diff --git a/cmd/config-common.go b/cmd/config-common.go index 8bb7dffe7..1cc9543d1 100644 --- a/cmd/config-common.go +++ b/cmd/config-common.go @@ -50,7 +50,11 @@ func readConfig(ctx context.Context, objAPI ObjectLayer, configFile string) ([]b } func deleteConfig(ctx context.Context, objAPI ObjectLayer, configFile string) error { - return objAPI.DeleteObject(ctx, minioMetaBucket, configFile) + err := objAPI.DeleteObject(ctx, minioMetaBucket, configFile) + if err != nil && isErrObjectNotFound(err) { + return errConfigNotFound + } + return err } func saveConfig(ctx context.Context, objAPI ObjectLayer, configFile string, data []byte) error { diff --git a/cmd/config-encrypted.go b/cmd/config-encrypted.go index b55074c72..102fdf5ea 100644 --- a/cmd/config-encrypted.go +++ b/cmd/config-encrypted.go @@ -50,7 +50,6 @@ func handleEncryptedConfigBackend(objAPI ObjectLayer, server bool) error { rquorum := InsufficientReadQuorum{} wquorum := InsufficientWriteQuorum{} - bucketNotFound := BucketNotFound{} for !stop { select { @@ -58,7 +57,7 @@ func handleEncryptedConfigBackend(objAPI ObjectLayer, server bool) error { if encrypted, err = checkBackendEncrypted(objAPI); err != nil { if errors.Is(err, errDiskNotFound) || errors.As(err, &rquorum) || - errors.As(err, &bucketNotFound) { + isErrBucketNotFound(err) { logger.Info("Waiting for config backend to be encrypted..") continue } @@ -108,7 +107,7 @@ func handleEncryptedConfigBackend(objAPI ObjectLayer, server bool) error { if errors.Is(err, errDiskNotFound) || errors.As(err, &rquorum) || errors.As(err, &wquorum) || - errors.As(err, &bucketNotFound) { + isErrBucketNotFound(err) { logger.Info("Waiting for config backend to be encrypted..") continue } diff --git a/cmd/iam-object-store.go b/cmd/iam-object-store.go index f7efe7a6a..adf7870e5 100644 --- a/cmd/iam-object-store.go +++ b/cmd/iam-object-store.go @@ -233,11 +233,7 @@ func (iamOS *IAMObjectStore) loadIAMConfig(item interface{}, path string) error } func (iamOS *IAMObjectStore) deleteIAMConfig(path string) error { - err := deleteConfig(iamOS.ctx, iamOS.objAPI, path) - if _, ok := err.(ObjectNotFound); ok { - return errConfigNotFound - } - return err + return deleteConfig(iamOS.ctx, iamOS.objAPI, path) } func (iamOS *IAMObjectStore) loadPolicyDoc(policy string, m map[string]iampolicy.Policy) error { @@ -428,10 +424,12 @@ func (iamOS *IAMObjectStore) loadAll(ctx context.Context, sys *IAMSys) error { if err := iamOS.loadPolicyDocs(ctx, iamPolicyDocsMap); err != nil { return err } + // load STS temp users if err := iamOS.loadUsers(ctx, stsUser, iamUsersMap); err != nil { return err } + if isMinIOUsersSys { if err := iamOS.loadUsers(ctx, regularUser, iamUsersMap); err != nil { return err @@ -442,15 +440,18 @@ func (iamOS *IAMObjectStore) loadAll(ctx context.Context, sys *IAMSys) error { if err := iamOS.loadGroups(ctx, iamGroupsMap); err != nil { return err } + } - if err := iamOS.loadMappedPolicies(ctx, regularUser, false, iamUserPolicyMap); err != nil { - return err - } + // load polices mapped to users + if err := iamOS.loadMappedPolicies(ctx, regularUser, false, iamUserPolicyMap); err != nil { + return err } + // load STS policy mappings if err := iamOS.loadMappedPolicies(ctx, stsUser, false, iamUserPolicyMap); err != nil { return err } + // load policies mapped to groups if err := iamOS.loadMappedPolicies(ctx, regularUser, true, iamGroupPolicyMap); err != nil { return err diff --git a/cmd/iam.go b/cmd/iam.go index e918c6be6..03136ee6c 100644 --- a/cmd/iam.go +++ b/cmd/iam.go @@ -404,8 +404,7 @@ func (sys *IAMSys) DeletePolicy(policyName string) error { defer sys.store.unlock() err := sys.store.deletePolicyDoc(policyName) - switch err.(type) { - case ObjectNotFound: + if err == errNoSuchPolicy { // Ignore error if policy is already deleted. err = nil } @@ -417,7 +416,6 @@ func (sys *IAMSys) DeletePolicy(policyName string) error { var usersType []IAMUserType for u, mp := range sys.iamUserPolicyMap { if mp.Policy == policyName { - usersToDel = append(usersToDel, u) cr, ok := sys.iamUsersMap[u] if !ok { // This case cannot happen @@ -429,6 +427,7 @@ func (sys *IAMSys) DeletePolicy(policyName string) error { } else { usersType = append(usersType, regularUser) } + usersToDel = append(usersToDel, u) } } for i, u := range usersToDel { @@ -538,8 +537,7 @@ func (sys *IAMSys) DeleteUser(accessKey string) error { // It is ok to ignore deletion error on the mapped policy sys.store.deleteMappedPolicy(accessKey, regularUser, false) err := sys.store.deleteUserIdentity(accessKey, regularUser) - switch err.(type) { - case ObjectNotFound: + if err == errNoSuchUser { // ignore if user is already deleted. err = nil } @@ -1020,14 +1018,11 @@ func (sys *IAMSys) RemoveUsersFromGroup(group string, members []string) error { // len(gi.Members) == 0 here. // Remove the group from storage. First delete the - // mapped policy. - err := sys.store.deleteMappedPolicy(group, regularUser, true) - // No-mapped-policy case is ignored. - if err != nil && err != errNoSuchPolicy { + // mapped policy. No-mapped-policy case is ignored. + if err := sys.store.deleteMappedPolicy(group, regularUser, true); err != nil && err != errNoSuchPolicy { return err } - err = sys.store.deleteGroupInfo(group) - if err != nil { + if err := sys.store.deleteGroupInfo(group); err != nil && err != errNoSuchGroup { return err } @@ -1195,7 +1190,7 @@ func (sys *IAMSys) policyDBSet(name, policy string, userType IAMUserType, isGrou // Handle policy mapping removal if policy == "" { - if err := sys.store.deleteMappedPolicy(name, userType, isGroup); err != nil { + if err := sys.store.deleteMappedPolicy(name, userType, isGroup); err != nil && err != errNoSuchPolicy { return err } if !isGroup { diff --git a/pkg/madmin/retry.go b/pkg/madmin/retry.go index 5e8b9b251..0f6ff9c61 100644 --- a/pkg/madmin/retry.go +++ b/pkg/madmin/retry.go @@ -168,6 +168,7 @@ func isS3CodeRetryable(s3Code string) (ok bool) { // List of HTTP status codes which are retryable. var retryableHTTPStatusCodes = map[int]struct{}{ + http.StatusRequestTimeout: {}, http.StatusTooManyRequests: {}, http.StatusInternalServerError: {}, http.StatusBadGateway: {},