Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: handling of no inline policy for service acc. #3221

Merged
merged 1 commit into from
Feb 29, 2024
Merged

fix: handling of no inline policy for service acc. #3221

merged 1 commit into from
Feb 29, 2024

Conversation

donatello
Copy link
Member

When no inline policy is specified for a service account, stop sending null as the policy JSON value to the create service account API endpoint.

Also, skip the unnecessary console side validation of the policy JSON as the create-service-account API already does this - no client-server round-trip is saved by doing it. Console was also re-encoding the user provided JSON due to this - now this is prevented as well.

This is part of the remaining work mentioned in
minio/minio#18945

@donatello donatello force-pushed the svc-acct-create branch 3 times, most recently from 6e820e2 to fd03a73 Compare February 1, 2024 23:40
@donatello
Copy link
Member Author

IIUC, the last failure is not related to this PR - I've tried re-running it.

vadmeste
vadmeste previously approved these changes Feb 2, 2024
View reviewed changes
Copy link
Member

@vadmeste vadmeste left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@donatello
Copy link
Member Author

Could I get a review please @bexsoft @prakashsvmx

harshavardhana
harshavardhana previously approved these changes Feb 5, 2024
View reviewed changes
@harshavardhana
Copy link
Member

Some test is failing can you add more logs here @donatello

=== NAME  TestObjectGet
    objects_test.go:194: 
        	Error Trace:	/home/runner/work/console/console/integration/objects_test.go:194
        	Error:      	Not equal: 
        	            	expected: 400
        	            	actual  : 500
        	Test:       	TestObjectGet
        	Messages:   	Get Invalid Range of bytes returned the wrong status code
=== RUN   TestObjectGet/Get_Larger_Range_of_bytes_empty_start
=== RUN   TestObjectGet/Get_invalid_seek_start_Range_of_bytes
=== NAME  TestObjectGet
    objects_test.go:194: 
        	Error Trace:	/home/runner/work/console/console/integration/objects_test.go:194
        	Error:      	Not equal: 
        	            	expected: 400
        	            	actual  : 500
        	Test:       	TestObjectGet
        	Messages:   	Get invalid seek start Range of bytes returned the wrong status code
=== RUN   TestObjectGet/Bad_Preview_Object
=== RUN   TestObjectGet/Bad_Version_Preview_Object
=== NAME  TestObjectGet
    objects_test.go:194: 
        	Error Trace:	/home/runner/work/console/console/integration/objects_test.go:194
        	Error:      	Not equal: 
        	            	expected: 400
        	            	actual  : 500
        	Test:       	TestObjectGet
        	Messages:   	Bad Version Preview Object returned the wrong status code
--- FAIL: TestObjectGet (0.07s)

@donatello
Copy link
Member Author

Some test is failing can you add more logs here @donatello

=== NAME  TestObjectGet
    objects_test.go:194: 
        	Error Trace:	/home/runner/work/console/console/integration/objects_test.go:194
        	Error:      	Not equal: 
        	            	expected: 400
        	            	actual  : 500
        	Test:       	TestObjectGet
        	Messages:   	Get Invalid Range of bytes returned the wrong status code
=== RUN   TestObjectGet/Get_Larger_Range_of_bytes_empty_start
=== RUN   TestObjectGet/Get_invalid_seek_start_Range_of_bytes
=== NAME  TestObjectGet
    objects_test.go:194: 
        	Error Trace:	/home/runner/work/console/console/integration/objects_test.go:194
        	Error:      	Not equal: 
        	            	expected: 400
        	            	actual  : 500
        	Test:       	TestObjectGet
        	Messages:   	Get invalid seek start Range of bytes returned the wrong status code
=== RUN   TestObjectGet/Bad_Preview_Object
=== RUN   TestObjectGet/Bad_Version_Preview_Object
=== NAME  TestObjectGet
    objects_test.go:194: 
        	Error Trace:	/home/runner/work/console/console/integration/objects_test.go:194
        	Error:      	Not equal: 
        	            	expected: 400
        	            	actual  : 500
        	Test:       	TestObjectGet
        	Messages:   	Bad Version Preview Object returned the wrong status code
--- FAIL: TestObjectGet (0.07s)

@harshavardhana @bexsoft It looks like some bug in the console only - the integration test is calling some API endpoints in the console and it is returning 500s - this is not a minio server response I check that running trace and it looks good. These errors are happening in other PRs for console as well.

Console responses are logged in this PR now, but they didn't provide much more info:

console/integration$ go test -v -run TestObjectGet .
sleeping
start server
=== RUN   TestObjectGet
=== RUN   TestObjectGet/Preview_Object
Console server Response: &{200 OK 200 HTTP/1.1 1 1 map[Content-Disposition:[attachment; filename="myobject"] Content-Length:[8] Content-Type:[application/octet-stream] Date:[Mon, 05 Feb 2024 22:56:56 GMT] Last-Modified:[Mon, 05 Feb 2024 22:56:56 GMT] Server:[MinIO Console] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[DENY] X-Xss-Protection:[1; mode=block]] 0xc001504620 8 [] true false map[] 0xc000511900 <nil>}
Err: <nil>
=== RUN   TestObjectGet/Preview_image
Console server Response: &{200 OK 200 HTTP/1.1 1 1 map[Content-Disposition:[attachment; filename="myobject.jpg"] Content-Length:[8] Content-Type:[image/jpeg] Date:[Mon, 05 Feb 2024 22:56:56 GMT] Last-Modified:[Mon, 05 Feb 2024 22:56:56 GMT] Server:[MinIO Console] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[DENY] X-Xss-Protection:[1; mode=block]] 0xc000e97680 8 [] true false map[] 0xc0012b9a00 <nil>}
Err: <nil>
=== RUN   TestObjectGet/Get_Range_of_bytes
Console server Response: &{206 Partial Content 206 HTTP/1.1 1 1 map[Accept-Ranges:[bytes] Access-Control-Allow-Origin:[*] Content-Disposition:[attachment; filename="myobject.jpg"] Content-Length:[4] Content-Range:[bytes 1-4/8] Content-Type:[image/jpeg] Date:[Mon, 05 Feb 2024 22:56:56 GMT] Last-Modified:[Mon, 05 Feb 2024 22:56:56 GMT] Server:[MinIO Console] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[DENY] X-Xss-Protection:[1; mode=block]] 0xc0008ca620 4 [] true false map[] 0xc001518700 <nil>}
Err: <nil>
=== RUN   TestObjectGet/Get_Range_of_bytes_empty_start
Console server Response: &{206 Partial Content 206 HTTP/1.1 1 1 map[Accept-Ranges:[bytes] Access-Control-Allow-Origin:[*] Content-Disposition:[attachment; filename="myobject.jpg"] Content-Length:[4] Content-Range:[bytes 4-7/8] Content-Type:[image/jpeg] Date:[Mon, 05 Feb 2024 22:56:56 GMT] Last-Modified:[Mon, 05 Feb 2024 22:56:56 GMT] Server:[MinIO Console] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[DENY] X-Xss-Protection:[1; mode=block]] 0xc0015049c0 4 [] true false map[] 0xc000c82e00 <nil>}
Err: <nil>
=== RUN   TestObjectGet/Get_Invalid_Range_of_bytes
Console server Response: &{500 Internal Server Error 500 HTTP/1.1 1 1 map[Content-Length:[61] Content-Type:[text/plain; charset=utf-8] Date:[Mon, 05 Feb 2024 22:56:56 GMT] Server:[MinIO Console] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[DENY] X-Xss-Protection:[1; mode=block]] 0xc0012a8cc0 61 [] true false map[] 0xc000c74700 <nil>}
Err: <nil>
=== NAME  TestObjectGet
    objects_test.go:195: 
        	Error Trace:	/home/aditya/Code/minio/go/minio-wrksp/console/integration/objects_test.go:195
        	Error:      	Not equal: 
        	            	expected: 400
        	            	actual  : 500
        	Test:       	TestObjectGet
        	Messages:   	Get Invalid Range of bytes returned the wrong status code
=== RUN   TestObjectGet/Get_Larger_Range_of_bytes_empty_start
Console server Response: &{206 Partial Content 206 HTTP/1.1 1 1 map[Accept-Ranges:[bytes] Access-Control-Allow-Origin:[*] Content-Disposition:[attachment; filename="myobject.jpg"] Content-Length:[8] Content-Range:[bytes 0-7/8] Content-Type:[image/jpeg] Date:[Mon, 05 Feb 2024 22:56:56 GMT] Last-Modified:[Mon, 05 Feb 2024 22:56:56 GMT] Server:[MinIO Console] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[DENY] X-Xss-Protection:[1; mode=block]] 0xc0008cb560 8 [] true false map[] 0xc000e4a000 <nil>}
Err: <nil>
=== RUN   TestObjectGet/Get_invalid_seek_start_Range_of_bytes
Console server Response: &{500 Internal Server Error 500 HTTP/1.1 1 1 map[Content-Length:[62] Content-Type:[text/plain; charset=utf-8] Date:[Mon, 05 Feb 2024 22:56:56 GMT] Server:[MinIO Console] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[DENY] X-Xss-Protection:[1; mode=block]] 0xc001504c00 62 [] true false map[] 0xc000c83b00 <nil>}
Err: <nil>
=== NAME  TestObjectGet
    objects_test.go:195: 
        	Error Trace:	/home/aditya/Code/minio/go/minio-wrksp/console/integration/objects_test.go:195
        	Error:      	Not equal: 
        	            	expected: 400
        	            	actual  : 500
        	Test:       	TestObjectGet
        	Messages:   	Get invalid seek start Range of bytes returned the wrong status code
=== RUN   TestObjectGet/Bad_Preview_Object
Console server Response: &{400 Bad Request 400 HTTP/1.1 1 1 map[Content-Length:[105] Content-Type:[application/octet-stream] Date:[Mon, 05 Feb 2024 22:56:56 GMT] Server:[MinIO Console] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[DENY] X-Xss-Protection:[1; mode=block]] 0xc0008cb740 105 [] true false map[] 0xc000c74b00 <nil>}
Err: <nil>
=== RUN   TestObjectGet/Bad_Version_Preview_Object
Console server Response: &{500 Internal Server Error 500 HTTP/1.1 1 1 map[Content-Length:[102] Content-Type:[text/plain; charset=utf-8] Date:[Mon, 05 Feb 2024 22:56:56 GMT] Server:[MinIO Console] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[DENY] X-Xss-Protection:[1; mode=block]] 0xc0008cba20 102 [] true false map[] 0xc000c83d00 <nil>}
Err: <nil>
=== NAME  TestObjectGet
    objects_test.go:195: 
        	Error Trace:	/home/aditya/Code/minio/go/minio-wrksp/console/integration/objects_test.go:195
        	Error:      	Not equal: 
        	            	expected: 400
        	            	actual  : 500
        	Test:       	TestObjectGet
        	Messages:   	Bad Version Preview Object returned the wrong status code
--- FAIL: TestObjectGet (0.13s)
    --- PASS: TestObjectGet/Preview_Object (0.01s)
    --- PASS: TestObjectGet/Preview_image (0.01s)
    --- PASS: TestObjectGet/Get_Range_of_bytes (0.00s)
    --- PASS: TestObjectGet/Get_Range_of_bytes_empty_start (0.01s)
    --- PASS: TestObjectGet/Get_Invalid_Range_of_bytes (0.00s)
    --- PASS: TestObjectGet/Get_Larger_Range_of_bytes_empty_start (0.00s)
    --- PASS: TestObjectGet/Get_invalid_seek_start_Range_of_bytes (0.00s)
    --- PASS: TestObjectGet/Bad_Preview_Object (0.00s)
    --- PASS: TestObjectGet/Bad_Version_Preview_Object (0.00s)
FAIL
DELETE StatusCode: 404
FAIL	github.com/minio/console/integration	2.210s
FAIL

prakashsvmx
prakashsvmx previously approved these changes Feb 6, 2024
View reviewed changes
@prakashsvmx
Copy link
Member

@donatello could you check the lint failure ?

@bexsoft
Copy link
Collaborator

bexsoft commented Feb 29, 2024

Please run gofumptin api/admin_arns.go

@donatello
fix: handling of no inline policy for service acc.
35134e8 
When no inline policy is specified for a service account, stop sending
`null` as the policy JSON value to the create service account API
endpoint.

Also, skip the unnecessary console side validation of the policy JSON as
the create-service-account API already does this - no client-server
round-trip is saved by doing it. Console was also re-encoding the user
provided JSON due to this - now this is prevented as well.

This is part of the remaining work mentioned in
minio/minio#18945
@donatello
Copy link
Member Author

PR is rebased

@harshavardhana
Copy link
Member

PTAL @bexsoft @cesnietor

bexsoft
bexsoft approved these changes Feb 29, 2024
View reviewed changes
Copy link
Collaborator

@bexsoft bexsoft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bexsoft bexsoft merged commit 0afea63 into minio:master Feb 29, 2024
29 checks passed
@donatello donatello deleted the svc-acct-create branch February 29, 2024 21:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harshavardhana harshavardhana harshavardhana approved these changes

@bexsoft bexsoft bexsoft approved these changes

@vadmeste vadmeste Awaiting requested review from vadmeste

@prakashsvmx prakashsvmx Awaiting requested review from prakashsvmx

@dvaldivia dvaldivia Awaiting requested review from dvaldivia

@jinapurapu jinapurapu Awaiting requested review from jinapurapu

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@donatello @harshavardhana @prakashsvmx @bexsoft @vadmeste