From e7c902bbbca21cc768615b166f1dda4098306851 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Tue, 18 Dec 2018 13:03:26 -0800 Subject: [PATCH] Return proper errors when admin API is not initialized (#6988) Especially in gateway IAM admin APIs are not enabled if etcd is not enabled, we should enable admin API though but only enable IAM and Config APIs with etcd configured. --- cmd/admin-handlers_test.go | 2 +- cmd/admin-router.go | 62 ++++++++++++++++++++------------------ cmd/gateway-main.go | 10 ++++-- cmd/handler-utils.go | 6 ++++ cmd/routers.go | 4 +-- 5 files changed, 48 insertions(+), 36 deletions(-) diff --git a/cmd/admin-handlers_test.go b/cmd/admin-handlers_test.go index dd1d85664..10af25d72 100644 --- a/cmd/admin-handlers_test.go +++ b/cmd/admin-handlers_test.go @@ -277,7 +277,7 @@ func prepareAdminXLTestBed() (*adminXLTestBed, error) { // Setup admin mgmt REST API handlers. adminRouter := mux.NewRouter() - registerAdminRouter(adminRouter) + registerAdminRouter(adminRouter, true) return &adminXLTestBed{ xlDirs: xlDirs, diff --git a/cmd/admin-router.go b/cmd/admin-router.go index 4657bbccb..7f6562780 100644 --- a/cmd/admin-router.go +++ b/cmd/admin-router.go @@ -31,7 +31,7 @@ type adminAPIHandlers struct { } // registerAdminRouter - Add handler functions for each service REST API routes. -func registerAdminRouter(router *mux.Router) { +func registerAdminRouter(router *mux.Router, enableIAM bool) { adminAPI := adminAPIHandlers{} // Admin router @@ -69,42 +69,44 @@ func registerAdminRouter(router *mux.Router) { /// Config operations - // Update credentials - adminV1Router.Methods(http.MethodPut).Path("/config/credential").HandlerFunc(httpTraceHdrs(adminAPI.UpdateAdminCredentialsHandler)) - // Get config - adminV1Router.Methods(http.MethodGet).Path("/config").HandlerFunc(httpTraceHdrs(adminAPI.GetConfigHandler)) - // Set config - adminV1Router.Methods(http.MethodPut).Path("/config").HandlerFunc(httpTraceHdrs(adminAPI.SetConfigHandler)) + if enableIAM { + // Update credentials + adminV1Router.Methods(http.MethodPut).Path("/config/credential").HandlerFunc(httpTraceHdrs(adminAPI.UpdateAdminCredentialsHandler)) + // Get config + adminV1Router.Methods(http.MethodGet).Path("/config").HandlerFunc(httpTraceHdrs(adminAPI.GetConfigHandler)) + // Set config + adminV1Router.Methods(http.MethodPut).Path("/config").HandlerFunc(httpTraceHdrs(adminAPI.SetConfigHandler)) - // Get config keys/values - adminV1Router.Methods(http.MethodGet).Path("/config-keys").HandlerFunc(httpTraceHdrs(adminAPI.GetConfigKeysHandler)) - // Set config keys/values - adminV1Router.Methods(http.MethodPut).Path("/config-keys").HandlerFunc(httpTraceHdrs(adminAPI.SetConfigKeysHandler)) + // Get config keys/values + adminV1Router.Methods(http.MethodGet).Path("/config-keys").HandlerFunc(httpTraceHdrs(adminAPI.GetConfigKeysHandler)) + // Set config keys/values + adminV1Router.Methods(http.MethodPut).Path("/config-keys").HandlerFunc(httpTraceHdrs(adminAPI.SetConfigKeysHandler)) - // -- IAM APIs -- + // -- IAM APIs -- - // Add policy IAM - adminV1Router.Methods(http.MethodPut).Path("/add-canned-policy").HandlerFunc(httpTraceHdrs(adminAPI.AddCannedPolicy)).Queries("name", "{name:.*}") + // Add policy IAM + adminV1Router.Methods(http.MethodPut).Path("/add-canned-policy").HandlerFunc(httpTraceHdrs(adminAPI.AddCannedPolicy)).Queries("name", "{name:.*}") - // Add user IAM - adminV1Router.Methods(http.MethodPut).Path("/add-user").HandlerFunc(httpTraceHdrs(adminAPI.AddUser)).Queries("accessKey", "{accessKey:.*}") - adminV1Router.Methods(http.MethodPut).Path("/set-user-policy").HandlerFunc(httpTraceHdrs(adminAPI.SetUserPolicy)). - Queries("accessKey", "{accessKey:.*}").Queries("name", "{name:.*}") - adminV1Router.Methods(http.MethodPut).Path("/set-user-status").HandlerFunc(httpTraceHdrs(adminAPI.SetUserStatus)). - Queries("accessKey", "{accessKey:.*}").Queries("status", "{status:.*}") + // Add user IAM + adminV1Router.Methods(http.MethodPut).Path("/add-user").HandlerFunc(httpTraceHdrs(adminAPI.AddUser)).Queries("accessKey", "{accessKey:.*}") + adminV1Router.Methods(http.MethodPut).Path("/set-user-policy").HandlerFunc(httpTraceHdrs(adminAPI.SetUserPolicy)). + Queries("accessKey", "{accessKey:.*}").Queries("name", "{name:.*}") + adminV1Router.Methods(http.MethodPut).Path("/set-user-status").HandlerFunc(httpTraceHdrs(adminAPI.SetUserStatus)). + Queries("accessKey", "{accessKey:.*}").Queries("status", "{status:.*}") - // Remove policy IAM - adminV1Router.Methods(http.MethodDelete).Path("/remove-canned-policy").HandlerFunc(httpTraceHdrs(adminAPI.RemoveCannedPolicy)).Queries("name", "{name:.*}") + // Remove policy IAM + adminV1Router.Methods(http.MethodDelete).Path("/remove-canned-policy").HandlerFunc(httpTraceHdrs(adminAPI.RemoveCannedPolicy)).Queries("name", "{name:.*}") - // Remove user IAM - adminV1Router.Methods(http.MethodDelete).Path("/remove-user").HandlerFunc(httpTraceHdrs(adminAPI.RemoveUser)).Queries("accessKey", "{accessKey:.*}") + // Remove user IAM + adminV1Router.Methods(http.MethodDelete).Path("/remove-user").HandlerFunc(httpTraceHdrs(adminAPI.RemoveUser)).Queries("accessKey", "{accessKey:.*}") - // List users - adminV1Router.Methods(http.MethodGet).Path("/list-users").HandlerFunc(httpTraceHdrs(adminAPI.ListUsers)) + // List users + adminV1Router.Methods(http.MethodGet).Path("/list-users").HandlerFunc(httpTraceHdrs(adminAPI.ListUsers)) - // List policies - adminV1Router.Methods(http.MethodGet).Path("/list-canned-policies").HandlerFunc(httpTraceHdrs(adminAPI.ListCannedPolicies)) + // List policies + adminV1Router.Methods(http.MethodGet).Path("/list-canned-policies").HandlerFunc(httpTraceHdrs(adminAPI.ListCannedPolicies)) + } - // If none of the routes match. - adminV1Router.NotFoundHandler = http.HandlerFunc(httpTraceHdrs(notFoundHandler)) + // If none of the routes match, return error. + adminV1Router.NotFoundHandler = http.HandlerFunc(httpTraceHdrs(notFoundHandlerJSON)) } diff --git a/cmd/gateway-main.go b/cmd/gateway-main.go index 2ab9fad38..29e18ce83 100644 --- a/cmd/gateway-main.go +++ b/cmd/gateway-main.go @@ -173,11 +173,12 @@ func StartGateway(ctx *cli.Context, gw Gateway) { if globalEtcdClient != nil { // Enable STS router if etcd is enabled. registerSTSRouter(router) - - // Enable admin router if etcd is enabled. - registerAdminRouter(router) } + // Enable IAM admin APIs if etcd is enabled, if not just enable basic + // operations such as profiling, server info etc. + registerAdminRouter(router, globalEtcdClient != nil) + // Add healthcheck router registerHealthCheckRouter(router) @@ -307,5 +308,8 @@ func StartGateway(ctx *cli.Context, gw Gateway) { printGatewayStartupMessage(getAPIEndpoints(), gatewayName) } + // Set uptime time after object layer has initialized. + globalBootTime = UTCNow() + handleSignals() } diff --git a/cmd/handler-utils.go b/cmd/handler-utils.go index f6cf7dcf1..dc38c9425 100644 --- a/cmd/handler-utils.go +++ b/cmd/handler-utils.go @@ -351,6 +351,12 @@ func getResource(path string, host string, domain string) (string, error) { return slashSeparator + pathJoin(bucket, path), nil } +// If none of the http routes match respond with MethodNotAllowed, in JSON +func notFoundHandlerJSON(w http.ResponseWriter, r *http.Request) { + writeErrorResponseJSON(w, ErrMethodNotAllowed, r.URL) + return +} + // If none of the http routes match respond with MethodNotAllowed func notFoundHandler(w http.ResponseWriter, r *http.Request) { writeErrorResponse(w, ErrMethodNotAllowed, r.URL, guessIsBrowserReq(r)) diff --git a/cmd/routers.go b/cmd/routers.go index 761b8c02b..d33db75da 100644 --- a/cmd/routers.go +++ b/cmd/routers.go @@ -107,8 +107,8 @@ func configureServerHandler(endpoints EndpointList) (http.Handler, error) { // Add Admin RPC router registerAdminRPCRouter(router) - // Add Admin router. - registerAdminRouter(router) + // Add Admin router, all APIs are enabled in server mode. + registerAdminRouter(router, true) // Add healthcheck router registerHealthCheckRouter(router)