From f7e238a112c3220bff060857fa8a7e74fc4eebe1 Mon Sep 17 00:00:00 2001 From: Sounak Pradhan Date: Tue, 24 Feb 2026 10:49:58 +0100 Subject: [PATCH] fix(minio): add SkipConnectionValidation option for restricted environments Add SkipConnectionValidation bool to ConnectionConfig. When true, the client skips the ListBuckets calls used for connection validation on startup, periodic health checks, and reconnection. This allows the client to work in environments where s3:ListAllMyBuckets is not granted. Defaults to false, preserving existing behavior. Fixes: SPHER-3435 --- v1/minio/configs.go | 6 ++++++ v1/minio/setup.go | 33 +++++++++++++++++---------------- 2 files changed, 23 insertions(+), 16 deletions(-) diff --git a/v1/minio/configs.go b/v1/minio/configs.go index cf22517..8925846 100644 --- a/v1/minio/configs.go +++ b/v1/minio/configs.go @@ -74,6 +74,12 @@ type ConnectionConfig struct { // Region specifies the S3 region (e.g., "us-east-1") Region string + + // SkipConnectionValidation disables the ListBuckets call used for + // connection health checks (startup, periodic monitoring, reconnection). + // Enable this for environments with restricted IAM policies where + // s3:ListAllMyBuckets is not granted. Defaults to false. + SkipConnectionValidation bool } // UploadConfig defines the configuration for upload constraints. diff --git a/v1/minio/setup.go b/v1/minio/setup.go index 0d3e331..0c7d1db 100644 --- a/v1/minio/setup.go +++ b/v1/minio/setup.go @@ -390,13 +390,9 @@ outerLoop: return default: - // Create a context with timeout for the reconnection attempt - ctxReconnect, cancel := context.WithTimeout(context.Background(), 10*time.Second) - // Attempt to create new clients newClient, err := connectToMinio(m.cfg) if err != nil { - cancel() // Cancel the context to free resources m.logError(ctx, "MinIO reconnection failed", map[string]interface{}{ "endpoint": m.cfg.Connection.Endpoint, "will_retry_in": "1s", @@ -408,7 +404,6 @@ outerLoop: newCoreClient, err := connectToMinioCore(m.cfg) if err != nil { - cancel() // Cancel the context to free resources m.logError(ctx, "MinIO core client reconnection failed", map[string]interface{}{ "endpoint": m.cfg.Connection.Endpoint, "will_retry_in": "1s", @@ -419,15 +414,18 @@ outerLoop: } // Validate the new connection before swapping pointers - _, err = newClient.ListBuckets(ctxReconnect) - cancel() // Cancel the context to free resources - - if err != nil { - m.logError(ctx, "MinIO connection validation failed", map[string]interface{}{ - "error": err.Error(), - }) - time.Sleep(time.Second) - continue reconnectLoop + if !m.cfg.Connection.SkipConnectionValidation { + ctxReconnect, cancel := context.WithTimeout(context.Background(), 10*time.Second) + _, err = newClient.ListBuckets(ctxReconnect) + cancel() + + if err != nil { + m.logError(ctx, "MinIO connection validation failed", map[string]interface{}{ + "error": err.Error(), + }) + time.Sleep(time.Second) + continue reconnectLoop + } } // Update the client references @@ -496,13 +494,17 @@ func connectToMinioCore(cfg Config) (*minio.Core, error) { // validateConnection performs a simple operation to validate connectivity to MinIO. // It attempts to list buckets to ensure the connection and credentials are valid. +// When SkipConnectionValidation is true, this is a no-op. // // Parameters: // - ctx: Context for controlling the validation operation // // Returns nil if the connection is valid, or an error if the validation fails. func (m *MinioClient) validateConnection(ctx context.Context) error { - // Set a timeout for validation + if m.cfg.Connection.SkipConnectionValidation { + return nil + } + ctx, cancel := context.WithTimeout(ctx, 10*time.Second) defer cancel() @@ -511,7 +513,6 @@ func (m *MinioClient) validateConnection(ctx context.Context) error { return ErrConnectionFailed } - // Validate by listing buckets - this doesn't require a specific bucket _, err := c.ListBuckets(ctx) return err }