rewrite logging in console (#788)

- enhance logging throughout the codebase - all packages at pkg/ should never log or perform log.Fatal() instead packages should return errors through functions. - simplified various user, group mapping and removed redundant functions. - deprecate older flags like --tls-certificate --tls-key and --tls-ca as we do not use them anymore, keep them for backward compatibility for some time.
2021-06-04 11:35:55 -07:00
parent b65f04a2b5
commit 07fbb8b8f7
41 changed files with 456 additions and 507 deletions
--- a/restapi/admin_users.go
+++ b/restapi/admin_users.go
@@ -19,7 +19,6 @@ package restapi
 import (
 	"context"
 	"fmt"
-	"log"
 	"sort"
 	"strings"

@@ -144,7 +143,7 @@ func listUsers(ctx context.Context, client MinioAdmin) ([]*models.User, error) {
 // getListUsersResponse performs listUsers() and serializes it to the handler's output
 func getListUsersResponse(session *models.Principal) (*models.ListUsersResponse, *models.Error) {
 	ctx := context.Background()
-	mAdmin, err := newMAdminClient(session)
+	mAdmin, err := newAdminClient(session)
 	if err != nil {
 		return nil, prepareError(err)
 	}
@@ -190,7 +189,7 @@ func addUser(ctx context.Context, client MinioAdmin, accessKey, secretKey *strin

 func getUserAddResponse(session *models.Principal, params admin_api.AddUserParams) (*models.User, *models.Error) {
 	ctx := context.Background()
-	mAdmin, err := newMAdminClient(session)
+	mAdmin, err := newAdminClient(session)
 	if err != nil {
 		return nil, prepareError(err)
 	}
@@ -216,7 +215,7 @@ func removeUser(ctx context.Context, client MinioAdmin, accessKey string) error
 func getRemoveUserResponse(session *models.Principal, params admin_api.RemoveUserParams) *models.Error {
 	ctx := context.Background()

-	mAdmin, err := newMAdminClient(session)
+	mAdmin, err := newAdminClient(session)
 	if err != nil {
 		return prepareError(err)
 	}
@@ -233,7 +232,6 @@ func getRemoveUserResponse(session *models.Principal, params admin_api.RemoveUse
 		return prepareError(err)
 	}

-	log.Println("User removed successfully:", params.Name)
 	return nil
 }

@@ -250,7 +248,7 @@ func getUserInfo(ctx context.Context, client MinioAdmin, accessKey string) (*mad
 func getUserInfoResponse(session *models.Principal, params admin_api.GetUserInfoParams) (*models.User, *models.Error) {
 	ctx := context.Background()

-	mAdmin, err := newMAdminClient(session)
+	mAdmin, err := newAdminClient(session)
 	if err != nil {
 		return nil, prepareError(err)
 	}
@@ -365,7 +363,7 @@ func updateUserGroups(ctx context.Context, client MinioAdmin, user string, group
 func getUpdateUserGroupsResponse(session *models.Principal, params admin_api.UpdateUserGroupsParams) (*models.User, *models.Error) {
 	ctx := context.Background()

-	mAdmin, err := newMAdminClient(session)
+	mAdmin, err := newAdminClient(session)
 	if err != nil {
 		return nil, prepareError(err)
 	}
@@ -404,7 +402,7 @@ func setUserStatus(ctx context.Context, client MinioAdmin, user string, status s
 func getUpdateUserResponse(session *models.Principal, params admin_api.UpdateUserInfoParams) (*models.User, *models.Error) {
 	ctx := context.Background()

-	mAdmin, err := newMAdminClient(session)
+	mAdmin, err := newAdminClient(session)
 	if err != nil {
 		return nil, prepareError(err)
 	}
@@ -475,7 +473,7 @@ func addUsersListToGroups(ctx context.Context, client MinioAdmin, usersToUpdate
 func getAddUsersListToGroupsResponse(session *models.Principal, params admin_api.BulkUpdateUsersGroupsParams) *models.Error {
 	ctx := context.Background()

-	mAdmin, err := newMAdminClient(session)
+	mAdmin, err := newAdminClient(session)
 	if err != nil {
 		return prepareError(err)
 	}
@@ -496,7 +494,7 @@ func getAddUsersListToGroupsResponse(session *models.Principal, params admin_api

 func getListUsersWithAccessToBucketResponse(session *models.Principal, bucket string) ([]string, *models.Error) {
 	ctx := context.Background()
-	mAdmin, err := newMAdminClient(session)
+	mAdmin, err := newAdminClient(session)
 	if err != nil {
 		return nil, prepareError(err)
 	}
@@ -530,64 +528,66 @@ func listUsersWithAccessToBucket(ctx context.Context, adminClient MinioAdmin, bu
 		return nil, prepareError(err)
 	}
 	var retval []string
-	akHasAccess := make(map[string]bool)
-	akIsDenied := make(map[string]bool)
+	akHasAccess := make(map[string]struct{})
+	akIsDenied := make(map[string]struct{})
 	for k, v := range users {
 		for _, policyName := range strings.Split(v.PolicyName, ",") {
 			policyName = strings.TrimSpace(policyName)
+			if policyName == "" {
+				continue
+			}
 			policy, err := adminClient.getPolicy(ctx, policyName)
-			if err == nil {
-				if !akIsDenied[k] {
-					switch policyAllowsAndMatchesBucket(policy, bucket) {
-					case Allow:
-						if !akHasAccess[k] {
-							akHasAccess[k] = true
-						}
-					case Deny:
-						akIsDenied[k] = true
-						akHasAccess[k] = false
+			if err != nil {
+				LogError("unable to fetch policy %s: %v", policyName, err)
+				continue
+			}
+			if _, ok := akIsDenied[k]; !ok {
+				switch policyAllowsAndMatchesBucket(policy, bucket) {
+				case Allow:
+					if _, ok := akHasAccess[k]; !ok {
+						akHasAccess[k] = struct{}{}
 					}
+				case Deny:
+					akIsDenied[k] = struct{}{}
+					delete(akHasAccess, k)
 				}
-			} else {
-				log.Println(err)
 			}
 		}
 	}

-	groups, err := listGroups(ctx, adminClient)
+	groups, err := adminClient.listGroups(ctx)
 	if err != nil {
-		log.Println(err)
+		LogError("unable to list groups: %v", err)
 		return retval, nil
 	}
-	for i := 0; i < len(*groups); i++ {
-		info, err := groupInfo(ctx, adminClient, (*groups)[i])
-		if err == nil {
-			policy, err2 := adminClient.getPolicy(ctx, info.Policy)
-			if err2 == nil {
-				for j := 0; j < len(info.Members); j++ {
-					if !akIsDenied[info.Members[j]] {
-						switch policyAllowsAndMatchesBucket(policy, bucket) {
-						case Allow:
-							if !akHasAccess[info.Members[j]] {
-								akHasAccess[info.Members[j]] = true
-							}
-						case Deny:
-							akIsDenied[info.Members[j]] = true
-							akHasAccess[info.Members[j]] = false
-						}
+
+	for _, groupName := range groups {
+		info, err := groupInfo(ctx, adminClient, groupName)
+		if err != nil {
+			LogError("unable to fetch group info %s: %v", groupName, err)
+			continue
+		}
+		policy, err := adminClient.getPolicy(ctx, info.Policy)
+		if err != nil {
+			LogError("unable to fetch group policy %s: %v", info.Policy, err)
+			continue
+		}
+		for _, member := range info.Members {
+			if _, ok := akIsDenied[member]; !ok {
+				switch policyAllowsAndMatchesBucket(policy, bucket) {
+				case Allow:
+					if _, ok := akHasAccess[member]; !ok {
+						akHasAccess[member] = struct{}{}
 					}
+				case Deny:
+					akIsDenied[member] = struct{}{}
+					delete(akHasAccess, member)
 				}
-			} else {
-				log.Println(err2)
 			}
-		} else {
-			log.Println(err)
 		}
 	}
-	for k, v := range akHasAccess {
-		if v {
-			retval = append(retval, k)
-		}
+	for k := range akHasAccess {
+		retval = append(retval, k)
 	}
 	sort.Strings(retval)
 	return retval, nil
@@ -604,7 +604,7 @@ func changeUserPassword(ctx context.Context, client MinioAdmin, selectedUser str
 // getChangeUserPasswordResponse will change the password of selctedUser to newSecretKey
 func getChangeUserPasswordResponse(session *models.Principal, params admin_api.ChangeUserPasswordParams) *models.Error {
 	ctx := context.Background()
-	mAdmin, err := newMAdminClient(session)
+	mAdmin, err := newAdminClient(session)
 	if err != nil {
 		return prepareError(err)
 	}