From 327bcc8c185fa9a5f51f4c3e7db392fd57b3f3d9 Mon Sep 17 00:00:00 2001 From: Alex Aizman Date: Mon, 23 Sep 2024 13:47:59 -0400 Subject: [PATCH] gateways to count `(GET, PUT, DELETE)` errors; skip logging * with authn enabled, 401/403 codes may be happening much more frequently - with the potential to quickly generate megabytes of log records - thus, making an exception * on the related note, proxies must also count (GET, PUT, DELETE) errors Signed-off-by: Alex Aizman --- ais/proxy.go | 8 ++++++++ ais/prxbck.go | 13 ++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/ais/proxy.go b/ais/proxy.go index 554556c424..1e97533f64 100644 --- a/ais/proxy.go +++ b/ais/proxy.go @@ -734,6 +734,7 @@ func (p *proxy) httpobjget(w http.ResponseWriter, r *http.Request, origURLBck .. objName := apireq.items[1] apiReqFree(apireq) if err != nil { + p.statsT.IncErr(stats.ErrGetCount) return } @@ -743,6 +744,7 @@ func (p *proxy) httpobjget(w http.ResponseWriter, r *http.Request, origURLBck .. smap := p.owner.smap.get() tsi, netPub, err := smap.HrwMultiHome(bck.MakeUname(objName)) if err != nil { + p.statsT.IncErr(stats.ErrGetCount) p.writeErr(w, r, err) return } @@ -761,6 +763,7 @@ func (p *proxy) httpobjget(w http.ResponseWriter, r *http.Request, origURLBck .. func (p *proxy) httpobjput(w http.ResponseWriter, r *http.Request, apireq *apiRequest) { var ( nodeID string + errcnt = stats.ErrPutCount perms apc.AccessAttrs ) // 1. request @@ -772,6 +775,7 @@ func (p *proxy) httpobjput(w http.ResponseWriter, r *http.Request, apireq *apiRe perms = apc.AcePUT } else { perms = apc.AceAPPEND + errcnt = stats.ErrAppendCount if apireq.dpq.apnd.hdl != "" { items, err := preParse(apireq.dpq.apnd.hdl) // apc.QparamAppendHandle if err != nil { @@ -795,6 +799,7 @@ func (p *proxy) httpobjput(w http.ResponseWriter, r *http.Request, apireq *apiRe bck, err := bckArgs.initAndTry() freeBctx(bckArgs) if err != nil { + p.statsT.IncErr(errcnt) return } @@ -809,11 +814,13 @@ func (p *proxy) httpobjput(w http.ResponseWriter, r *http.Request, apireq *apiRe if nodeID == "" { tsi, netPub, err = smap.HrwMultiHome(bck.MakeUname(objName)) if err != nil { + p.statsT.IncErr(errcnt) p.writeErr(w, r, err) return } } else { if tsi = smap.GetTarget(nodeID); tsi == nil { + p.statsT.IncErr(errcnt) err = &errNodeNotFound{"PUT failure:", nodeID, p.si, smap} p.writeErr(w, r, err) return @@ -861,6 +868,7 @@ func (p *proxy) httpobjdelete(w http.ResponseWriter, r *http.Request) { smap := p.owner.smap.get() tsi, err := smap.HrwName2T(bck.MakeUname(objName)) if err != nil { + p.statsT.IncErr(stats.ErrDeleteCount) p.writeErr(w, r, err) return } diff --git a/ais/prxbck.go b/ais/prxbck.go index cb7f0ba5dd..f7b30d89e2 100644 --- a/ais/prxbck.go +++ b/ais/prxbck.go @@ -97,7 +97,7 @@ func (p *proxy) a2u(aliasOrUUID string) string { } // initialize bucket and check access permissions -func (bctx *bctx) init() (ecode int, err error) { +func (bctx *bctx) init() (_ int, err error) { debug.Assert(bctx.bck != nil) bck := bctx.bck @@ -142,8 +142,7 @@ func (bctx *bctx) init() (ecode int, err error) { } bctx.perms = dtor.Access } - ecode, err = bctx.accessAllowed(bck) - return + return bctx.accessAllowed(bck) } // returns true when operation requires the 'perm' type access @@ -196,6 +195,14 @@ func (bctx *bctx) initAndTry() (bck *meta.Bck, err error) { return } if ecode != http.StatusNotFound { + // user GET and PUT requests: making a _silent_ exception for assorted error codes + // (counting them via stats.IncErr though) + if bctx.perms == apc.AceGET || bctx.perms == apc.AcePUT { + if ecode == http.StatusUnauthorized || ecode == http.StatusForbidden { + bctx.p.writeErr(bctx.w, bctx.r, err, ecode, Silent) + return + } + } bctx.p.writeErr(bctx.w, bctx.r, err, ecode) return }