storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/cmd/sts-errors.go (about) 1 /* 2 * MinIO Cloud Storage, (C) 2018 MinIO, Inc. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package cmd 18 19 import ( 20 "context" 21 "encoding/xml" 22 "net/http" 23 24 xhttp "storj.io/minio/cmd/http" 25 "storj.io/minio/cmd/logger" 26 ) 27 28 // writeSTSErrorRespone writes error headers 29 func writeSTSErrorResponse(ctx context.Context, w http.ResponseWriter, isErrCodeSTS bool, errCode STSErrorCode, errCtxt error) { 30 var err STSError 31 if isErrCodeSTS { 32 err = stsErrCodes.ToSTSErr(errCode) 33 } 34 if err.Code == "InternalError" || !isErrCodeSTS { 35 aerr := GetAPIError(APIErrorCode(errCode)) 36 if aerr.Code != "InternalError" { 37 err.Code = aerr.Code 38 err.Description = aerr.Description 39 err.HTTPStatusCode = aerr.HTTPStatusCode 40 } 41 } 42 // Generate error response. 43 stsErrorResponse := STSErrorResponse{} 44 stsErrorResponse.Error.Code = err.Code 45 stsErrorResponse.RequestID = w.Header().Get(xhttp.AmzRequestID) 46 stsErrorResponse.Error.Message = err.Description 47 if errCtxt != nil { 48 stsErrorResponse.Error.Message = errCtxt.Error() 49 } 50 var logKind logger.Kind 51 switch errCode { 52 case ErrSTSInternalError, ErrSTSNotInitialized: 53 logKind = logger.Minio 54 default: 55 logKind = logger.All 56 } 57 logger.LogIf(ctx, errCtxt, logKind) 58 encodedErrorResponse := EncodeResponse(stsErrorResponse) 59 writeResponse(w, err.HTTPStatusCode, encodedErrorResponse, mimeXML) 60 } 61 62 // STSError structure 63 type STSError struct { 64 Code string 65 Description string 66 HTTPStatusCode int 67 } 68 69 // STSErrorResponse - error response format 70 type STSErrorResponse struct { 71 XMLName xml.Name `xml:"https://sts.amazonaws.com/doc/2011-06-15/ ErrorResponse" json:"-"` 72 Error struct { 73 Type string `xml:"Type"` 74 Code string `xml:"Code"` 75 Message string `xml:"Message"` 76 } `xml:"Error"` 77 RequestID string `xml:"RequestId"` 78 } 79 80 // STSErrorCode type of error status. 81 type STSErrorCode int 82 83 //go:generate stringer -type=STSErrorCode -trimprefix=Err $GOFILE 84 85 // Error codes, non exhaustive list - http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html 86 const ( 87 ErrSTSNone STSErrorCode = iota 88 ErrSTSAccessDenied 89 ErrSTSMissingParameter 90 ErrSTSInvalidParameterValue 91 ErrSTSWebIdentityExpiredToken 92 ErrSTSClientGrantsExpiredToken 93 ErrSTSInvalidClientGrantsToken 94 ErrSTSMalformedPolicyDocument 95 ErrSTSNotInitialized 96 ErrSTSInternalError 97 ) 98 99 type stsErrorCodeMap map[STSErrorCode]STSError 100 101 func (e stsErrorCodeMap) ToSTSErr(errCode STSErrorCode) STSError { 102 apiErr, ok := e[errCode] 103 if !ok { 104 return e[ErrSTSInternalError] 105 } 106 return apiErr 107 } 108 109 // error code to STSError structure, these fields carry respective 110 // descriptions for all the error responses. 111 var stsErrCodes = stsErrorCodeMap{ 112 ErrSTSAccessDenied: { 113 Code: "AccessDenied", 114 Description: "Generating temporary credentials not allowed for this request.", 115 HTTPStatusCode: http.StatusForbidden, 116 }, 117 ErrSTSMissingParameter: { 118 Code: "MissingParameter", 119 Description: "A required parameter for the specified action is not supplied.", 120 HTTPStatusCode: http.StatusBadRequest, 121 }, 122 ErrSTSInvalidParameterValue: { 123 Code: "InvalidParameterValue", 124 Description: "An invalid or out-of-range value was supplied for the input parameter.", 125 HTTPStatusCode: http.StatusBadRequest, 126 }, 127 ErrSTSWebIdentityExpiredToken: { 128 Code: "ExpiredToken", 129 Description: "The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request.", 130 HTTPStatusCode: http.StatusBadRequest, 131 }, 132 ErrSTSClientGrantsExpiredToken: { 133 Code: "ExpiredToken", 134 Description: "The client grants that was passed is expired or is not valid. Get a new client grants token from the identity provider and then retry the request.", 135 HTTPStatusCode: http.StatusBadRequest, 136 }, 137 ErrSTSInvalidClientGrantsToken: { 138 Code: "InvalidClientGrantsToken", 139 Description: "The client grants token that was passed could not be validated by MinIO.", 140 HTTPStatusCode: http.StatusBadRequest, 141 }, 142 ErrSTSMalformedPolicyDocument: { 143 Code: "MalformedPolicyDocument", 144 Description: "The request was rejected because the policy document was malformed.", 145 HTTPStatusCode: http.StatusBadRequest, 146 }, 147 ErrSTSNotInitialized: { 148 Code: "STSNotInitialized", 149 Description: "STS API not initialized, please try again.", 150 HTTPStatusCode: http.StatusServiceUnavailable, 151 }, 152 ErrSTSInternalError: { 153 Code: "InternalError", 154 Description: "We encountered an internal error generating credentials, please try again.", 155 HTTPStatusCode: http.StatusInternalServerError, 156 }, 157 }