check for quorum errors for DeleteBucket() (minio#16859)

jettjia · Mar 21, 2023 · fb1492f · fb1492f
1 parent d14ead7
commit fb1492f
Show file tree

Hide file tree

Showing 17 changed files with 55 additions and 58 deletions.
diff --git a/cmd/admin-handlers-users.go b/cmd/admin-handlers-users.go
@@ -1956,7 +1956,7 @@ func (a adminAPIHandlers) DetachPolicyBuiltin(w http.ResponseWriter, r *http.Req
 			UserOrGroup: userOrGroup,
 			UserType:    int(userType),
 			IsGroup:     isGroup,
-			Policy:      strings.Join(policiesToDetach, ","),
+			Policy:      newPolicies,
 		},
 		UpdatedAt: updatedAt,
 	}))

diff --git a/cmd/peer-s3-client.go b/cmd/peer-s3-client.go
@@ -167,7 +167,7 @@ func (sys *S3PeerSys) GetBucketInfo(ctx context.Context, bucket string, opts Buc
 
 	quorum := (len(sys.allPeerClients) / 2)
 	if err = reduceReadQuorumErrs(ctx, errs, bucketOpIgnoredErrs, quorum); err != nil {
-		return BucketInfo{}, err
+		return BucketInfo{}, toObjectErr(err, bucket)
 	}
 
 	for i, err := range errs {
@@ -266,12 +266,9 @@ func (sys *S3PeerSys) DeleteBucket(ctx context.Context, bucket string, opts Dele
 	errs := g.Wait()
 	errs = append(errs, deleteBucketLocal(ctx, bucket, opts))
 
-	for _, err := range errs {
-		if err != nil {
-			return err
-		}
-	}
-	return nil
+	quorum := (len(sys.allPeerClients) / 2) + 1
+	err := reduceWriteQuorumErrs(ctx, errs, bucketOpIgnoredErrs, quorum)
+	return toObjectErr(err, bucket)
 }
 
 // DeleteBucket deletes bucket on a peer

diff --git a/docs/bucket/replication/setup_replication.sh b/docs/bucket/replication/setup_replication.sh
@@ -38,11 +38,11 @@ cat > repladmin-policy-source.json <<EOF
     ]
    }
 EOF
-mc admin policy add source repladmin-policy ./repladmin-policy-source.json
+mc admin policy create source repladmin-policy ./repladmin-policy-source.json
 cat ./repladmin-policy-source.json
 
 #assign this replication policy to repladmin
-mc admin policy set source repladmin-policy user=repladmin
+mc admin policy attach source repladmin-policy --user=repladmin
 
 ### on dest alias
 # Create a replication user : repluser on dest alias
@@ -90,11 +90,11 @@ cat > replpolicy.json <<EOF
  ]
 }
 EOF
-mc admin policy add dest replpolicy ./replpolicy.json
+mc admin policy create dest replpolicy ./replpolicy.json
 cat ./replpolicy.json
 
 # assign this replication policy to repluser
-mc admin policy set dest replpolicy user=repluser
+mc admin policy attach dest replpolicy --user=repluser
 
 # configure replication config to remote bucket at http://localhost:9000
 mc replicate add source/bucket --priority 1 --remote-bucket http://repluser:repluser123@localhost:9000/bucket \

diff --git a/docs/distributed/decom-compressed-sse-s3.sh b/docs/distributed/decom-compressed-sse-s3.sh
@@ -29,11 +29,11 @@ sleep 2
 ./mc admin user add myminio/ minio123 minio123
 ./mc admin user add myminio/ minio12345 minio12345
 
-./mc admin policy add myminio/ rw ./docs/distributed/rw.json
-./mc admin policy add myminio/ lake ./docs/distributed/rw.json
+./mc admin policy create myminio/ rw ./docs/distributed/rw.json
+./mc admin policy create myminio/ lake ./docs/distributed/rw.json
 
-./mc admin policy set myminio/ rw user=minio123
-./mc admin policy set myminio/ lake,rw user=minio12345
+./mc admin policy attach myminio/ rw --user=minio123
+./mc admin policy attach myminio/ lake,rw --user=minio12345
 
 ./mc mb -l myminio/versioned
 

diff --git a/docs/distributed/decom-encrypted-sse-s3.sh b/docs/distributed/decom-encrypted-sse-s3.sh
@@ -24,11 +24,11 @@ sleep 2
 ./mc admin user add myminio/ minio123 minio123
 ./mc admin user add myminio/ minio12345 minio12345
 
-./mc admin policy add myminio/ rw ./docs/distributed/rw.json
-./mc admin policy add myminio/ lake ./docs/distributed/rw.json
+./mc admin policy create myminio/ rw ./docs/distributed/rw.json
+./mc admin policy create myminio/ lake ./docs/distributed/rw.json
 
-./mc admin policy set myminio/ rw user=minio123
-./mc admin policy set myminio/ lake,rw user=minio12345
+./mc admin policy attach myminio/ rw --user=minio123
+./mc admin policy attach myminio/ lake,rw --user=minio12345
 
 ./mc mb -l myminio/versioned
 

diff --git a/docs/distributed/decom-encrypted.sh b/docs/distributed/decom-encrypted.sh
@@ -26,11 +26,11 @@ export MC_HOST_myminio="http://minioadmin:minioadmin@localhost:9000/"
 ./mc admin user add myminio/ minio123 minio123
 ./mc admin user add myminio/ minio12345 minio12345
 
-./mc admin policy add myminio/ rw ./docs/distributed/rw.json
-./mc admin policy add myminio/ lake ./docs/distributed/rw.json
+./mc admin policy create myminio/ rw ./docs/distributed/rw.json
+./mc admin policy create myminio/ lake ./docs/distributed/rw.json
 
-./mc admin policy set myminio/ rw user=minio123
-./mc admin policy set myminio/ lake,rw user=minio12345
+./mc admin policy attach myminio/ rw --user=minio123
+./mc admin policy attach myminio/ lake,rw --user=minio12345
 
 ./mc mb -l myminio/versioned
 

diff --git a/docs/distributed/decom.sh b/docs/distributed/decom.sh
@@ -25,11 +25,11 @@ export MC_HOST_myminio="http://minioadmin:minioadmin@localhost:9000/"
 ./mc admin user add myminio/ minio123 minio123
 ./mc admin user add myminio/ minio12345 minio12345
 
-./mc admin policy add myminio/ rw ./docs/distributed/rw.json
-./mc admin policy add myminio/ lake ./docs/distributed/rw.json
+./mc admin policy create myminio/ rw ./docs/distributed/rw.json
+./mc admin policy create myminio/ lake ./docs/distributed/rw.json
 
-./mc admin policy set myminio/ rw user=minio123
-./mc admin policy set myminio/ lake,rw user=minio12345
+./mc admin policy attach myminio/ rw --user=minio123
+./mc admin policy attach myminio/ lake,rw --user=minio12345
 
 ./mc mb -l myminio/versioned
 

diff --git a/docs/multi-user/README.md b/docs/multi-user/README.md
@@ -41,7 +41,7 @@ EOF
 Create new canned policy by name `getonly` using `getonly.json` policy file.
 
 ```
-mc admin policy add myminio getonly getonly.json
+mc admin policy create myminio getonly getonly.json
 ```
 
 Create a new user `newuser` on MinIO use `mc admin user`.
@@ -53,7 +53,7 @@ mc admin user add myminio newuser newuser123
 Once the user is successfully created you can now apply the `getonly` policy for this user.
 
 ```
-mc admin policy set myminio getonly user=newuser
+mc admin policy attach myminio getonly --user=newuser
 ```
 
 ### 3. Create a new group
@@ -65,7 +65,7 @@ mc admin group add myminio newgroup newuser
 Once the group is successfully created you can now apply the `getonly` policy for this group.
 
 ```
-mc admin policy set myminio getonly group=newgroup
+mc admin policy attach myminio getonly --group=newgroup
 ```
 
 ### 4. Disable user
@@ -107,13 +107,13 @@ mc admin group remove myminio newgroup
 Change the policy for user `newuser` to `putonly` canned policy.
 
 ```
-mc admin policy set myminio putonly user=newuser
+mc admin policy attach myminio putonly --user=newuser
 ```
 
 Change the policy for group `newgroup` to `putonly` canned policy.
 
 ```
-mc admin policy set myminio putonly group=newgroup
+mc admin policy attach myminio putonly --group=newgroup
 ```
 
 ### 7. List all users or groups

diff --git a/docs/multi-user/admin/README.md b/docs/multi-user/admin/README.md
@@ -50,7 +50,7 @@ EOF
 Create new canned policy by name `userManager` using `userManager.json` policy file.
 
 ```
-mc admin policy add myminio userManager adminManageUser.json
+mc admin policy attach myminio userManager adminManageUser.json
 ```
 
 Create a new admin user `admin1` on MinIO use `mc admin user`.
@@ -62,7 +62,7 @@ mc admin user add myminio admin1 admin123
 Once the user is successfully created you can now apply the `userManage` policy for this user.
 
 ```
-mc admin policy set myminio userManager user=admin1
+mc admin policy attach myminio userManager --user=admin1
 ```
 
 This admin user will then be allowed to perform create/delete user operations via `mc admin user`
@@ -73,8 +73,8 @@ This admin user will then be allowed to perform create/delete user operations vi
 mc alias set myminio-admin1 http://localhost:9000 admin1 admin123 --api s3v4
 
 mc admin user add myminio-admin1 user1 user123
-mc admin policy add myminio-admin1 user1policy ~/user1policy.json
-mc admin policy set myminio-admin1 user1policy user=user1
+mc admin policy attach myminio-admin1 user1policy ~/user1policy.json
+mc admin policy attach myminio-admin1 user1policy --user=user1
 ```
 
 ### 4. List of permissions defined for admin operations

diff --git a/docs/site-replication/run-multi-site-ldap.sh b/docs/site-replication/run-multi-site-ldap.sh
@@ -64,12 +64,12 @@ export MC_HOST_minio3=http://minio:minio123@localhost:9003
 
 ./mc admin replicate add minio1 minio2 minio3
 
-./mc admin policy set minio1 consoleAdmin user="uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
+./mc admin policy attach minio1 consoleAdmin --user="uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
 sleep 5
 
 ./mc admin user info minio2 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
 ./mc admin user info minio3 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
-./mc admin policy add minio1 rw ./docs/site-replication/rw.json
+./mc admin policy create minio1 rw ./docs/site-replication/rw.json
 
 sleep 5
 ./mc admin policy info minio2 rw >/dev/null 2>&1

diff --git a/docs/site-replication/run-multi-site-minio-idp.sh b/docs/site-replication/run-multi-site-minio-idp.sh
@@ -61,14 +61,14 @@ export MC_HOST_minio3=http://minio:minio123@localhost:9003
 ## add foobar-g group with foobar
 ./mc admin group add minio2 foobar-g foobar
 
-./mc admin policy set minio1 consoleAdmin user=foobar
+./mc admin policy attach minio1 consoleAdmin --user=foobar
 sleep 5
 
 ./mc admin user info minio2 foobar
 
 ./mc admin group info minio1 foobar-g
 
-./mc admin policy add minio1 rw ./docs/site-replication/rw.json
+./mc admin policy create minio1 rw ./docs/site-replication/rw.json
 
 sleep 5
 ./mc admin policy info minio2 rw >/dev/null 2>&1
@@ -299,15 +299,15 @@ if [ $? -ne 0 ]; then
     echo "adding user failed, exiting.."
     exit_1;
 fi
-./mc admin policy set minio1 consoleAdmin user=foobarx
+./mc admin policy attach minio1 consoleAdmin --user=foobarx
 if [ $? -ne 0 ]; then
     echo "adding policy mapping failed, exiting.."
     exit_1;
 fi
 sleep 10
 
 # unset policy for foobarx in minio2
-./mc admin policy unset minio2 consoleAdmin user=foobarx
+./mc admin policy detach minio2 consoleAdmin --user=foobarx
 if [ $? -ne 0 ]; then
     echo "unset policy mapping failed, exiting.."
     exit_1;
@@ -318,10 +318,10 @@ fi
 
 sleep 10
 
-# Test whether policy unset replicated to minio1
+# Test whether policy detach replicated to minio1
 policy=$(./mc admin user info minio1 foobarx --json | jq -r .policyName)
 if [ "${policy}" != "null" ]; then
-    echo "expected policy unset to have replicated, exiting..."
+    echo "expected policy detach to have replicated, exiting..."
     exit_1;
 fi
 

diff --git a/docs/site-replication/run-multi-site-oidc.sh b/docs/site-replication/run-multi-site-oidc.sh
@@ -65,7 +65,7 @@ export MC_HOST_minio3=http://minio:minio123@localhost:9003
 
 ./mc admin replicate add minio1 minio2 minio3
 
-./mc admin policy add minio1 projecta ./docs/site-replication/rw.json
+./mc admin policy create minio1 projecta ./docs/site-replication/rw.json
 sleep 5
 
 ./mc admin policy info minio2 projecta >/dev/null 2>&1
@@ -94,7 +94,7 @@ if [ $? -eq 0 ]; then
     exit_1;
 fi
 
-./mc admin policy add minio1 projecta ./docs/site-replication/rw.json
+./mc admin policy create minio1 projecta ./docs/site-replication/rw.json
 sleep 5
 
 # Generate STS credential with STS call to minio1

diff --git a/docs/sts/dex.md b/docs/sts/dex.md
@@ -39,7 +39,7 @@ time="2020-07-12T20:45:50Z" level=info msg="listening (http) on 0.0.0.0:5556"
 ```
 
 ```
-~ mc admin policy add admin allaccess.json
+~ mc admin policy create admin allaccess.json
 ```
 
 Contents of `allaccess.json`
@@ -95,7 +95,7 @@ Now you have successfully configured Dex IdP with MinIO.
 export MINIO_IDENTITY_OPENID_CLAIM_NAME=groups
 ```
 
-and add relevant policies on MinIO using `mc admin policy add myminio/ <group_name> group-access.json`
+and add relevant policies on MinIO using `mc admin policy create myminio/ <group_name> group-access.json`
 
 ## Explore Further
 

diff --git a/docs/sts/ldap.md b/docs/sts/ldap.md
@@ -153,7 +153,7 @@ In the configuration variables, `%s` is substituted with the _username_ from the
 Access policies may be associated by their name with a group or user directly. Access policies are first defined on the MinIO server using IAM policy JSON syntax. To define a new policy, you can use the [AWS policy generator](https://awspolicygen.s3.amazonaws.com/policygen.html). Copy the policy into a text file `mypolicy.json` and issue the command like so:
 
 ```sh
-mc admin policy add myminio mypolicy mypolicy.json
+mc admin policy create myminio mypolicy mypolicy.json
 ```
 
 To associate the policy with an LDAP user or group, use the full DN of the user or group:
@@ -163,7 +163,7 @@ mc admin idp ldap policy attach myminio mypolicy --user='uid=james,cn=accounts,d
 ```
 
 ```sh
-mc admin idp ldap policy attach myminio mypolicy --group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
+mc admin idp ldap policy attach myminio mypolicy ----group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
 ```
 
 To remove a policy association, use the similar `detach` command:
@@ -173,7 +173,7 @@ mc admin idp ldap policy detach myminio mypolicy --user='uid=james,cn=accounts,d
 ```
 
 ```sh
-mc admin idp ldap policy detach myminio mypolicy --group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
+mc admin idp ldap policy detach myminio mypolicy ----group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
 ```
 
 
@@ -184,12 +184,12 @@ Note that the commands above attempt to validate if the given entity (user or gr
 Please **do not use** these as they may be removed or their behavior may change.
 
 ```sh
-mc admin policy set myminio mypolicy user='uid=james,cn=accounts,dc=myldapserver,dc=com'
+mc admin policy attach myminio mypolicy --user='uid=james,cn=accounts,dc=myldapserver,dc=com'
 ```
 
 
 ```sh
-mc admin policy set myminio mypolicy group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
+mc admin policy attach myminio mypolicy --group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
 ```
 
 </details>

diff --git a/helm/minio/templates/_helper_create_policy.txt b/helm/minio/templates/_helper_create_policy.txt
@@ -55,7 +55,7 @@ createPolicy () {
   else
     echo "Policy '$NAME' already exists."
   fi
-  ${MC} admin policy add myminio $NAME /config/$FILENAME.json
+  ${MC} admin policy create myminio $NAME /config/$FILENAME.json
 
 }
 
@@ -72,4 +72,4 @@ connectToMinio $scheme
 {{- range $idx, $policy := .Values.policies }}
 createPolicy {{ $policy.name }} policy_{{ $idx }}
 {{- end }}
-{{- end }}
+{{- end }}
diff --git a/helm/minio/templates/_helper_create_user.txt b/helm/minio/templates/_helper_create_user.txt
@@ -73,7 +73,7 @@ createUser() {
   # set policy for user
   if [ ! -z $POLICY -a $POLICY != " " ] ; then
       echo "Adding policy '$POLICY' for '$USER'"
-      ${MC} admin policy set myminio $POLICY user=$USER
+      ${MC} admin policy attach myminio $POLICY --user=$USER
   else
       echo "User '$USER' has no policy attached."
   fi

diff --git a/helm/minio/values.yaml b/helm/minio/values.yaml
@@ -433,7 +433,7 @@ makeBucketJob:
 ## List of command to run after minio install
 ## NOTE: the mc command TARGET is always "myminio"
 customCommands:
-  # - command: "admin policy set myminio consoleAdmin group='cn=ops,cn=groups,dc=example,dc=com'"
+  # - command: "admin policy attach myminio consoleAdmin --group='cn=ops,cn=groups,dc=example,dc=com'"
 
 ## Additional Annotations for the Kubernetes Job customCommandJob
 customCommandJob: