrEventNotification-147] - _ = x[ErrARNNotification-148] - _ = x[ErrRegionNotification-149] - _ = x[ErrOverlappingFilterNotification-150] - _ = x[ErrFilterNameInvalid-151] - _ = x[ErrFilterNamePrefix-152] - _ = x[ErrFilterNameSuffix-153] - _ = x[ErrFilterValueInvalid-154] - _ = x[ErrOverlappingConfigs-155] - _ = x[ErrUnsupportedNotification-156] - _ = x[ErrContentSHA256Mismatch-157] - _ = x[ErrContentChecksumMismatch-158] - _ = x[ErrStorageFull-159] - _ = x[ErrRequestBodyParse-160] - _ = x[ErrObjectExistsAsDirectory-161] - _ = x[ErrInvalidObjectName-162] - _ = x[ErrInvalidObjectNamePrefixSlash-163] - _ = x[ErrInvalidResourceName-164] - _ = x[ErrInvalidLifecycleQueryParameter-165] - _ = x[ErrServerNotInitialized-166] - _ = x[ErrRequestTimedout-167] - _ = x[ErrClientDisconnected-168] - _ = x[ErrTooManyRequests-169] - _ = x[ErrInvalidRequest-170] - _ = x[ErrTransitionStorageClassNotFoundError-171] - _ = x[ErrInvalidStorageClass-172] - _ = x[ErrBackendDown-173] - _ = x[ErrMalformedJSON-174] - _ = x[ErrAdminNoSuchUser-175] - _ = x[ErrAdminNoSuchUserLDAPWarn-176] - _ = x[ErrAdminNoSuchGroup-177] - _ = x[ErrAdminGroupNotEmpty-178] - _ = x[ErrAdminGroupDisabled-179] - _ = x[ErrAdminNoSuchJob-180] - _ = x[ErrAdminNoSuchPolicy-181] - _ = x[ErrAdminPolicyChangeAlreadyApplied-182] - _ = x[ErrAdminInvalidArgument-183] - _ = x[ErrAdminInvalidAccessKey-184] - _ = x[ErrAdminInvalidSecretKey-185] - _ = x[ErrAdminConfigNoQuorum-186] - _ = x[ErrAdminConfigTooLarge-187] - _ = x[ErrAdminConfigBadJSON-188] - _ = x[ErrAdminNoSuchConfigTarget-189] - _ = x[ErrAdminConfigEnvOverridden-190] - _ = x[ErrAdminConfigDuplicateKeys-191] - _ = x[ErrAdminConfigInvalidIDPType-192] - _ = x[ErrAdminConfigLDAPNonDefaultConfigName-193] - _ = x[ErrAdminConfigLDAPValidation-194] - _ = x[ErrAdminConfigIDPCfgNameAlreadyExists-195] - _ = x[ErrAdminConfigIDPCfgNameDoesNotExist-196] - _ = x[ErrAdminCredentialsMismatch-197] - _ = x[ErrInsecureClientRequest-198] - _ = x[ErrObjectTampered-199] - _ = x[ErrSiteReplicationInvalidRequest-200] - _ = x[ErrSiteReplicationPeerResp-201] - _ = x[ErrSiteReplicationBackendIssue-202] - _ = x[ErrSiteReplicationServiceAccountError-203] - _ = x[ErrSiteReplicationBucketConfigError-204] - _ = x[ErrSiteReplicationBucketMetaError-205] - _ = x[ErrSiteReplicationIAMError-206] - _ = x[ErrSiteReplicationConfigMissing-207] - _ = x[ErrAdminRebalanceAlreadyStarted-208] - _ = x[ErrAdminRebalanceNotStarted-209] - _ = x[ErrAdminBucketQuotaExceeded-210] - _ = x[ErrAdminNoSuchQuotaConfiguration-211] - _ = x[ErrHealNotImplemented-212] - _ = x[ErrHealNoSuchProcess-213] - _ = x[ErrHealInvalidClientToken-214] - _ = x[ErrHealMissingBucket-215] - _ = x[ErrHealAlreadyRunning-216] - _ = x[ErrHealOverlappingPaths-217] - _ = x[ErrIncorrectContinuationToken-218] - _ = x[ErrEmptyRequestBody-219] - _ = x[ErrUnsupportedFunction-220] - _ = x[ErrInvalidExpressionType-221] - _ = x[ErrBusy-222] - _ = x[ErrUnauthorizedAccess-223] - _ = x[ErrExpressionTooLong-224] - _ = x[ErrIllegalSQLFunctionArgument-225] - _ = x[ErrInvalidKeyPath-226] - _ = x[ErrInvalidCompressionFormat-227] - _ = x[ErrInvalidFileHeaderInfo-228] - _ = x[ErrInvalidJSONType-229] - _ = x[ErrInvalidQuoteFields-230] - _ = x[ErrInvalidRequestParameter-231] - _ = x[ErrInvalidDataType-232] - _ = x[ErrInvalidTextEncoding-233] - _ = x[ErrInvalidDataSource-234] - _ = x[ErrInvalidTableAlias-235] - _ = x[ErrMissingRequiredParameter-236] - _ = x[ErrObjectSerializationConflict-237] - _ = x[ErrUnsupportedSQLOperation-238] - _ = x[ErrUnsupportedSQLStructure-239] - _ = x[ErrUnsupportedSyntax-240] - _ = x[ErrUnsupportedRangeHeader-241] - _ = x[ErrLexerInvalidChar-242] - _ = x[ErrLexerInvalidOperator-243] - _ = x[ErrLexerInvalidLiteral-244] - _ = x[ErrLexerInvalidIONLiteral-245] - _ = x[ErrParseExpectedDatePart-246] - _ = x[ErrParseExpectedKeyword-247] - _ = x[ErrParseExpectedTokenType-248] - _ = x[ErrParseExpected2TokenTypes-249] - _ = x[ErrParseExpectedNumber-250] - _ = x[ErrParseExpectedRightParenBuiltinFunctionCall-251] - _ = x[ErrParseExpectedTypeName-252] - _ = x[ErrParseExpectedWhenClause-253] - _ = x[ErrParseUnsupportedToken-254] - _ = x[ErrParseUnsupportedLiteralsGroupBy-255] - _ = x[ErrParseExpectedMember-256] - _ = x[ErrParseUnsupportedSelect-257] - _ = x[ErrParseUnsupportedCase-258] - _ = x[ErrParseUnsupportedCaseClause-259] - _ = x[ErrParseUnsupportedAlias-260] - _ = x[ErrParseUnsupportedSyntax-261] - _ = x[ErrParseUnknownOperator-262] - _ = x[ErrParseMissingIdentAfterAt-263] - _ = x[ErrParseUnexpectedOperator-264] - _ = x[ErrParseUnexpectedTerm-265] - _ = x[ErrParseUnexpectedToken-266] - _ = x[ErrParseUnexpectedKeyword-267] - _ = x[ErrParseExpectedExpression-268] - _ = x[ErrParseExpectedLeftParenAfterCast-269] - _ = x[ErrParseExpectedLeftParenValueConstructor-270] - _ = x[ErrParseExpectedLeftParenBuiltinFunctionCall-271] - _ = x[ErrParseExpectedArgumentDelimiter-272] - _ = x[ErrParseCastArity-273] - _ = x[ErrParseInvalidTypeParam-274] - _ = x[ErrParseEmptySelect-275] - _ = x[ErrParseSelectMissingFrom-276] - _ = x[ErrParseExpectedIdentForGroupName-277] - _ = x[ErrParseExpectedIdentForAlias-278] - _ = x[ErrParseUnsupportedCallWithStar-279] - _ = x[ErrParseNonUnaryAgregateFunctionCall-280] - _ = x[ErrParseMalformedJoin-281] - _ = x[ErrParseExpectedIdentForAt-282] - _ = x[ErrParseAsteriskIsNotAloneInSelectList-283] - _ = x[ErrParseCannotMixSqbAndWildcardInSelectList-284] - _ = x[ErrParseInvalidContextForWildcardInSelectList-285] - _ = x[ErrIncorrectSQLFunctionArgumentType-286] - _ = x[ErrValueParseFailure-287] - _ = x[ErrEvaluatorInvalidArguments-288] - _ = x[ErrIntegerOverflow-289] - _ = x[ErrLikeInvalidInputs-290] - _ = x[ErrCastFailed-291] - _ = x[ErrInvalidCast-292] - _ = x[ErrEvaluatorInvalidTimestampFormatPattern-293] - _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbolForParsing-294] - _ = x[ErrEvaluatorTimestampFormatPatternDuplicateFields-295] - _ = x[ErrEvaluatorTimestampFormatPatternHourClockAmPmMismatch-296] - _ = x[ErrEvaluatorUnterminatedTimestampFormatPatternToken-297] - _ = x[ErrEvaluatorInvalidTimestampFormatPatternToken-298] - _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbol-299] - _ = x[ErrEvaluatorBindingDoesNotExist-300] - _ = x[ErrMissingHeaders-301] - _ = x[ErrInvalidColumnIndex-302] - _ = x[ErrAdminConfigNotificationTargetsFailed-303] - _ = x[ErrAdminProfilerNotEnabled-304] - _ = x[ErrInvalidDecompressedSize-305] - _ = x[ErrAddUserInvalidArgument-306] - _ = x[ErrAdminResourceInvalidArgument-307] - _ = x[ErrAdminAccountNotEligible-308] - _ = x[ErrAccountNotEligible-309] - _ = x[ErrAdminServiceAccountNotFound-310] - _ = x[ErrPostPolicyConditionInvalidFormat-311] - _ = x[ErrInvalidChecksum-312] - _ = x[ErrLambdaARNInvalid-313] - _ = x[ErrLambdaARNNotFound-314] - _ = x[apiErrCodeEnd-315] + _ = x[ErrReplicationValidationError-61] + _ = x[ErrReplicationPermissionCheckError-62] + _ = x[ErrObjectRestoreAlreadyInProgress-63] + _ = x[ErrNoSuchKey-64] + _ = x[ErrNoSuchUpload-65] + _ = x[ErrInvalidVersionID-66] + _ = x[ErrNoSuchVersion-67] + _ = x[ErrNotImplemented-68] + _ = x[ErrPreconditionFailed-69] + _ = x[ErrRequestTimeTooSkewed-70] + _ = x[ErrSignatureDoesNotMatch-71] + _ = x[ErrMethodNotAllowed-72] + _ = x[ErrInvalidPart-73] + _ = x[ErrInvalidPartOrder-74] + _ = x[ErrMissingPart-75] + _ = x[ErrAuthorizationHeaderMalformed-76] + _ = x[ErrMalformedPOSTRequest-77] + _ = x[ErrPOSTFileRequired-78] + _ = x[ErrSignatureVersionNotSupported-79] + _ = x[ErrBucketNotEmpty-80] + _ = x[ErrAllAccessDisabled-81] + _ = x[ErrPolicyInvalidVersion-82] + _ = x[ErrMissingFields-83] + _ = x[ErrMissingCredTag-84] + _ = x[ErrCredMalformed-85] + _ = x[ErrInvalidRegion-86] + _ = x[ErrInvalidServiceS3-87] + _ = x[ErrInvalidServiceSTS-88] + _ = x[ErrInvalidRequestVersion-89] + _ = x[ErrMissingSignTag-90] + _ = x[ErrMissingSignHeadersTag-91] + _ = x[ErrMalformedDate-92] + _ = x[ErrMalformedPresignedDate-93] + _ = x[ErrMalformedCredentialDate-94] + _ = x[ErrMalformedExpires-95] + _ = x[ErrNegativeExpires-96] + _ = x[ErrAuthHeaderEmpty-97] + _ = x[ErrExpiredPresignRequest-98] + _ = x[ErrRequestNotReadyYet-99] + _ = x[ErrUnsignedHeaders-100] + _ = x[ErrMissingDateHeader-101] + _ = x[ErrInvalidQuerySignatureAlgo-102] + _ = x[ErrInvalidQueryParams-103] + _ = x[ErrBucketAlreadyOwnedByYou-104] + _ = x[ErrInvalidDuration-105] + _ = x[ErrBucketAlreadyExists-106] + _ = x[ErrMetadataTooLarge-107] + _ = x[ErrUnsupportedMetadata-108] + _ = x[ErrUnsupportedHostHeader-109] + _ = x[ErrMaximumExpires-110] + _ = x[ErrSlowDownRead-111] + _ = x[ErrSlowDownWrite-112] + _ = x[ErrInvalidPrefixMarker-113] + _ = x[ErrBadRequest-114] + _ = x[ErrKeyTooLongError-115] + _ = x[ErrInvalidBucketObjectLockConfiguration-116] + _ = x[ErrObjectLockConfigurationNotFound-117] + _ = x[ErrObjectLockConfigurationNotAllowed-118] + _ = x[ErrNoSuchObjectLockConfiguration-119] + _ = x[ErrObjectLocked-120] + _ = x[ErrInvalidRetentionDate-121] + _ = x[ErrPastObjectLockRetainDate-122] + _ = x[ErrUnknownWORMModeDirective-123] + _ = x[ErrBucketTaggingNotFound-124] + _ = x[ErrObjectLockInvalidHeaders-125] + _ = x[ErrInvalidTagDirective-126] + _ = x[ErrPolicyAlreadyAttached-127] + _ = x[ErrPolicyNotAttached-128] + _ = x[ErrExcessData-129] + _ = x[ErrInvalidEncryptionMethod-130] + _ = x[ErrInvalidEncryptionKeyID-131] + _ = x[ErrInsecureSSECustomerRequest-132] + _ = x[ErrSSEMultipartEncrypted-133] + _ = x[ErrSSEEncryptedObject-134] + _ = x[ErrInvalidEncryptionParameters-135] + _ = x[ErrInvalidEncryptionParametersSSEC-136] + _ = x[ErrInvalidSSECustomerAlgorithm-137] + _ = x[ErrInvalidSSECustomerKey-138] + _ = x[ErrMissingSSECustomerKey-139] + _ = x[ErrMissingSSECustomerKeyMD5-140] + _ = x[ErrSSECustomerKeyMD5Mismatch-141] + _ = x[ErrInvalidSSECustomerParameters-142] + _ = x[ErrIncompatibleEncryptionMethod-143] + _ = x[ErrKMSNotConfigured-144] + _ = x[ErrKMSKeyNotFoundException-145] + _ = x[ErrKMSDefaultKeyAlreadyConfigured-146] + _ = x[ErrNoAccessKey-147] + _ = x[ErrInvalidToken-148] + _ = x[ErrEventNotification-149] + _ = x[ErrARNNotification-150] + _ = x[ErrRegionNotification-151] + _ = x[ErrOverlappingFilterNotification-152] + _ = x[ErrFilterNameInvalid-153] + _ = x[ErrFilterNamePrefix-154] + _ = x[ErrFilterNameSuffix-155] + _ = x[ErrFilterValueInvalid-156] + _ = x[ErrOverlappingConfigs-157] + _ = x[ErrUnsupportedNotification-158] + _ = x[ErrContentSHA256Mismatch-159] + _ = x[ErrContentChecksumMismatch-160] + _ = x[ErrStorageFull-161] + _ = x[ErrRequestBodyParse-162] + _ = x[ErrObjectExistsAsDirectory-163] + _ = x[ErrInvalidObjectName-164] + _ = x[ErrInvalidObjectNamePrefixSlash-165] + _ = x[ErrInvalidResourceName-166] + _ = x[ErrInvalidLifecycleQueryParameter-167] + _ = x[ErrServerNotInitialized-168] + _ = x[ErrRequestTimedout-169] + _ = x[ErrClientDisconnected-170] + _ = x[ErrTooManyRequests-171] + _ = x[ErrInvalidRequest-172] + _ = x[ErrTransitionStorageClassNotFoundError-173] + _ = x[ErrInvalidStorageClass-174] + _ = x[ErrBackendDown-175] + _ = x[ErrMalformedJSON-176] + _ = x[ErrAdminNoSuchUser-177] + _ = x[ErrAdminNoSuchUserLDAPWarn-178] + _ = x[ErrAdminNoSuchGroup-179] + _ = x[ErrAdminGroupNotEmpty-180] + _ = x[ErrAdminGroupDisabled-181] + _ = x[ErrAdminNoSuchJob-182] + _ = x[ErrAdminNoSuchPolicy-183] + _ = x[ErrAdminPolicyChangeAlreadyApplied-184] + _ = x[ErrAdminInvalidArgument-185] + _ = x[ErrAdminInvalidAccessKey-186] + _ = x[ErrAdminInvalidSecretKey-187] + _ = x[ErrAdminConfigNoQuorum-188] + _ = x[ErrAdminConfigTooLarge-189] + _ = x[ErrAdminConfigBadJSON-190] + _ = x[ErrAdminNoSuchConfigTarget-191] + _ = x[ErrAdminConfigEnvOverridden-192] + _ = x[ErrAdminConfigDuplicateKeys-193] + _ = x[ErrAdminConfigInvalidIDPType-194] + _ = x[ErrAdminConfigLDAPNonDefaultConfigName-195] + _ = x[ErrAdminConfigLDAPValidation-196] + _ = x[ErrAdminConfigIDPCfgNameAlreadyExists-197] + _ = x[ErrAdminConfigIDPCfgNameDoesNotExist-198] + _ = x[ErrAdminCredentialsMismatch-199] + _ = x[ErrInsecureClientRequest-200] + _ = x[ErrObjectTampered-201] + _ = x[ErrSiteReplicationInvalidRequest-202] + _ = x[ErrSiteReplicationPeerResp-203] + _ = x[ErrSiteReplicationBackendIssue-204] + _ = x[ErrSiteReplicationServiceAccountError-205] + _ = x[ErrSiteReplicationBucketConfigError-206] + _ = x[ErrSiteReplicationBucketMetaError-207] + _ = x[ErrSiteReplicationIAMError-208] + _ = x[ErrSiteReplicationConfigMissing-209] + _ = x[ErrAdminRebalanceAlreadyStarted-210] + _ = x[ErrAdminRebalanceNotStarted-211] + _ = x[ErrAdminBucketQuotaExceeded-212] + _ = x[ErrAdminNoSuchQuotaConfiguration-213] + _ = x[ErrHealNotImplemented-214] + _ = x[ErrHealNoSuchProcess-215] + _ = x[ErrHealInvalidClientToken-216] + _ = x[ErrHealMissingBucket-217] + _ = x[ErrHealAlreadyRunning-218] + _ = x[ErrHealOverlappingPaths-219] + _ = x[ErrIncorrectContinuationToken-220] + _ = x[ErrEmptyRequestBody-221] + _ = x[ErrUnsupportedFunction-222] + _ = x[ErrInvalidExpressionType-223] + _ = x[ErrBusy-224] + _ = x[ErrUnauthorizedAccess-225] + _ = x[ErrExpressionTooLong-226] + _ = x[ErrIllegalSQLFunctionArgument-227] + _ = x[ErrInvalidKeyPath-228] + _ = x[ErrInvalidCompressionFormat-229] + _ = x[ErrInvalidFileHeaderInfo-230] + _ = x[ErrInvalidJSONType-231] + _ = x[ErrInvalidQuoteFields-232] + _ = x[ErrInvalidRequestParameter-233] + _ = x[ErrInvalidDataType-234] + _ = x[ErrInvalidTextEncoding-235] + _ = x[ErrInvalidDataSource-236] + _ = x[ErrInvalidTableAlias-237] + _ = x[ErrMissingRequiredParameter-238] + _ = x[ErrObjectSerializationConflict-239] + _ = x[ErrUnsupportedSQLOperation-240] + _ = x[ErrUnsupportedSQLStructure-241] + _ = x[ErrUnsupportedSyntax-242] + _ = x[ErrUnsupportedRangeHeader-243] + _ = x[ErrLexerInvalidChar-244] + _ = x[ErrLexerInvalidOperator-245] + _ = x[ErrLexerInvalidLiteral-246] + _ = x[ErrLexerInvalidIONLiteral-247] + _ = x[ErrParseExpectedDatePart-248] + _ = x[ErrParseExpectedKeyword-249] + _ = x[ErrParseExpectedTokenType-250] + _ = x[ErrParseExpected2TokenTypes-251] + _ = x[ErrParseExpectedNumber-252] + _ = x[ErrParseExpectedRightParenBuiltinFunctionCall-253] + _ = x[ErrParseExpectedTypeName-254] + _ = x[ErrParseExpectedWhenClause-255] + _ = x[ErrParseUnsupportedToken-256] + _ = x[ErrParseUnsupportedLiteralsGroupBy-257] + _ = x[ErrParseExpectedMember-258] + _ = x[ErrParseUnsupportedSelect-259] + _ = x[ErrParseUnsupportedCase-260] + _ = x[ErrParseUnsupportedCaseClause-261] + _ = x[ErrParseUnsupportedAlias-262] + _ = x[ErrParseUnsupportedSyntax-263] + _ = x[ErrParseUnknownOperator-264] + _ = x[ErrParseMissingIdentAfterAt-265] + _ = x[ErrParseUnexpectedOperator-266] + _ = x[ErrParseUnexpectedTerm-267] + _ = x[ErrParseUnexpectedToken-268] + _ = x[ErrParseUnexpectedKeyword-269] + _ = x[ErrParseExpectedExpression-270] + _ = x[ErrParseExpectedLeftParenAfterCast-271] + _ = x[ErrParseExpectedLeftParenValueConstructor-272] + _ = x[ErrParseExpectedLeftParenBuiltinFunctionCall-273] + _ = x[ErrParseExpectedArgumentDelimiter-274] + _ = x[ErrParseCastArity-275] + _ = x[ErrParseInvalidTypeParam-276] + _ = x[ErrParseEmptySelect-277] + _ = x[ErrParseSelectMissingFrom-278] + _ = x[ErrParseExpectedIdentForGroupName-279] + _ = x[ErrParseExpectedIdentForAlias-280] + _ = x[ErrParseUnsupportedCallWithStar-281] + _ = x[ErrParseNonUnaryAgregateFunctionCall-282] + _ = x[ErrParseMalformedJoin-283] + _ = x[ErrParseExpectedIdentForAt-284] + _ = x[ErrParseAsteriskIsNotAloneInSelectList-285] + _ = x[ErrParseCannotMixSqbAndWildcardInSelectList-286] + _ = x[ErrParseInvalidContextForWildcardInSelectList-287] + _ = x[ErrIncorrectSQLFunctionArgumentType-288] + _ = x[ErrValueParseFailure-289] + _ = x[ErrEvaluatorInvalidArguments-290] + _ = x[ErrIntegerOverflow-291] + _ = x[ErrLikeInvalidInputs-292] + _ = x[ErrCastFailed-293] + _ = x[ErrInvalidCast-294] + _ = x[ErrEvaluatorInvalidTimestampFormatPattern-295] + _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbolForParsing-296] + _ = x[ErrEvaluatorTimestampFormatPatternDuplicateFields-297] + _ = x[ErrEvaluatorTimestampFormatPatternHourClockAmPmMismatch-298] + _ = x[ErrEvaluatorUnterminatedTimestampFormatPatternToken-299] + _ = x[ErrEvaluatorInvalidTimestampFormatPatternToken-300] + _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbol-301] + _ = x[ErrEvaluatorBindingDoesNotExist-302] + _ = x[ErrMissingHeaders-303] + _ = x[ErrInvalidColumnIndex-304] + _ = x[ErrAdminConfigNotificationTargetsFailed-305] + _ = x[ErrAdminProfilerNotEnabled-306] + _ = x[ErrInvalidDecompressedSize-307] + _ = x[ErrAddUserInvalidArgument-308] + _ = x[ErrAdminResourceInvalidArgument-309] + _ = x[ErrAdminAccountNotEligible-310] + _ = x[ErrAccountNotEligible-311] + _ = x[ErrAdminServiceAccountNotFound-312] + _ = x[ErrPostPolicyConditionInvalidFormat-313] + _ = x[ErrInvalidChecksum-314] + _ = x[ErrLambdaARNInvalid-315] + _ = x[ErrLambdaARNNotFound-316] + _ = x[apiErrCodeEnd-317] } -const _APIErrorCode_name = "NoneAccessDeniedBadDigestEntityTooSmallEntityTooLargePolicyTooLargeIncompleteBodyInternalErrorInvalidAccessKeyIDAccessKeyDisabledInvalidArgumentInvalidBucketNameInvalidDigestInvalidRangeInvalidRangePartNumberInvalidCopyPartRangeInvalidCopyPartRangeSourceInvalidMaxKeysInvalidEncodingMethodInvalidMaxUploadsInvalidMaxPartsInvalidPartNumberMarkerInvalidPartNumberInvalidRequestBodyInvalidCopySourceInvalidMetadataDirectiveInvalidCopyDestInvalidPolicyDocumentInvalidObjectStateMalformedXMLMissingContentLengthMissingContentMD5MissingRequestBodyErrorMissingSecurityHeaderNoSuchBucketNoSuchBucketPolicyNoSuchBucketLifecycleNoSuchLifecycleConfigurationInvalidLifecycleWithObjectLockNoSuchBucketSSEConfigNoSuchCORSConfigurationNoSuchWebsiteConfigurationReplicationConfigurationNotFoundErrorRemoteDestinationNotFoundErrorReplicationDestinationMissingLockRemoteTargetNotFoundErrorReplicationRemoteConnectionErrorReplicationBandwidthLimitErrorBucketRemoteIdenticalToSourceBucketRemoteAlreadyExistsBucketRemoteLabelInUseBucketRemoteArnTypeInvalidBucketRemoteArnInvalidBucketRemoteRemoveDisallowedRemoteTargetNotVersionedErrorReplicationSourceNotVersionedErrorReplicationNeedsVersioningErrorReplicationBucketNeedsVersioningErrorReplicationDenyEditErrorRemoteTargetDenyAddErrorReplicationNoExistingObjectsObjectRestoreAlreadyInProgressNoSuchKeyNoSuchUploadInvalidVersionIDNoSuchVersionNotImplementedPreconditionFailedRequestTimeTooSkewedSignatureDoesNotMatchMethodNotAllowedInvalidPartInvalidPartOrderMissingPartAuthorizationHeaderMalformedMalformedPOSTRequestPOSTFileRequiredSignatureVersionNotSupportedBucketNotEmptyAllAccessDisabledPolicyInvalidVersionMissingFieldsMissingCredTagCredMalformedInvalidRegionInvalidServiceS3InvalidServiceSTSInvalidRequestVersionMissingSignTagMissingSignHeadersTagMalformedDateMalformedPresignedDateMalformedCredentialDateMalformedExpiresNegativeExpiresAuthHeaderEmptyExpiredPresignRequestRequestNotReadyYetUnsignedHeadersMissingDateHeaderInvalidQuerySignatureAlgoInvalidQueryParamsBucketAlreadyOwnedByYouInvalidDurationBucketAlreadyExistsMetadataTooLargeUnsupportedMetadataUnsupportedHostHeaderMaximumExpiresSlowDownReadSlowDownWriteInvalidPrefixMarkerBadRequestKeyTooLongErrorInvalidBucketObjectLockConfigurationObjectLockConfigurationNotFoundObjectLockConfigurationNotAllowedNoSuchObjectLockConfigurationObjectLockedInvalidRetentionDatePastObjectLockRetainDateUnknownWORMModeDirectiveBucketTaggingNotFoundObjectLockInvalidHeadersInvalidTagDirectivePolicyAlreadyAttachedPolicyNotAttachedExcessDataInvalidEncryptionMethodInvalidEncryptionKeyIDInsecureSSECustomerRequestSSEMultipartEncryptedSSEEncryptedObjectInvalidEncryptionParametersInvalidEncryptionParametersSSECInvalidSSECustomerAlgorithmInvalidSSECustomerKeyMissingSSECustomerKeyMissingSSECustomerKeyMD5SSECustomerKeyMD5MismatchInvalidSSECustomerParametersIncompatibleEncryptionMethodKMSNotConfiguredKMSKeyNotFoundExceptionKMSDefaultKeyAlreadyConfiguredNoAccessKeyInvalidTokenEventNotificationARNNotificationRegionNotificationOverlappingFilterNotificationFilterNameInvalidFilterNamePrefixFilterNameSuffixFilterValueInvalidOverlappingConfigsUnsupportedNotificationContentSHA256MismatchContentChecksumMismatchStorageFullRequestBodyParseObjectExistsAsDirectoryInvalidObjectNameInvalidObjectNamePrefixSlashInvalidResourceNameInvalidLifecycleQueryParameterServerNotInitializedRequestTimedoutClientDisconnectedTooManyRequestsInvalidRequestTransitionStorageClassNotFoundErrorInvalidStorageClassBackendDownMalformedJSONAdminNoSuchUserAdminNoSuchUserLDAPWarnAdminNoSuchGroupAdminGroupNotEmptyAdminGroupDisabledAdminNoSuchJobAdminNoSuchPolicyAdminPolicyChangeAlreadyAppliedAdminInvalidArgumentAdminInvalidAccessKeyAdminInvalidSecretKeyAdminConfigNoQuorumAdminConfigTooLargeAdminConfigBadJSONAdminNoSuchConfigTargetAdminConfigEnvOverriddenAdminConfigDuplicateKeysAdminConfigInvalidIDPTypeAdminConfigLDAPNonDefaultConfigNameAdminConfigLDAPValidationAdminConfigIDPCfgNameAlreadyExistsAdminConfigIDPCfgNameDoesNotExistAdminCredentialsMismatchInsecureClientRequestObjectTamperedSiteReplicationInvalidRequestSiteReplicationPeerRespSiteReplicationBackendIssueSiteReplicationServiceAccountErrorSiteReplicationBucketConfigErrorSiteReplicationBucketMetaErrorSiteReplicationIAMErrorSiteReplicationConfigMissingAdminRebalanceAlreadyStartedAdminRebalanceNotStartedAdminBucketQuotaExceededAdminNoSuchQuotaConfigurationHealNotImplementedHealNoSuchProcessHealInvalidClientTokenHealMissingBucketHealAlreadyRunningHealOverlappingPathsIncorrectContinuationTokenEmptyRequestBodyUnsupportedFunctionInvalidExpressionTypeBusyUnauthorizedAccessExpressionTooLongIllegalSQLFunctionArgumentInvalidKeyPathInvalidCompressionFormatInvalidFileHeaderInfoInvalidJSONTypeInvalidQuoteFieldsInvalidRequestParameterInvalidDataTypeInvalidTextEncodingInvalidDataSourceInvalidTableAliasMissingRequiredParameterObjectSerializationConflictUnsupportedSQLOperationUnsupportedSQLStructureUnsupportedSyntaxUnsupportedRangeHeaderLexerInvalidCharLexerInvalidOperatorLexerInvalidLiteralLexerInvalidIONLiteralParseExpectedDatePartParseExpectedKeywordParseExpectedTokenTypeParseExpected2TokenTypesParseExpectedNumberParseExpectedRightParenBuiltinFunctionCallParseExpectedTypeNameParseExpectedWhenClauseParseUnsupportedTokenParseUnsupportedLiteralsGroupByParseExpectedMemberParseUnsupportedSelectParseUnsupportedCaseParseUnsupportedCaseClauseParseUnsupportedAliasParseUnsupportedSyntaxParseUnknownOperatorParseMissingIdentAfterAtParseUnexpectedOperatorParseUnexpectedTermParseUnexpectedTokenParseUnexpectedKeywordParseExpectedExpressionParseExpectedLeftParenAfterCastParseExpectedLeftParenValueConstructorParseExpectedLeftParenBuiltinFunctionCallParseExpectedArgumentDelimiterParseCastArityParseInvalidTypeParamParseEmptySelectParseSelectMissingFromParseExpectedIdentForGroupNameParseExpectedIdentForAliasParseUnsupportedCallWithStarParseNonUnaryAgregateFunctionCallParseMalformedJoinParseExpectedIdentForAtParseAsteriskIsNotAloneInSelectListParseCannotMixSqbAndWildcardInSelectListParseInvalidContextForWildcardInSelectListIncorrectSQLFunctionArgumentTypeValueParseFailureEvaluatorInvalidArgumentsIntegerOverflowLikeInvalidInputsCastFailedInvalidCastEvaluatorInvalidTimestampFormatPatternEvaluatorInvalidTimestampFormatPatternSymbolForParsingEvaluatorTimestampFormatPatternDuplicateFieldsEvaluatorTimestampFormatPatternHourClockAmPmMismatchEvaluatorUnterminatedTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternSymbolEvaluatorBindingDoesNotExistMissingHeadersInvalidColumnIndexAdminConfigNotificationTargetsFailedAdminProfilerNotEnabledInvalidDecompressedSizeAddUserInvalidArgumentAdminResourceInvalidArgumentAdminAccountNotEligibleAccountNotEligibleAdminServiceAccountNotFoundPostPolicyConditionInvalidFormatInvalidChecksumLambdaARNInvalidLambdaARNNotFoundapiErrCodeEnd" +const _APIErrorCode_name = "NoneAccessDeniedBadDigestEntityTooSmallEntityTooLargePolicyTooLargeIncompleteBodyInternalErrorInvalidAccessKeyIDAccessKeyDisabledInvalidArgumentInvalidBucketNameInvalidDigestInvalidRangeInvalidRangePartNumberInvalidCopyPartRangeInvalidCopyPartRangeSourceInvalidMaxKeysInvalidEncodingMethodInvalidMaxUploadsInvalidMaxPartsInvalidPartNumberMarkerInvalidPartNumberInvalidRequestBodyInvalidCopySourceInvalidMetadataDirectiveInvalidCopyDestInvalidPolicyDocumentInvalidObjectStateMalformedXMLMissingContentLengthMissingContentMD5MissingRequestBodyErrorMissingSecurityHeaderNoSuchBucketNoSuchBucketPolicyNoSuchBucketLifecycleNoSuchLifecycleConfigurationInvalidLifecycleWithObjectLockNoSuchBucketSSEConfigNoSuchCORSConfigurationNoSuchWebsiteConfigurationReplicationConfigurationNotFoundErrorRemoteDestinationNotFoundErrorReplicationDestinationMissingLockRemoteTargetNotFoundErrorReplicationRemoteConnectionErrorReplicationBandwidthLimitErrorBucketRemoteIdenticalToSourceBucketRemoteAlreadyExistsBucketRemoteLabelInUseBucketRemoteArnTypeInvalidBucketRemoteArnInvalidBucketRemoteRemoveDisallowedRemoteTargetNotVersionedErrorReplicationSourceNotVersionedErrorReplicationNeedsVersioningErrorReplicationBucketNeedsVersioningErrorReplicationDenyEditErrorRemoteTargetDenyAddErrorReplicationNoExistingObjectsReplicationValidationErrorReplicationPermissionCheckErrorObjectRestoreAlreadyInProgressNoSuchKeyNoSuchUploadInvalidVersionIDNoSuchVersionNotImplementedPreconditionFailedRequestTimeTooSkewedSignatureDoesNotMatchMethodNotAllowedInvalidPartInvalidPartOrderMissingPartAuthorizationHeaderMalformedMalformedPOSTRequestPOSTFileRequiredSignatureVersionNotSupportedBucketNotEmptyAllAccessDisabledPolicyInvalidVersionMissingFieldsMissingCredTagCredMalformedInvalidRegionInvalidServiceS3InvalidServiceSTSInvalidRequestVersionMissingSignTagMissingSignHeadersTagMalformedDateMalformedPresignedDateMalformedCredentialDateMalformedExpiresNegativeExpiresAuthHeaderEmptyExpiredPresignRequestRequestNotReadyYetUnsignedHeadersMissingDateHeaderInvalidQuerySignatureAlgoInvalidQueryParamsBucketAlreadyOwnedByYouInvalidDurationBucketAlreadyExistsMetadataTooLargeUnsupportedMetadataUnsupportedHostHeaderMaximumExpiresSlowDownReadSlowDownWriteInvalidPrefixMarkerBadRequestKeyTooLongErrorInvalidBucketObjectLockConfigurationObjectLockConfigurationNotFoundObjectLockConfigurationNotAllowedNoSuchObjectLockConfigurationObjectLockedInvalidRetentionDatePastObjectLockRetainDateUnknownWORMModeDirectiveBucketTaggingNotFoundObjectLockInvalidHeadersInvalidTagDirectivePolicyAlreadyAttachedPolicyNotAttachedExcessDataInvalidEncryptionMethodInvalidEncryptionKeyIDInsecureSSECustomerRequestSSEMultipartEncryptedSSEEncryptedObjectInvalidEncryptionParametersInvalidEncryptionParametersSSECInvalidSSECustomerAlgorithmInvalidSSECustomerKeyMissingSSECustomerKeyMissingSSECustomerKeyMD5SSECustomerKeyMD5MismatchInvalidSSECustomerParametersIncompatibleEncryptionMethodKMSNotConfiguredKMSKeyNotFoundExceptionKMSDefaultKeyAlreadyConfiguredNoAccessKeyInvalidTokenEventNotificationARNNotificationRegionNotificationOverlappingFilterNotificationFilterNameInvalidFilterNamePrefixFilterNameSuffixFilterValueInvalidOverlappingConfigsUnsupportedNotificationContentSHA256MismatchContentChecksumMismatchStorageFullRequestBodyParseObjectExistsAsDirectoryInvalidObjectNameInvalidObjectNamePrefixSlashInvalidResourceNameInvalidLifecycleQueryParameterServerNotInitializedRequestTimedoutClientDisconnectedTooManyRequestsInvalidRequestTransitionStorageClassNotFoundErrorInvalidStorageClassBackendDownMalformedJSONAdminNoSuchUserAdminNoSuchUserLDAPWarnAdminNoSuchGroupAdminGroupNotEmptyAdminGroupDisabledAdminNoSuchJobAdminNoSuchPolicyAdminPolicyChangeAlreadyAppliedAdminInvalidArgumentAdminInvalidAccessKeyAdminInvalidSecretKeyAdminConfigNoQuorumAdminConfigTooLargeAdminConfigBadJSONAdminNoSuchConfigTargetAdminConfigEnvOverriddenAdminConfigDuplicateKeysAdminConfigInvalidIDPTypeAdminConfigLDAPNonDefaultConfigNameAdminConfigLDAPValidationAdminConfigIDPCfgNameAlreadyExistsAdminConfigIDPCfgNameDoesNotExistAdminCredentialsMismatchInsecureClientRequestObjectTamperedSiteReplicationInvalidRequestSiteReplicationPeerRespSiteReplicationBackendIssueSiteReplicationServiceAccountErrorSiteReplicationBucketConfigErrorSiteReplicationBucketMetaErrorSiteReplicationIAMErrorSiteReplicationConfigMissingAdminRebalanceAlreadyStartedAdminRebalanceNotStartedAdminBucketQuotaExceededAdminNoSuchQuotaConfigurationHealNotImplementedHealNoSuchProcessHealInvalidClientTokenHealMissingBucketHealAlreadyRunningHealOverlappingPathsIncorrectContinuationTokenEmptyRequestBodyUnsupportedFunctionInvalidExpressionTypeBusyUnauthorizedAccessExpressionTooLongIllegalSQLFunctionArgumentInvalidKeyPathInvalidCompressionFormatInvalidFileHeaderInfoInvalidJSONTypeInvalidQuoteFieldsInvalidRequestParameterInvalidDataTypeInvalidTextEncodingInvalidDataSourceInvalidTableAliasMissingRequiredParameterObjectSerializationConflictUnsupportedSQLOperationUnsupportedSQLStructureUnsupportedSyntaxUnsupportedRangeHeaderLexerInvalidCharLexerInvalidOperatorLexerInvalidLiteralLexerInvalidIONLiteralParseExpectedDatePartParseExpectedKeywordParseExpectedTokenTypeParseExpected2TokenTypesParseExpectedNumberParseExpectedRightParenBuiltinFunctionCallParseExpectedTypeNameParseExpectedWhenClauseParseUnsupportedTokenParseUnsupportedLiteralsGroupByParseExpectedMemberParseUnsupportedSelectParseUnsupportedCaseParseUnsupportedCaseClauseParseUnsupportedAliasParseUnsupportedSyntaxParseUnknownOperatorParseMissingIdentAfterAtParseUnexpectedOperatorParseUnexpectedTermParseUnexpectedTokenParseUnexpectedKeywordParseExpectedExpressionParseExpectedLeftParenAfterCastParseExpectedLeftParenValueConstructorParseExpectedLeftParenBuiltinFunctionCallParseExpectedArgumentDelimiterParseCastArityParseInvalidTypeParamParseEmptySelectParseSelectMissingFromParseExpectedIdentForGroupNameParseExpectedIdentForAliasParseUnsupportedCallWithStarParseNonUnaryAgregateFunctionCallParseMalformedJoinParseExpectedIdentForAtParseAsteriskIsNotAloneInSelectListParseCannotMixSqbAndWildcardInSelectListParseInvalidContextForWildcardInSelectListIncorrectSQLFunctionArgumentTypeValueParseFailureEvaluatorInvalidArgumentsIntegerOverflowLikeInvalidInputsCastFailedInvalidCastEvaluatorInvalidTimestampFormatPatternEvaluatorInvalidTimestampFormatPatternSymbolForParsingEvaluatorTimestampFormatPatternDuplicateFieldsEvaluatorTimestampFormatPatternHourClockAmPmMismatchEvaluatorUnterminatedTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternSymbolEvaluatorBindingDoesNotExistMissingHeadersInvalidColumnIndexAdminConfigNotificationTargetsFailedAdminProfilerNotEnabledInvalidDecompressedSizeAddUserInvalidArgumentAdminResourceInvalidArgumentAdminAccountNotEligibleAccountNotEligibleAdminServiceAccountNotFoundPostPolicyConditionInvalidFormatInvalidChecksumLambdaARNInvalidLambdaARNNotFoundapiErrCodeEnd" -var _APIErrorCode_index = [...]uint16{0, 4, 16, 25, 39, 53, 67, 81, 94, 112, 129, 144, 161, 174, 186, 208, 228, 254, 268, 289, 306, 321, 344, 361, 379, 396, 420, 435, 456, 474, 486, 506, 523, 546, 567, 579, 597, 618, 646, 676, 697, 720, 746, 783, 813, 846, 871, 903, 933, 962, 987, 1009, 1035, 1057, 1085, 1114, 1148, 1179, 1216, 1240, 1264, 1292, 1322, 1331, 1343, 1359, 1372, 1386, 1404, 1424, 1445, 1461, 1472, 1488, 1499, 1527, 1547, 1563, 1591, 1605, 1622, 1642, 1655, 1669, 1682, 1695, 1711, 1728, 1749, 1763, 1784, 1797, 1819, 1842, 1858, 1873, 1888, 1909, 1927, 1942, 1959, 1984, 2002, 2025, 2040, 2059, 2075, 2094, 2115, 2129, 2141, 2154, 2173, 2183, 2198, 2234, 2265, 2298, 2327, 2339, 2359, 2383, 2407, 2428, 2452, 2471, 2492, 2509, 2519, 2542, 2564, 2590, 2611, 2629, 2656, 2687, 2714, 2735, 2756, 2780, 2805, 2833, 2861, 2877, 2900, 2930, 2941, 2953, 2970, 2985, 3003, 3032, 3049, 3065, 3081, 3099, 3117, 3140, 3161, 3184, 3195, 3211, 3234, 3251, 3279, 3298, 3328, 3348, 3363, 3381, 3396, 3410, 3445, 3464, 3475, 3488, 3503, 3526, 3542, 3560, 3578, 3592, 3609, 3640, 3660, 3681, 3702, 3721, 3740, 3758, 3781, 3805, 3829, 3854, 3889, 3914, 3948, 3981, 4005, 4026, 4040, 4069, 4092, 4119, 4153, 4185, 4215, 4238, 4266, 4294, 4318, 4342, 4371, 4389, 4406, 4428, 4445, 4463, 4483, 4509, 4525, 4544, 4565, 4569, 4587, 4604, 4630, 4644, 4668, 4689, 4704, 4722, 4745, 4760, 4779, 4796, 4813, 4837, 4864, 4887, 4910, 4927, 4949, 4965, 4985, 5004, 5026, 5047, 5067, 5089, 5113, 5132, 5174, 5195, 5218, 5239, 5270, 5289, 5311, 5331, 5357, 5378, 5400, 5420, 5444, 5467, 5486, 5506, 5528, 5551, 5582, 5620, 5661, 5691, 5705, 5726, 5742, 5764, 5794, 5820, 5848, 5881, 5899, 5922, 5957, 5997, 6039, 6071, 6088, 6113, 6128, 6145, 6155, 6166, 6204, 6258, 6304, 6356, 6404, 6447, 6491, 6519, 6533, 6551, 6587, 6610, 6633, 6655, 6683, 6706, 6724, 6751, 6783, 6798, 6814, 6831, 6844} +var _APIErrorCode_index = [...]uint16{0, 4, 16, 25, 39, 53, 67, 81, 94, 112, 129, 144, 161, 174, 186, 208, 228, 254, 268, 289, 306, 321, 344, 361, 379, 396, 420, 435, 456, 474, 486, 506, 523, 546, 567, 579, 597, 618, 646, 676, 697, 720, 746, 783, 813, 846, 871, 903, 933, 962, 987, 1009, 1035, 1057, 1085, 1114, 1148, 1179, 1216, 1240, 1264, 1292, 1318, 1349, 1379, 1388, 1400, 1416, 1429, 1443, 1461, 1481, 1502, 1518, 1529, 1545, 1556, 1584, 1604, 1620, 1648, 1662, 1679, 1699, 1712, 1726, 1739, 1752, 1768, 1785, 1806, 1820, 1841, 1854, 1876, 1899, 1915, 1930, 1945, 1966, 1984, 1999, 2016, 2041, 2059, 2082, 2097, 2116, 2132, 2151, 2172, 2186, 2198, 2211, 2230, 2240, 2255, 2291, 2322, 2355, 2384, 2396, 2416, 2440, 2464, 2485, 2509, 2528, 2549, 2566, 2576, 2599, 2621, 2647, 2668, 2686, 2713, 2744, 2771, 2792, 2813, 2837, 2862, 2890, 2918, 2934, 2957, 2987, 2998, 3010, 3027, 3042, 3060, 3089, 3106, 3122, 3138, 3156, 3174, 3197, 3218, 3241, 3252, 3268, 3291, 3308, 3336, 3355, 3385, 3405, 3420, 3438, 3453, 3467, 3502, 3521, 3532, 3545, 3560, 3583, 3599, 3617, 3635, 3649, 3666, 3697, 3717, 3738, 3759, 3778, 3797, 3815, 3838, 3862, 3886, 3911, 3946, 3971, 4005, 4038, 4062, 4083, 4097, 4126, 4149, 4176, 4210, 4242, 4272, 4295, 4323, 4351, 4375, 4399, 4428, 4446, 4463, 4485, 4502, 4520, 4540, 4566, 4582, 4601, 4622, 4626, 4644, 4661, 4687, 4701, 4725, 4746, 4761, 4779, 4802, 4817, 4836, 4853, 4870, 4894, 4921, 4944, 4967, 4984, 5006, 5022, 5042, 5061, 5083, 5104, 5124, 5146, 5170, 5189, 5231, 5252, 5275, 5296, 5327, 5346, 5368, 5388, 5414, 5435, 5457, 5477, 5501, 5524, 5543, 5563, 5585, 5608, 5639, 5677, 5718, 5748, 5762, 5783, 5799, 5821, 5851, 5877, 5905, 5938, 5956, 5979, 6014, 6054, 6096, 6128, 6145, 6170, 6185, 6202, 6212, 6223, 6261, 6315, 6361, 6413, 6461, 6504, 6548, 6576, 6590, 6608, 6644, 6667, 6690, 6712, 6740, 6763, 6781, 6808, 6840, 6855, 6871, 6888, 6901} func (i APIErrorCode) String() string { if i < 0 || i >= APIErrorCode(len(_APIErrorCode_index)-1) { diff --git a/cmd/bucket-replication-handlers.go b/cmd/bucket-replication-handlers.go index 652465185..caa54978c 100644 --- a/cmd/bucket-replication-handlers.go +++ b/cmd/bucket-replication-handlers.go @@ -18,13 +18,18 @@ package cmd import ( + "bytes" "encoding/json" "encoding/xml" + "errors" "fmt" "io" "net/http" + "path" "time" + "github.com/minio/minio-go/v7" + objectlock "github.com/minio/minio/internal/bucket/object/lock" "github.com/minio/minio/internal/bucket/replication" xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" @@ -466,3 +471,148 @@ func (api objectAPIHandlers) ResetBucketReplicationStatusHandler(w http.Response // Write success response. writeSuccessResponseJSON(w, data) } + +// ValidateBucketReplicationCredsHandler - validate replication credentials for a bucket. +// ---------- +func (api objectAPIHandlers) ValidateBucketReplicationCredsHandler(w http.ResponseWriter, r *http.Request) { + ctx := newContext(r, w, "ValidateBucketReplicationCreds") + defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) + + vars := mux.Vars(r) + bucket := vars["bucket"] + objectAPI := api.ObjectAPI() + if objectAPI == nil { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL) + return + } + if s3Error := checkRequestAuthType(ctx, r, policy.GetReplicationConfigurationAction, bucket, ""); s3Error != ErrNone { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL) + return + } + // Check if bucket exists. + if _, err := objectAPI.GetBucketInfo(ctx, bucket, BucketOptions{}); err != nil { + writeErrorResponse(ctx, w, errorCodes.ToAPIErrWithErr(ErrReplicationValidationError, err), r.URL) + return + } + + if versioned := globalBucketVersioningSys.Enabled(bucket); !versioned { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrReplicationNeedsVersioningError), r.URL) + return + } + replicationConfig, _, err := globalBucketMetadataSys.GetReplicationConfig(ctx, bucket) + if err != nil { + writeErrorResponse(ctx, w, errorCodes.ToAPIErrWithErr(ErrReplicationConfigurationNotFoundError, err), r.URL) + return + } + + lockEnabled := false + lcfg, _, err := globalBucketMetadataSys.GetObjectLockConfig(bucket) + if err != nil { + if !errors.Is(err, BucketObjectLockConfigNotFound{Bucket: bucket}) { + writeErrorResponse(ctx, w, errorCodes.ToAPIErrWithErr(ErrReplicationValidationError, err), r.URL) + return + } + } + if lcfg != nil { + lockEnabled = lcfg.Enabled() + } + + sameTarget, apiErr := validateReplicationDestination(ctx, bucket, replicationConfig, true) + if apiErr != noError { + writeErrorResponse(ctx, w, apiErr, r.URL) + return + } + + // Validate the bucket replication config + if err = replicationConfig.Validate(bucket, sameTarget); err != nil { + writeErrorResponse(ctx, w, errorCodes.ToAPIErrWithErr(ErrReplicationValidationError, err), r.URL) + return + } + buf := bytes.Repeat([]byte("a"), 8) + for _, rule := range replicationConfig.Rules { + if rule.Status == replication.Disabled { + continue + } + clnt := globalBucketTargetSys.GetRemoteTargetClient(ctx, rule.Destination.Bucket) + if clnt == nil { + writeErrorResponse(ctx, w, errorCodes.ToAPIErrWithErr(ErrRemoteTargetNotFoundError, fmt.Errorf("replication config with rule ID %s has a stale target", rule.ID)), r.URL) + return + } + if lockEnabled { + lock, _, _, _, err := clnt.GetObjectLockConfig(ctx, clnt.Bucket) + if err != nil { + writeErrorResponse(ctx, w, errorCodes.ToAPIErrWithErr(ErrReplicationValidationError, err), r.URL) + return + } + if lock != objectlock.Enabled { + writeErrorResponse(ctx, w, errorCodes.ToAPIErrWithErr(ErrReplicationDestinationMissingLock, fmt.Errorf("target bucket %s is not object lock enabled", clnt.Bucket)), r.URL) + return + } + } + vcfg, err := clnt.GetBucketVersioning(ctx, clnt.Bucket) + if err != nil { + writeErrorResponse(ctx, w, errorCodes.ToAPIErrWithErr(ErrReplicationValidationError, err), r.URL) + return + } + if !vcfg.Enabled() { + writeErrorResponse(ctx, w, errorCodes.ToAPIErrWithErr(ErrRemoteTargetNotVersionedError, fmt.Errorf("target bucket %s is not versioned", clnt.Bucket)), r.URL) + return + } + if sameTarget && bucket == clnt.Bucket { + writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrBucketRemoteIdenticalToSource), r.URL) + return + } + + reader := bytes.NewReader(buf) + // fake a PutObject and RemoveObject call to validate permissions + c := &minio.Core{Client: clnt.Client} + putOpts := minio.PutObjectOptions{ + Internal: minio.AdvancedPutOptions{ + SourceVersionID: mustGetUUID(), + ReplicationStatus: minio.ReplicationStatusReplica, + SourceMTime: time.Now(), + ReplicationRequest: true, // always set this to distinguish between `mc mirror` replication and serverside + ReplicationValidityCheck: true, // set this to validate the replication config + }, + } + obj := path.Join(minioReservedBucket, globalLocalNodeNameHex, "deleteme") + ui, err := c.PutObject(ctx, clnt.Bucket, obj, reader, int64(len(buf)), "", "", putOpts) + if err != nil && !isReplicationPermissionCheck(ErrorRespToObjectError(err, bucket, obj)) { + writeErrorResponse(ctx, w, errorCodes.ToAPIErrWithErr(ErrReplicationValidationError, fmt.Errorf("s3:ReplicateObject permissions missing for replication user: %w", err)), r.URL) + return + } + + err = c.RemoveObject(ctx, clnt.Bucket, obj, minio.RemoveObjectOptions{ + VersionID: ui.VersionID, + Internal: minio.AdvancedRemoveOptions{ + ReplicationDeleteMarker: true, + ReplicationMTime: time.Now(), + ReplicationStatus: minio.ReplicationStatusReplica, + ReplicationRequest: true, // always set this to distinguish between `mc mirror` replication and serverside + ReplicationValidityCheck: true, // set this to validate the replication config + }, + }) + if err != nil && !isReplicationPermissionCheck(ErrorRespToObjectError(err, bucket, obj)) { + writeErrorResponse(ctx, w, errorCodes.ToAPIErrWithErr(ErrReplicationValidationError, fmt.Errorf("s3:ReplicateDelete permissions missing for replication user: %w", err)), r.URL) + return + } + // fake a versioned delete - to ensure deny policies are not in place + err = c.RemoveObject(ctx, clnt.Bucket, obj, minio.RemoveObjectOptions{ + VersionID: ui.VersionID, + Internal: minio.AdvancedRemoveOptions{ + ReplicationDeleteMarker: false, + ReplicationMTime: time.Now(), + ReplicationStatus: minio.ReplicationStatusReplica, + ReplicationRequest: true, // always set this to distinguish between `mc mirror` replication and serverside + ReplicationValidityCheck: true, // set this to validate the replication config + }, + }) + if err != nil && !isReplicationPermissionCheck(ErrorRespToObjectError(err, bucket, obj)) { + writeErrorResponse(ctx, w, errorCodes.ToAPIErrWithErr(ErrReplicationValidationError, fmt.Errorf("s3:ReplicateDelete/s3:DeleteObject permissions missing for replication user: %w", err)), r.URL) + return + } + } + + // Write success response. + writeSuccessResponseHeadersOnly(w) +} diff --git a/cmd/object-api-errors.go b/cmd/object-api-errors.go index ffdac9229..6e67d0490 100644 --- a/cmd/object-api-errors.go +++ b/cmd/object-api-errors.go @@ -735,3 +735,15 @@ func isErrInvalidRange(err error) bool { _, ok := err.(InvalidRange) return ok } + +// ReplicationPermissionCheck - Check if error type is ReplicationPermissionCheck. +type ReplicationPermissionCheck struct{} + +func (e ReplicationPermissionCheck) Error() string { + return "Replication permission validation requests cannot be completed" +} + +func isReplicationPermissionCheck(err error) bool { + _, ok := err.(ReplicationPermissionCheck) + return ok +} diff --git a/cmd/object-handlers.go b/cmd/object-handlers.go index d6236e6be..195a7a790 100644 --- a/cmd/object-handlers.go +++ b/cmd/object-handlers.go @@ -1707,6 +1707,12 @@ func (api objectAPIHandlers) PutObjectHandler(w http.ResponseWriter, r *http.Req } } + if _, ok := r.Header[xhttp.MinIOSourceReplicationCheck]; ok { + // requests to just validate replication settings and permissions are not allowed to write data + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrReplicationPermissionCheckError), r.URL) + return + } + if err := enforceBucketQuotaHard(ctx, bucket, size); err != nil { writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL) return @@ -2297,6 +2303,11 @@ func (api objectAPIHandlers) DeleteObjectHandler(w http.ResponseWriter, r *http. writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL) return } + if _, ok := r.Header[xhttp.MinIOSourceReplicationCheck]; ok { + // requests to just validate replication settings and permissions are not allowed to delete data + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrReplicationPermissionCheckError), r.URL) + return + } replica := r.Header.Get(xhttp.AmzBucketReplicationStatus) == replication.Replica.String() if replica { diff --git a/cmd/utils.go b/cmd/utils.go index 9d7a31f5f..4ee211efc 100644 --- a/cmd/utils.go +++ b/cmd/utils.go @@ -155,6 +155,8 @@ func ErrorRespToObjectError(err error, params ...string) error { err = InvalidUploadID{} case "EntityTooSmall": err = PartTooSmall{} + case "ReplicationPermissionCheck": + err = ReplicationPermissionCheck{} } if minioErr.StatusCode == http.StatusMethodNotAllowed { diff --git a/go.mod b/go.mod index 525809671..4a364fd77 100644 --- a/go.mod +++ b/go.mod @@ -240,3 +240,5 @@ require ( gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) + +replace github.com/minio/minio-go/v7 => github.com/poornas/minio-go/v7 v7.0.0-20230626172553-323371271282 diff --git a/go.sum b/go.sum index 5908890af..a2bbe30a6 100644 --- a/go.sum +++ b/go.sum @@ -490,8 +490,6 @@ github.com/minio/mc v0.0.0-20230706154612-72958227ad65/go.mod h1:41ndsUBIAA/dRjO github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= github.com/minio/minio-go/v6 v6.0.46/go.mod h1:qD0lajrGW49lKZLtXKtCB4X/qkMf0a5tBvN2PaZg7Gg= -github.com/minio/minio-go/v7 v7.0.59 h1:lxIXwsTIcQkYoEG25rUJbzpmSB/oWeVDmxFo/uWUUsw= -github.com/minio/minio-go/v7 v7.0.59/go.mod h1:NUDy4A4oXPq1l2yK6LTSvCEzAMeIcoz9lcj5dbzSrRE= github.com/minio/mux v1.9.0 h1:dWafQFyEfGhJvK6AwLOt83bIG5bxKxKJnKMCi0XAaoA= github.com/minio/mux v1.9.0/go.mod h1:1pAare17ZRL5GpmNL+9YmqHoWnLmMZF9C/ioUCfy0BQ= github.com/minio/pkg v1.7.5 h1:UOUJjewE5zoaDPlCMJtNx/swc1jT1ZR+IajT7hrLd44= @@ -588,6 +586,8 @@ github.com/pkg/xattr v0.4.9 h1:5883YPCtkSd8LFbs13nXplj9g9tlrwoJRjgpgMu1/fE= github.com/pkg/xattr v0.4.9/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/poornas/minio-go/v7 v7.0.0-20230626172553-323371271282 h1:q4yLMplXfMK+Wqfbutu2cPVVQgjOe0Fbp/0nb0KsZk8= +github.com/poornas/minio-go/v7 v7.0.0-20230626172553-323371271282/go.mod h1:NUDy4A4oXPq1l2yK6LTSvCEzAMeIcoz9lcj5dbzSrRE= github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= diff --git a/internal/http/headers.go b/internal/http/headers.go index 9d989279f..fc40627bb 100644 --- a/internal/http/headers.go +++ b/internal/http/headers.go @@ -199,6 +199,8 @@ const ( MinIOSourceProxyRequest = "X-Minio-Source-Proxy-Request" // Header indicates that this request is a replication request to create a REPLICA MinIOSourceReplicationRequest = "X-Minio-Source-Replication-Request" + // Header checks replication permissions without actually completing replication + MinIOSourceReplicationCheck = "X-Minio-Source-Replication-Check" // Header indicates replication reset status. MinIOReplicationResetStatus = "X-Minio-Replication-Reset-Status" // Header indicating target cluster can receive delete marker replication requests because object has been replicated