Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handling CMK AccessDenied errors #5420

Merged
merged 8 commits into from
Jul 3, 2023
Merged

Handling CMK AccessDenied errors #5420

merged 8 commits into from
Jul 3, 2023

Conversation

alanprot
Copy link
Member

@alanprot alanprot commented Jun 21, 2023
edited
Loading

What this PR does:

Handling CMK AccessDenied errors.
This will not fix all CMK related errors when the key is revoked so probably some other follow up PR will be needed to handle other edge cases.

Fixes:

  • StoreGateway should not fail on startup when it cannot read the bucket index (access denied)
  • StoreGateway should unload all the blocks when it has not access to the tenant bucket index.
  • Query should return 4xx when it cannot read the bucket index due kms access denied errors.
  • kms access denied errors should not be reported as bucket failures (metric)

This also update thanos objstore to bring thanos-io/objstore#59

Which issue(s) this PR fixes:
Fixes #

Checklist

  • Tests updated
  • Documentation added
  • CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

@alanprot alanprot marked this pull request as ready for review June 22, 2023 20:34
@alanprot alanprot mentioned this pull request Jun 23, 2023
Merged
1 task
@alanprot alanprot changed the title Handling KMS AccessDenied errors Handling CMK AccessDenied errors Jun 29, 2023
@alanprot alanprot force-pushed the kmsfix2 branch 3 times, most recently from 4919be5 to ac123e8 Compare June 30, 2023 00:54
alanprot added 2 commits June 29, 2023 18:13
@alanprot
Handling CMK Errors
a71fcd1 
Signed-off-by: Alan Protasio <alanprot@gmail.com>
@alanprot
lint
0738d98 
Signed-off-by: Alan Protasio <alanprot@gmail.com>
@alanprot alanprot force-pushed the kmsfix2 branch 3 times, most recently from 4a3fead to 9233777 Compare June 30, 2023 01:52
@alanprot
add test on BucketStores
7ee5d1a 
Signed-off-by: Alan Protasio <alanprot@gmail.com>
alanprot added 2 commits July 3, 2023 09:53
@alanprot
fixing race
e8c9f1d 
Signed-off-by: Alan Protasio <alanprot@gmail.com>
@alanprot
lint
465da07 
Signed-off-by: Alan Protasio <alanprot@gmail.com>
@alanprot
Implementing error handling on labels apis
7fbec0a 
Signed-off-by: Alan Protasio <alanprot@gmail.com>
alvinlin123
alvinlin123 approved these changes Jul 3, 2023
View reviewed changes
pkg/storage/tsdb/bucketindex/updater.go Outdated Show resolved Hide resolved
@alanprot
handling errros from thanos SG
1828dcd 
Signed-off-by: Alan Protasio <alanprot@gmail.com>
@alanprot alanprot force-pushed the kmsfix2 branch 4 times, most recently from 6a4eaf9 to a92fa14 Compare July 3, 2023 19:37
@alanprot
creating IsOneOfTheExpectedErrors func
1be9cc9 
Signed-off-by: Alan Protasio <alanprot@gmail.com>
@alanprot alanprot merged commit e2e5bcf into cortexproject:master Jul 3, 2023
@alanprot alanprot mentioned this pull request Jul 5, 2023
Merged
2 tasks
@alanprot alanprot mentioned this pull request Aug 31, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alvinlin123 alvinlin123 alvinlin123 approved these changes

Assignees
No one assigned
Labels
size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alanprot @alvinlin123