Skip to content

Conversation

@alanprot
Copy link
Member

@alanprot alanprot commented Jun 21, 2023

What this PR does:

Handling CMK AccessDenied errors.
This will not fix all CMK related errors when the key is revoked so probably some other follow up PR will be needed to handle other edge cases.

Fixes:

  • StoreGateway should not fail on startup when it cannot read the bucket index (access denied)
  • StoreGateway should unload all the blocks when it has not access to the tenant bucket index.
  • Query should return 4xx when it cannot read the bucket index due kms access denied errors.
  • kms access denied errors should not be reported as bucket failures (metric)

This also update thanos objstore to bring thanos-io/objstore#59

Which issue(s) this PR fixes:
Fixes #

Checklist

  • Tests updated
  • Documentation added
  • CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

@alanprot alanprot marked this pull request as ready for review June 22, 2023 20:34
@alanprot alanprot changed the title Handling KMS AccessDenied errors Handling CMK AccessDenied errors Jun 29, 2023
@alanprot alanprot force-pushed the kmsfix2 branch 3 times, most recently from 4919be5 to ac123e8 Compare June 30, 2023 00:54
alanprot added 2 commits June 29, 2023 18:13
Signed-off-by: Alan Protasio <[email protected]>
Signed-off-by: Alan Protasio <[email protected]>
@alanprot alanprot force-pushed the kmsfix2 branch 3 times, most recently from 4a3fead to 9233777 Compare June 30, 2023 01:52
Signed-off-by: Alan Protasio <[email protected]>
alanprot added 2 commits July 3, 2023 09:53
Signed-off-by: Alan Protasio <[email protected]>
Signed-off-by: Alan Protasio <[email protected]>
Signed-off-by: Alan Protasio <[email protected]>
@alanprot alanprot force-pushed the kmsfix2 branch 4 times, most recently from 6a4eaf9 to a92fa14 Compare July 3, 2023 19:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants