Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check that destination server is MinIO for mc replicate add #4747

Closed
wants to merge 2 commits into from
Closed

Check that destination server is MinIO for mc replicate add #4747

wants to merge 2 commits into from

Conversation

taran-p
Copy link
Contributor

@taran-p taran-p commented Nov 8, 2023

Community Contribution License

All community contributions in this pull request are licensed to the project maintainers
under the terms of the [Apache 2 license] (https://www.apache.org/licenses/LICENSE-2.0).
By creating this pull request I represent that I have the right to license the
contributions to the project maintainers under the Apache 2 license.

Description

Verifies that the target server for a bucket replication command is MinIO

Motivation and Context

It is currently possible to replicate buckets to non-MinIO hosts, which can lead to unexpected behavior

How to test this PR?

Attempt to replicate to MinIO and non-MinIO servers.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Optimization (provides speedup with no functional changes)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • Fixes a regression (If yes, please add commit-id or PR # here)
  • Unit tests added/updated
  • Internal documentation updated
  • Create a documentation update request here

@taran-p taran-p changed the title CHeck that destination server is MinIO for mc replicate add Check that destination server is MinIO for mc replicate add Nov 8, 2023
@harshavardhana
Copy link
Member

This needs to be also on the server side @taran-p client side you don't have much context. Some times certain endpoints might return 200 OK. You should be able to perform "MinIO" only checks to make sure this is a MinIO-only server for that it needs to be done via an authenticated endpoint.

@vadmeste
Copy link
Member

vadmeste commented Nov 8, 2023

What happens if you this command is executed against AWS S3 ? no error at all ?

@taran-p
Copy link
Contributor Author

taran-p commented Nov 9, 2023

@harshavardhana do you mean I need to add an authenticated endpoint for this or does it already exist?

When I tested on S3 and GCS it errored properly.

@harshavardhana
Copy link
Member

@harshavardhana do you mean I need to add an authenticated endpoint for this or does it already exist?

It would be best if you let the MinIO server decide this where we can do specific API checks. Anyone can fake this endpoint if its purely on mc to decide.

We do not have to do a heuristical approach, we can be precise. For that, you need to let this information be sent to MinIO and then MinIO validates whether it that it's the right endpoint.

@taran-p taran-p closed this Dec 15, 2023
@taran-p taran-p mentioned this pull request Dec 15, 2023
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@taran-p @harshavardhana @vadmeste