parse proper STS Error response

minio · Dec 27, 2021 · a1dd29e · a1dd29e
1 parent 65810e9
commit a1dd29e
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 33 deletions.
diff --git a/pkg/credentials/error_response.go b/pkg/credentials/error_response.go
@@ -29,29 +29,21 @@ import (
 // ErrorResponse struct should be comparable since it is compared inside
 // golang http API (https://github.com/golang/go/issues/29768)
 type ErrorResponse struct {
-	XMLName   xml.Name `xml:"Error" json:"-"`
-	Code      string
-	Message   string
+	XMLName  xml.Name `xml:"https://sts.amazonaws.com/doc/2011-06-15/ ErrorResponse" json:"-"`
+	STSError struct {
+		Type    string `xml:"Type"`
+		Code    string `xml:"Code"`
+		Message string `xml:"Message"`
+	} `xml:"Error"`
 	RequestID string `xml:"RequestId"`
-	HostID    string `xml:"HostId"`
-
-	// Region where the bucket is located. This header is returned
-	// only in HEAD bucket and ListObjects response.
-	Region string
-
-	// Captures the server string returned in response header.
-	Server string
-
-	// Underlying HTTP status code for the returned error
-	StatusCode int `xml:"-" json:"-"`
 }
 
 // Error - Returns STS error string.
 func (e ErrorResponse) Error() string {
-	if e.Message == "" {
-		return fmt.Sprintf("Error response code %s.", e.Code)
+	if e.STSError.Message == "" {
+		return fmt.Sprintf("Error response code %s.", e.STSError.Code)
 	}
-	return e.Message
+	return e.STSError.Message
 }
 
 // xmlDecoder provide decoded value in xml.

diff --git a/pkg/credentials/sts_client_grants.go b/pkg/credentials/sts_client_grants.go
@@ -135,10 +135,10 @@ func getClientGrantsCredentials(clnt *http.Client, endpoint string,
 		var errResp ErrorResponse
 		_, err = xmlDecodeAndBody(resp.Body, &errResp)
 		if err != nil {
-			return AssumeRoleWithClientGrantsResponse{}, ErrorResponse{
-				Code:    "InvalidArgument",
-				Message: err.Error(),
-			}
+			errResp := ErrorResponse{}
+			errResp.STSError.Code = "InvalidArgument"
+			errResp.STSError.Message = err.Error()
+			return AssumeRoleWithClientGrantsResponse{}, errResp
 		}
 		return AssumeRoleWithClientGrantsResponse{}, errResp
 	}

diff --git a/pkg/credentials/sts_ldap_identity.go b/pkg/credentials/sts_ldap_identity.go
@@ -171,10 +171,9 @@ func (k *LDAPIdentity) Retrieve() (value Value, err error) {
 		var errResp ErrorResponse
 		_, err = xmlDecodeAndBody(resp.Body, &errResp)
 		if err != nil {
-			return value, ErrorResponse{
-				Code:    "InvalidArgument",
-				Message: err.Error(),
-			}
+			errResp.STSError.Code = "InvalidArgument"
+			errResp.STSError.Message = err.Error()
+			return value, errResp
 		}
 		return value, errResp
 	}

diff --git a/pkg/credentials/sts_tls_identity.go b/pkg/credentials/sts_tls_identity.go
@@ -152,10 +152,9 @@ func (i *STSCertificateIdentity) Retrieve() (Value, error) {
 		var errResp ErrorResponse
 		_, err = xmlDecodeAndBody(resp.Body, &errResp)
 		if err != nil {
-			return Value{}, ErrorResponse{
-				Code:    "InvalidArgument",
-				Message: err.Error(),
-			}
+			errResp.STSError.Code = "InvalidArgument"
+			errResp.STSError.Message = err.Error()
+			return Value{}, errResp
 		}
 		return Value{}, errResp
 	}

diff --git a/pkg/credentials/sts_web_identity.go b/pkg/credentials/sts_web_identity.go
@@ -153,10 +153,9 @@ func getWebIdentityCredentials(clnt *http.Client, endpoint, roleARN, roleSession
 		var errResp ErrorResponse
 		_, err = xmlDecodeAndBody(resp.Body, &errResp)
 		if err != nil {
-			return AssumeRoleWithWebIdentityResponse{}, ErrorResponse{
-				Code:    "InvalidArgument",
-				Message: err.Error(),
-			}
+			errResp.STSError.Code = "InvalidArgument"
+			errResp.STSError.Message = err.Error()
+			return AssumeRoleWithWebIdentityResponse{}, errResp
 		}
 		return AssumeRoleWithWebIdentityResponse{}, errResp
 	}