gateways to count (GET, PUT, DELETE) errors; skip logging

* with authn enabled, 401/403 codes may be happening much more frequently - with the potential to quickly generate megabytes of log records - thus, making an exception * on the related note, proxies must also count (GET, PUT, DELETE) errors Signed-off-by: Alex Aizman <[email protected]>
NVIDIA · Sep 23, 2024 · 327bcc8 · 327bcc8
1 parent 7e928e5
commit 327bcc8
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/ais/proxy.go b/ais/proxy.go
@@ -734,6 +734,7 @@ func (p *proxy) httpobjget(w http.ResponseWriter, r *http.Request, origURLBck ..
 	objName := apireq.items[1]
 	apiReqFree(apireq)
 	if err != nil {
+		p.statsT.IncErr(stats.ErrGetCount)
 		return
 	}
 
@@ -743,6 +744,7 @@ func (p *proxy) httpobjget(w http.ResponseWriter, r *http.Request, origURLBck ..
 	smap := p.owner.smap.get()
 	tsi, netPub, err := smap.HrwMultiHome(bck.MakeUname(objName))
 	if err != nil {
+		p.statsT.IncErr(stats.ErrGetCount)
 		p.writeErr(w, r, err)
 		return
 	}
@@ -761,6 +763,7 @@ func (p *proxy) httpobjget(w http.ResponseWriter, r *http.Request, origURLBck ..
 func (p *proxy) httpobjput(w http.ResponseWriter, r *http.Request, apireq *apiRequest) {
 	var (
 		nodeID string
+		errcnt = stats.ErrPutCount
 		perms  apc.AccessAttrs
 	)
 	// 1. request
@@ -772,6 +775,7 @@ func (p *proxy) httpobjput(w http.ResponseWriter, r *http.Request, apireq *apiRe
 		perms = apc.AcePUT
 	} else {
 		perms = apc.AceAPPEND
+		errcnt = stats.ErrAppendCount
 		if apireq.dpq.apnd.hdl != "" {
 			items, err := preParse(apireq.dpq.apnd.hdl) // apc.QparamAppendHandle
 			if err != nil {
@@ -795,6 +799,7 @@ func (p *proxy) httpobjput(w http.ResponseWriter, r *http.Request, apireq *apiRe
 	bck, err := bckArgs.initAndTry()
 	freeBctx(bckArgs)
 	if err != nil {
+		p.statsT.IncErr(errcnt)
 		return
 	}
 
@@ -809,11 +814,13 @@ func (p *proxy) httpobjput(w http.ResponseWriter, r *http.Request, apireq *apiRe
 	if nodeID == "" {
 		tsi, netPub, err = smap.HrwMultiHome(bck.MakeUname(objName))
 		if err != nil {
+			p.statsT.IncErr(errcnt)
 			p.writeErr(w, r, err)
 			return
 		}
 	} else {
 		if tsi = smap.GetTarget(nodeID); tsi == nil {
+			p.statsT.IncErr(errcnt)
 			err = &errNodeNotFound{"PUT failure:", nodeID, p.si, smap}
 			p.writeErr(w, r, err)
 			return
@@ -861,6 +868,7 @@ func (p *proxy) httpobjdelete(w http.ResponseWriter, r *http.Request) {
 	smap := p.owner.smap.get()
 	tsi, err := smap.HrwName2T(bck.MakeUname(objName))
 	if err != nil {
+		p.statsT.IncErr(stats.ErrDeleteCount)
 		p.writeErr(w, r, err)
 		return
 	}

diff --git a/ais/prxbck.go b/ais/prxbck.go
@@ -97,7 +97,7 @@ func (p *proxy) a2u(aliasOrUUID string) string {
 }
 
 // initialize bucket and check access permissions
-func (bctx *bctx) init() (ecode int, err error) {
+func (bctx *bctx) init() (_ int, err error) {
 	debug.Assert(bctx.bck != nil)
 
 	bck := bctx.bck
@@ -142,8 +142,7 @@ func (bctx *bctx) init() (ecode int, err error) {
 		}
 		bctx.perms = dtor.Access
 	}
-	ecode, err = bctx.accessAllowed(bck)
-	return
+	return bctx.accessAllowed(bck)
 }
 
 // returns true when operation requires the 'perm' type access
@@ -196,6 +195,14 @@ func (bctx *bctx) initAndTry() (bck *meta.Bck, err error) {
 		return
 	}
 	if ecode != http.StatusNotFound {
+		// user GET and PUT requests: making a _silent_ exception for assorted error codes
+		// (counting them via stats.IncErr though)
+		if bctx.perms == apc.AceGET || bctx.perms == apc.AcePUT {
+			if ecode == http.StatusUnauthorized || ecode == http.StatusForbidden {
+				bctx.p.writeErr(bctx.w, bctx.r, err, ecode, Silent)
+				return
+			}
+		}
 		bctx.p.writeErr(bctx.w, bctx.r, err, ecode)
 		return
 	}