From 0fa430c1da76699894ec192952b0dac2dd16052f Mon Sep 17 00:00:00 2001 From: Poorna Krishnamoorthy Date: Thu, 19 Nov 2020 10:38:50 -0800 Subject: [PATCH] validate service type of target in replication/ilm transition config (#10928) --- cmd/bucket-lifecycle.go | 3 +++ cmd/bucket-replication.go | 8 ++++++++ cmd/bucket-targets.go | 5 +++++ 3 files changed, 16 insertions(+) diff --git a/cmd/bucket-lifecycle.go b/cmd/bucket-lifecycle.go index 72924cc32..90d1ccf77 100644 --- a/cmd/bucket-lifecycle.go +++ b/cmd/bucket-lifecycle.go @@ -154,6 +154,9 @@ func validateTransitionDestination(ctx context.Context, bucket string, targetLab if err != nil { return false, "", BucketRemoteTargetNotFound{Bucket: bucket} } + if arn.Type != madmin.ILMService { + return false, "", BucketRemoteArnTypeInvalid{} + } clnt := globalBucketTargetSys.GetRemoteTargetClient(ctx, tgt.Arn) if clnt == nil { return false, "", BucketRemoteTargetNotFound{Bucket: bucket} diff --git a/cmd/bucket-replication.go b/cmd/bucket-replication.go index 728df5e0d..add42e4f5 100644 --- a/cmd/bucket-replication.go +++ b/cmd/bucket-replication.go @@ -34,6 +34,7 @@ import ( "github.com/minio/minio/pkg/bucket/replication" "github.com/minio/minio/pkg/event" iampolicy "github.com/minio/minio/pkg/iam/policy" + "github.com/minio/minio/pkg/madmin" ) // gets replication config associated to a given bucket name. @@ -53,6 +54,13 @@ func getReplicationConfig(ctx context.Context, bucketName string) (rc *replicati // validateReplicationDestination returns error if replication destination bucket missing or not configured // It also returns true if replication destination is same as this server. func validateReplicationDestination(ctx context.Context, bucket string, rCfg *replication.Config) (bool, error) { + arn, err := madmin.ParseARN(rCfg.RoleArn) + if err != nil { + return false, BucketRemoteArnInvalid{} + } + if arn.Type != madmin.ReplicationService { + return false, BucketRemoteArnTypeInvalid{} + } clnt := globalBucketTargetSys.GetRemoteTargetClient(ctx, rCfg.RoleArn) if clnt == nil { return false, BucketRemoteTargetNotFound{Bucket: bucket} diff --git a/cmd/bucket-targets.go b/cmd/bucket-targets.go index 7d274e80a..ddd1b0f41 100644 --- a/cmd/bucket-targets.go +++ b/cmd/bucket-targets.go @@ -125,8 +125,10 @@ func (sys *BucketTargetSys) SetTarget(ctx context.Context, bucket string, tgt *m tgts := sys.targetsMap[bucket] newtgts := make([]madmin.BucketTarget, len(tgts)) + labels := make(map[string]struct{}) found := false for idx, t := range tgts { + labels[t.Label] = struct{}{} if t.Type == tgt.Type { if t.Arn == tgt.Arn { return BucketRemoteAlreadyExists{Bucket: t.TargetBucket} @@ -140,6 +142,9 @@ func (sys *BucketTargetSys) SetTarget(ctx context.Context, bucket string, tgt *m } newtgts[idx] = t } + if _, ok := labels[tgt.Label]; ok { + return BucketRemoteLabelInUse{Bucket: tgt.TargetBucket} + } if !found { newtgts = append(newtgts, *tgt) }